From 4ac6472cad8d23281639b86b4d414ce0807e2d71 Mon Sep 17 00:00:00 2001 From: Alexander Cerutti Date: Wed, 27 Oct 2021 01:13:10 +0200 Subject: [PATCH] Moved certificates generation instructions to Github repo's wiki --- README.md | 31 +--------------- non-macOS-steps.md | 93 ---------------------------------------------- 2 files changed, 1 insertion(+), 123 deletions(-) delete mode 100644 non-macOS-steps.md diff --git a/README.md b/README.md index 351f6fd..7be4f25 100644 --- a/README.md +++ b/README.md @@ -102,37 +102,8 @@ Create a `pass.json` by taking example from examples folder models or the one pr The third step is about the developer and WWDR certificates. I suggest you to create a certificate-dedicated folder inside your working directory (e.g. `./certs`) to contain everything concerning the certificates. This is a standard procedure: you would have to do it also without using this library. We'll use OpenSSL to complete our work (or to do it entirely, if only on terminal), so be sure to have it installed. -You'll need the following three elements: -- Apple WWDR (_Worldwide Developer Relationship_) certificate -- Signer certificate -- Signer key - -While WWDR can be obtained from [Apple PKI Portal](https://www.apple.com/certificateauthority/), to get the `signer key` and the `certificate`, [you'll have to issue first a `Certificate Signing Request` (`.certSigningRequest` file)](https://help.apple.com/developer-account/#/devbfa00fef7) and upload it to Apple Developers Portal when [creating a new certificate](https://developer.apple.com/account/resources/certificates/add) (open it, it's worth it 😜). Follow the procedure here below. - -
-
- -> **If you don't have access to macOS** (or you are a terminal enthusiast), **follow [these steps](./non-macOS-steps.md) instead.** - -
- -1. Create a new pass type identifier ([direct link](https://developer.apple.com/account/resources/identifiers/passTypeId/add/)) and provide it with a description and a reverse-domain identifier (starting with "pass."). You will have to put this identifier as value for `passTypeIdentifier` in `pass.json` file. -2. Confirm and register the new identifier. -3. [In the list of your passTypeIds](https://developer.apple.com/account/resources/identifiers/list/passTypeId) (filter), click on your new pass id to edit it. -4. Click "Create Certificate" button and follow the instructions (like providing the Certificate Signing Request, we talked about earlier) until you won't download a certificate like `pass.cer`. -5. Open the downloaded certificate in macOS Keychain Access. Go in "Certificates" on left and `right-click > Export "\"`. Choose a password (and write it down) and you will get a PKCS#12 file (`.p12`). -6. Open terminal, place where you want to save the files and insert the following OpenSSL commands changing the contents between angular brackets. You'll have to choose a secret passphrase (and write it down) that you'll use also in the application. - - ```sh - # Creating and changing dir - $ mkdir "certs" && cd $_ - # Extracting key and cert from pkcs12 - $ openssl pkcs12 -in .p12 -clcerts -nokeys -out signerCert.pem -passin pass: - $ openssl pkcs12 -in .p12 -nocerts -out signerKey.pem -passin pass: -passout pass: - ``` - -7. Execute step 5 also for the WWDR certificate (`.cer`) you downloaded from Apple PKI portal (default name: _AppleWWDRCA.cer_) but instead exporting it as PKCS#12 (`.p12` - you'll also be unable to do that), export it as PEM (`.pem`) file. +[Follow the **FULL GUIDE in wiki** to get all the files you need to proceed](https://github.com/alexandercerutti/passkit-generator/wiki/Generating-Certificates). --- diff --git a/non-macOS-steps.md b/non-macOS-steps.md deleted file mode 100644 index d1698a7..0000000 --- a/non-macOS-steps.md +++ /dev/null @@ -1,93 +0,0 @@ -# Non-macOS-steps - -This is a branch file that starts from the [Certificate paragraph](./README.md#certificates) and is made for developers that does not have access to macOS or are very very enthusiast of terminal (so its still valid for macOS). - -I have to use these steps to work under WSL (Windows Subsystem for Linux), or Bash on Windows. The only thing you'll still need over the certificates, are an Wallet-ready iOS App (and so an iPhone) or a way to pass it. -To test it, I use my [Passkit-sample-client](https://github.com/alexandercerutti/passkit-sample-client), a really basic iOS App which requires just few informations and will show you the generated pass. Or you can use like Telegram, save your generated pass in your "Saved Messages" and then open it from the iPhone. Your choice. - -But let's not talk anymore about testing and let's go with the steps to follow. **It will still require OpenSSL installed**. We are going to use it in a massive way. - - -1. Create a new pass type identifier and provide it with a Name and a reverse-domain bundle id (starting with "pass."). You will put this identifier as value for `passTypeIdentifier` in `pass.json` file. - -2. Confirm and register the new identifier. - -3. Go back to the pass type identifiers, click on your new pass id and Edit it. - -4. Click "Create certificates" and then "Continue". You won't need to follow the written steps as they are for "Keychain Access" on macOS. Just to let you know, you are required to provide Apple a CSR (Certificate Signing Request). To provide them, you have first to generate a private key. - -5. Open your terminal, and **place yourself in a good directory for you**. It may be the `certs/` folder in your application root. - -6. Generate a private key with a name you like. - - ```sh - # Generate a key: - $ openssl genrsa -out .key 2048 - ``` - -7. Generate a CSR using your private key. Usually it should have a `.csr` extension, but there is no difference: .csr is a ASN.1 Base64 encoded text. Therefore it can have any extension you want. - - ```sh - # Create a signing request - $ openssl req -new -key .key -out csr.certSigningRequest - ``` - - > **Please note that to generate a Certificate Signing Request under OpenSSL for Windows, you'll need a configuration file or you'll fall into error.** - > - > You can load it by adding to the command above the flag `-config ` - > - > Other functions might need configuration file. - -
-
-
- - You will be prompted to insert some informations. You'll have to insert Apple CA's informations, like below (**bold ones**). If none, press Enter to skip. After the email address, you won't need any further informations. So press Enter until you won't finish. - -
- - Country Name (2 letter code) [AU]: **US** - - State or Province Name [Some-State]: **United States** - - Locality Name []: - - Organization Name [Internet Widgits Pty Ltd]: **Apple Inc.** - - Organizational Unit Name []: **Apple Worldwide Developer Relations** - - Common Name []: **Apple Worldwide Developer Relations Certification Authority** - - Email Address []: **your-email** - -
- - If you are curious about how a CSR is composed, use this command: - - ```sh - # Optional, just for curious people, like George, even if it's a monkey. - $ openssl asn1parse -i -in csr.certSigningRequest - ``` -
- -8. Take your `csr.certSigningRequest` and upload it to APP (Apple Provisioning Portal) at step 4. Once processed, it will give you a certificate `.cer`. - -9. Let's convert it to `.pem` (from a DER encoded to PEM Base64 encoded) - - ```sh - # .cer to .pem - $ openssl x509 -inform DER -outform PEM -in pass-test.cer -out signerCert.pem - ``` - -10. Take `signerCert.pem` and save it. You'll use it in your application. - -11. Convert your private key `.key` to a `.pem` base64 and save your key. You'll be using it in your application. - - ```sh - # .key to .pem - $ openssl rsa -in .key -outform PEM -out passkey.pem - ``` - -12. Execute Step 9 also for `AppleWWDRCA.cer` you've download from [Apple PKI](https://www.apple.com/certificateauthority/) and save it somewhere (over the rainbow... 🌈). - -13. And you are done. 🎉 Now try to create your first pass! My suggestion is to keep anyway the `.key` file somewhere as backup (this time not over the rainbow). You can always download `.cer` file from APP, but you cannot generate back your private key.