Skip to Content

Quick hint to detect whether your .p12 APNS (Apple Push Notification Service) certificate is expired



This technical document provides a quick hint to test whether your .p12 APNS (Apple Push Notification Service) certificate used by SUP Server is already expired.

Required Software

  1. Mac machine with Mac OS X Lion or Mountain Lion
  2. The openssl tool which is natively present on Mac OS X.

Note: The openssl tool is not installed by default on Windows machines. If using Windows, the alternative is to download OpenSSL for Windows to perform same steps within a DOS prompt (refer to Solution topic).


This document assumes you have a working SUP environment and a current .p12 APNS certificate already configured on it according to SUP Manuals. The APNS certificates are necessary for sending push notifications into iOS devices for determined application tied to such certificates. The same configuration is valid for SUP iOS applications, as well.

All APNS certificates generated through Apple Developer Portal are valid within one year only, and they need to be regenerated after one-year expiration and then properly replaced within SUP Server in order to continue being able to send push notifications to SUP applications on iOS devices.


In order to determine whether your APNS .p12 certificate has already expired, follow these steps:

  1. Copy the .p12 certificate that is used by SUP Server from C:\Sybase\UnwiredPlatform\Servers\MessagingServer\Bin into a Mac machine directory of your preference
  2. Open up Mac Terminal and run these commands to transform .p12 certificate into .pem (Example below considers a custom APNS certificate named PushDistCert.p12):

Mac Machine$> openssl pkcs12 -in PushDistCert.p12 -out tempcrt.pem
Enter Import Password:<your .p12 password from when you exported the certiticate from within Mac Keychain access>
MAC verified OK
Enter PEM pass phrase:<a test password of your preference>
Verifying - Enter PEM pass phrase:<repeat same above test password of your preference>

  1. The tempcrt.pem file is generated. Now run the command below to reveal the expiration date:

Mac Machine$> openssl x509 -in tempcrt.pem -noout -enddate
notAfter=Nov 13 21:04:28 2012 GMT

Note this certificate is already expired since Nov 13 2012 as shown above.


This document demonstrated a quick way to determine the expiration date of an Apple Push Notification Service certificate used by SUP Server.

Former Member