iOS Mobile Push Gateway setup - openssl command implementation

Question

I would like to use the Mobile Push Gateway to send push messages when my app is in the background. I followed this tutorial and almost done it, but i can't convert the .p12 file to .pem. I could successfully export the .p12 certificate, but can't finish the next steps, maybe i missed something, but can't figure it out.

It's clear that i need to run an openssl command in the Terminal like this:

openssl pkcs12 -in <EXPORTED_CERT_NAME.p12> -out <PEM_CERT_NAME.pem> -nodes

This is my version:

openssl pkcs12 -in <cert.p12> -out <newCert.pem> -nodes

cert.p12 is the exported certificate from the keychain, newCert.pem is the new file's name. I've pasted it into the terminal and pressed enter, but nothing happens. Just getting this message cert2.pem: No such file or directory.

When i try to check the cert with this command:

openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert server_certificates_bundle_sandbox.pem -key server_certificates_bundle_sandbox.pem

Get this error:

Error opening client certificate private key file server_certificates_bundle_sandbox.pem
2668:error:02001002:system library:fopen:No such file or directory:/SourceCache/OpenSSL098/OpenSSL098-50/src/crypto/bio/bss_file.c:356:fopen('server_certificates_bundle_sandbox.pem','r')
2668:error:20074002:BIO routines:FILE_CTRL:system lib:/SourceCache/OpenSSL098/OpenSSL098-50/src/crypto/bio/bss_file.c:358:
unable to load client certificate private key file

What did i wrong? Is it something wrong in my openssl code or i need to do something different in the terminal?

Update 3

a, version

cd /tmp
openssl pkcs12 -in devKey.p12 -out newDevCert.pem -nodes
  openssl pkcs12 -in devKey.p12 -out newDevCert.pem -nodes
Error opening input file devKey.p12
devKey.p12: No such file or directory

b, version

In this case I don't have chance to enter the password, because the error shows up right after the openssl command.

cd documents
openssl pkcs12 -in devKey.p12 -out samplePem.pem -nodes
Enter Import Password:
Mac verify error: invalid password?

Update 2

I tried it without the < > in the names

 openssl pkcs12 -in developerTest.p12 -out newDevCert.pem -node 

And it seems something happened

openssl pkcs12 -in developerTest.p12 -out newDevCert.pem -node
Usage: pkcs12 [options]
where options are
-export       output PKCS12 file
-chain        add certificate chain
-inkey file   private key if not infile
-certfile f   add all certs in f
-CApath arg   - PEM format directory of CA's
-CAfile arg   - PEM format file of CA's
-name "name"  use name as friendly name
-caname "nm"  use nm as CA friendly name (can be used more than once).
-in  infile   input filename
-out outfile  output filename
....
-keysig       set MS key signature type
-password p   set import/export password source
-passin p     input file pass phrase source
-passout p    output file pass phrase source
-engine e     use engine e, possibly a hardware device.
-rand file:file:...
              load the file (or the files in the directory) into
              the random number generator
-CSP name     Microsoft CSP name
-LMK          Add local machine keyset attribute to private key

But when i try to verify it still get an error:

Error opening client certificate private key file newDevCert.pem
850:error:02001002:system library:fopen:No such file or directory:/SourceCache/OpenSSL098/OpenSSL098-50/src/crypto/bio/bss_file.c:356:fopen('newDevCert.pem','r')
850:error:20074002:BIO routines:FILE_CTRL:system lib:/SourceCache/OpenSSL098/OpenSSL098-50/src/crypto/bio/bss_file.c:358:
unable to load client certificate private key file

Update (earlier)

I've exported a new .p12 certificate and tried it again. If i just open the terminal and run this code:

 openssl pkcs12 -in <developerTest.p12> -out <newDevCert.pem> -node

Got this error

-bash: developerTest.p12: No such file or directory

I saved developerTest.p12 into my Documents folder, so when i try

 cd documents
 openssl pkcs12 -in <developerTest.p12> -out <newDevCert.pem> -node

I get a different error:

 -bash: newDevCert.pem: No such file or directory

In this case I think the answer is a little bit closer, when I run the command inside the Documents folder it finds the exported .p12, however something is still wrong.

Is it sure that the PEM_CERT_NAME can be anything?

The /tmp version:

cd /tmp
openssl pkcs12 -in <developerTest.p12> -out <newDevCert.pem> -node

-bash: developerTest.p12: No such file or directory

Answer 1

1. -node should be -nodes (this means "no des")

2. Never use the greater than / less than (< or >) in a filename. The have special meaning in Unix (redirects). When used in instructions, they basically mean, "replace whats between the < and > with your own value, and omit the < and >".

For example, this should work fine:

cd /tmp
openssl pkcs12 -in developerTest.p12 -out newDevCert.pem -nodes

Let me know if the above works.