Export the Certificate
For the push library we use when using Django on Heroku, we need the certificate in a .pem format. The first step to achieving this is to export the certificate from the keychain.
Specify where to save the Certificate
Select the .p12 format.
Permission to Export
We must grant the Keychain Access app permission to export the certificate. Press “Allow” to do so.
Enter a password for the Certificate
We can specify a password for the certificate. The library we use doesn’t support passwords so we leave these fields blank and then press “OK”.
Convert the .p12 to .pem
The final step is to use openssl to convert the .p12 file into the cert pem and the private key pem.
Storing the .pem files in Heroku
Heroku uses ephemeral storage, so we cannot write the file once the app slug has been deployed. The way we get the keys into the slug is by using a post_compile step. This script is by convention located n the bin directory of the repository:
#!/usr/bin/env bash
echo "Running post_compile script..."
mkdir -p .private
# Save the certificate
echo "$APNS_CERTIFICATE" > ./.private/apns_cert.pem
# Save the private key
echo "$APNS_KEY" > ./.private/apns_key.pem
# Run Django migrations.
python manage.py migrate --noinput --fake-initial
This script reads the .pem files from config variables. To add these config variables we can use a script like this:
APNS_CERTIFICATE=`cat apns-live-cert.crt.pem`
APNS_KEY=`cat apns-live-cert.key.pem`
heroku config:set APNS_CERTIFICATE="$APNS_CERTIFICATE" APNS_KEY="$APNS_KEY" -a tap-oath