Configuring Apple Wallet for Digital Passes

Ticketure's Apple Wallet functionality allows customers to add tickets, membership cards, etc to their Apple Wallets on their Apple devices. To configure this feature, Apple requires that there be signed certificates and keys from the Organization's Apple Developer account ensuring that the digital passes are accurate. Apple has a number of guidelines around the usage of the passes/logos/etc which can be found here for reference. 

Prerequisite

Apple Developer Account

An Apple Developer Account is a requirement for this process. This helps to ensure that your issued certificates are valid and approved for presenting passes from your organization. If you do not already have an Apple Developer account, then click here and set up your Account. 

Macintosh Computer

While not required the generation of iOS Certificate Requests and actions are much easier on a Mac (given both are Apple). For non-Mac users, there are processes for generating the request/keys but require leveraging some 3rd party tools including OpenSSL as well as command-line familiarity. If you don't have access to a Mac we recommend following these tutorials:

Note:

The Apple Developer Portal and MAC OS experience change over time so there could be steps that are different than what is outlined in this article. These steps are update to date as of 2023 - but if you find any changes in the steps please alert our support team or make a comment on the article and we will do our best to update the article.

Certificate Signing Request (CSR)

Creating a certificate request is the first step in this process. If you have a Mac, this can be done through "Keychain Access" by completing the following steps:

  1. Launch "KeyChain Access"
  2. From the top menu, select Keychain Access -> Certificate Assistance -> Request a Certificate from a Certificate Authority
  3. Fill in the first two fields User Email Address and Company Name Leave the CA Email Address field blank and select Save to Disk - no other options should be selected.

certrequest.png

4. Press continue and then save the generated certSigningRequest file on your computer. You can now use this CSR file for the next step.

Generate the Certificate from Apple Developer Portal 

Using the company Apple Developer Account complete the following steps.

Identifier Creation 

This step establishes the Identifier that links your organization to the certificate and pass generation. If you already have an identifier and have completed this process, you can skip to the Create Certificate section.

    1. Add a new Apple Wallet Pass Type Identifier @ https://developer.apple.com/account/resources/identifiers/list
    2. Click the dropdown on the left side (probably says 'App IDs'), and select 'Pass Type IDs' from the dropdown menuPassType_ID.png
    3. Select Pass Type ID and ContinueCreatepasstypeid.png
    4. Give description and identifier name (best practice is the reverse of your domain URL - ex: 'com.tixtrack.ticketure') - but can be any format.PassTypeIDCreation.png
    5. Register the Pass TypePassTypeIDRegistration.png

Create Certificate

After completing the registration of your Identifier, you will need to use that Identifier in the creation of a Certificate. Access the Certificate creation process either by selecting 'Edit' on your Identifier or by clicking Create from the Certificate section. If using create from Certificates, ensure you select the proper Identifier from the list. 

  1. Click Create CertificateCreateCert.png
  2. Give the Certificate a name - "Ticketure Apple Wallets" or any descriptive name.CreateCert2.png
  3. In the Upload a Certificate Signing Request section, upload the CSR file that was generated above.DownloadCert.png
  4. Once the Certificate is created, you now have a Certificate that can be used for generating the required Key. Click Download and save the .cer file to disk.

Generating the Private Key

To finish the process, you will need to generate the Private Key for the Certificate. 

Back on the Mac, complete the following steps:

  1. Open the Certificate that was downloaded at the end of the previous set - this should launch Keychain Access (if not launch it as well).
  2. Select Login from the top Keychain menu and Certificates from the Category Menu.
  3. Expand the Pass Type ID created above to expose the cert and the Private Key.
  4. Select both and choose File -> Export Items from the menukeyexport.png
  5. Give the file a name and in the File type section, ensure you select Personal Information Exchange (.p12)
  6. Password (Optional) - you can put a password on the p12 export. If a password is set, please share that password in the sending of your files to support.
  7. Send the Certificate file (.cer) and the .p12 files to Ticketure Support. Be sure to include any password details established in step 6.

 

This certificate will only be valid for 12 months from the time of creation. Apple will send a notification to the email associated with the Apple Developer Account regarding the expiring of the certificate. Upon receiving the notification, repeat the above process starting at 'Create Certificate'

 

Note: Open SSL Confirmation of Matching Keys/Certs

If for any reason the keys do not load properly into Ticketure, a technical resource who has OpenSSL installed can confirm the modulus sections of the key and the cert match. 

  • openssl x509 -in {{certificate_name}}.cer -inform DER -text
  • openssl pkcs12 -in {{key_name}}.p12 -nodes | openssl rsa -text

 

 


Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.