Working through iOS notifications, and found an excellent article here:
Note that the steps for setting up a certificate have not changed, and worked like a charm for me.
Followup: when attempting to load the certificates into Amazon’s SNS service through the console, I ran into the dreaded “There was a transient failure registering the app with Amazon SNS.”
The trick is hinted at here: Amazon SNS with Apple APN
The trick is that you load the aps_development.cer file (or the APN certificate for release; I haven’t done that so not clear what it’s called) into Keychain by double-clicking on the file.
Then you select both the private key that was used to generate the certificate, and the APN certificate you just added to Keychain, and export both as a .p12 file.
Convert into a .pem file via
openssl pkcs12 -in InCert.p12 -out OutCert.pem -nodes -clcerts
This OutCert.pem can then be used as the single .pem file that Amazon asks for in the SNS console.
I hate when I run into weirdness like this.