Simple FastAPI server to create Apple Wallet passes.
make install
this installs the software + all the dependencies
To run the passbook server you need a certificate and a private key. The certificate is used to sign the passbook files and the private key is used to sign the push notifications. The certificate and the private key are stored in the config file of the passbook server.
this is the overall process to get the necessary certificates for issuing passes
flowchart TD
B[create private key.pem]
D[get/create Pass ID - apple.com]
WWDR[download AppleWWDRCA.cer] -->WWDRPEM[convert to wwdr_certificate.pem]
D --> E[request Certificate.cer based on Pass Id - apple.com]
B[create key.pem] --> CSR[create CSR]
CSR -->|upload CSR in form| F[create+download Certificate.cer - apple.com]
E --> F
F -->|x509| G[create Certificate.pem]
G --> H[install Certificate.pem, private.key and wwdr_certificate.pem on server]
WWDRPEM --> H
- create your own private key
$ openssl genrsa -out private.key 2048
- create a certificate signing request (CSR) with the private key
$ openssl req -new -key private.key -out request.csr -subj="/emailAddress=[your email addr],CN=[your full name],C=[your country ISO code]"
you need a developer account at apple to get a pass type id and a certificate for signing your passes. you can get a free developer account at developer.apple.com
- Visit the iOS Provisioning Portal -> Pass Type IDs -> New Pass Type ID
- Select pass type id -> Configure (Follow steps and download generated pass.cer file)
- Use Keychain tool to export a Certificates.cer file (need Apple Root Certificate installed)
- Convert the certificate.cer (X509 format) to a certificate.pem file by calling
$ openssl x509 -inform der -in pass.cer -out certificate.pem
the certificate is preinstalled, but in case of expiration it can be downloaded from [https://developer.apple.com/certificationauthority/AppleWWDRCA.cer](apple authority)
see [https://developer.apple.com/support/certificates/expiration/](apple support)
curl https://developer.apple.com/certificationauthority/AppleWWDRCA.cer -o AppleWWDRCA.cer
an overview of downloadable apple certs:
https://www.apple.com/certificateauthority/
convert it to a pem file
openssl x509 -inform der -in AppleWWDRCA.cer -out wwdr_certificate.pem
then copy it into the 'certs' folder of the passbook server
check expiration date of certificate
openssl x509 -enddate -noout -in file.pem
copy the certificate.pem
, private.key
and wwdr_certificate.pem
to the 'certs' directory in your server.
pytest -m integration
the test "test_passbook_creation_integration" will create a passbook file and display it with the passbook viewer. This test runs just under OSX.
copy the certificate.pem and the key.pem to the 'certs' directory your server.
check expiration date of certificate
openssl x509 -enddate -noout -in file.pem
./run.sh
you can point your apple device to :8000/demo-pass to get a demo passbook file that you then can install into your wallet.