I’m making an attempt to construct a easy pockets go with the intention to take a look at the function. What I do:
- Create a Cross Kind ID Identifier
- Create a certificates by importing a certificates signing request
- Convert the certificates to .pem
- Import the certificates as .cer in Keychain. It’s not trusted for some purpose so I manually mark at as trusted. I see that the organizational unit is G4 so…
- I obtain the Worldwide Developer Relations – G4 file from https://www.apple.com/certificateauthority/
- For root certificates I obtain Apple Inc. Root
- I make each Apple’s certificates to be .pem
- I create a FullChain like so
cat PassCertificate.pem AppleWWDRG4.pem AppleRootCA.pem > FullChain.pem
- I efficiently confirm the FullChain.pem like this
openssl confirm -CAfile AppleRootCA.pem -untrusted AppleWWDRG4.pem PassCertificate.pem
- I create a signature with my go information in MyPass folder like this
openssl smime -binary -sign
-certfile AppleWWDRG4.pem
-signer PassCertificate.pem
-inkey go.key
-in MyPass/manifest.json
-out MyPass/signature
-outform DER
- The signature is created. The issue is verifying the signature. I’ve tried some ways to confirm it, nevertheless it all the time fails. One if the methods is:
openssl cms -verify
-inform DER
-in MyPass/signature
-content MyPass/manifest.json
-CAfile FullChain.pem
- Assuming it would not fail, I proceed to zip and make the information in MyPass folder as .pkpass, which does not work as a go on the iPhone after all.
My MyPass folder has:
icon and icon@2x, thumbnail and thumbnail@2x (all png) manifest.json and go.json (which has appropriate teamID and go identifier). The manifest accommodates solely the pics and the go.json.
What am I doing flawed?
It may very well be associated to the Cross Certificates that I donwload from Apple Developer portal not being trusted and me marking it as trusted, however why is it not trusted within the first place? It’s a certificates created by Apple.