Create the Certificates

You need to create an App ID without .* in the Program Portal (that means one cert for one app)
Generate a certificate signing request from your Mac’s keychain and save to disk
Upload the CertificateSigningRequest.certSigningRequest to the Program Portal
Wait for the generation of cert (about 1 min). Download the certificate (aps_developer_identity.cer) from the Program Portal
Keep (or rename them if you want) these 2 files (steps 2 and 4) in a safe place. You might need the CertificateSigningRequest.certSigningRequest file to request a production cert in the future or renew it again.
Suppose you have imported the aps_developer_identity.cer to the keychain. Then you have to export these new cert and the private key of this cert (not the public key) and saved as .p12 files.
Then you use these commands to generate the cert and key in Mac’s Terminal for PEM format (Privacy Enhanced Mail Security Certificate)
```
openssl pkcs12 -clcerts -nokeys -out cert.pem -in cert.p12
openssl pkcs12 -nocerts -out key.pem -in key.p12
```
The cert.pem and key.pem files will be used by your own program communicating with APNS.
Remove the passphase of private key in key.pem, do this
```
openssl rsa -in key.pem -out key.unencrypted.pem
```

Then combine the certificate and key

cat cert.pem key.unencrypted.pem > ck.pem

ck.pem is what you upload, when you create a new application in the management site.

We test your certificate when you create a new application, this way you can test if your certificate is correct.