Paytronix internal steps for building a Passbook p12 Package

This is a description of how to use the openssl tool to create the package file as expected by the Paytronix system on a machine running Mac OSX. You will need the Apple WWDR intermediate certificate. This can be found at Apple’s certificate authority page (It is the one labeled “Worldwide Developer Relations”)

In a terminal window in a working directory of your choice run:

openssl genrsa -out private.key 2048
openssl req -new -key private.key -out req.pem

When generating the signing request, use information consistent with your developer account. Under “Your Name” list the brands name. For example, we would answer these questions as such:

Field example

  1. Country Code: US
  2. State or Province Name (full name): Massachusetts
  3. Locality Name (eg, city): Newton
  4. Organization Name (eg, company): Paytronix Systems, Inc.
  5. Organizational Unit Name (eg, section): This can be left blank
  6. Common Name (e.g. server FQDN or YOUR name): Paytronix Cafe
  7. Email Address: This can be left blank
  8. A challenge password: Leave this blank
  9. An optional company name: This can be left blank

When finished, open the Apple developer portal and do the following things:

  1. Create a new pass identifer (or find the existing pass identifier if you are renewing your certificate).


    Paytronix requires that the fifth part of this identifier be the merchant id in our system. For example:

  2. In the pass identifier choose “Create Certificate” then “Continue” button. You have already done the steps on this page.

  3. Upload the req.pem file to Apple.

  4. Download the pass.cer file generated and copy it to your working directory

  5. Download the Apple WWDR intermediate certificate AppleWWDRCA.cer (found at and copy it to your working directory

  6. Then:

    openssl x509 -in pass.cer -inform DER -out pass.pem -outform PEM
    openssl x509 -in AppleWWDRCA.cer -inform DER -out AppleWWDRCA.pem -outform PEM
    cat private.key pass.pem AppleWWDRCA.pem > pk_certs.pem
    openssl pkcs12 -export -in pk_certs.pem -out package.p12

    You will be prompted to make a password during this step. Choose something secure. You will need to provide this password to Paytronix. Remove all files or store them somewhere secure. Provide Paytronix with the package.p12 file and the associated password.

Click here to go back to the Passbook Flow Page