Generating pkcs12 for ios push notification server

Question

Following procedure does not work,openssl at 4th step raises "No certificate matches private key". It works without -certfile parameter so is it really required? I saw same procedure at several places on the net. So is it really appropriate or am i doing something wrong? Also OS X procedure only says to export certificate but should not it be both cert and pkey.

OpenSSL

Here is how to create a PKCS12 format file using open ssl, you will need your developer private key (which can be exported from the keychain) and the CertificateSigningRequest??.certSigningRequest

1. Convert apn_developer_identity.cer (der format) to pem: openssl x509 -in apn_developer_identity.cer -inform DER -out apn_developer_identity.pem -outform PEM

2. Next, Convert p12 private key to pem (requires the input of a minimum 4 char password): openssl pkcs12 -nocerts -out private_dev_key.pem -in private_dev_key.p12

3. (Optional): If you want to remove password from the private key: openssl rsa -out private_key_noenc.pem -in private_key.pem

4. Take the certificate and the key (with or without password) and create a PKCS#12 format file: openssl pkcs12 -export -in apn_developer_identity.pem -inkey private_key_noenc.pem -certfile CertificateSigningRequest??.certSigningRequest -name "apn_developer_identity" -out apn_developer_identity.p12

   http://code.google.com/p/apns-sharp/wiki/HowToCreatePKCS12Certificate