Digitally Signing Passbook Passes

Before you can send Passbooks to your customers' devices, you will need to create and upload an Apple .p12 Certificate. This is created using Apple’s Developer Portal and then the file can be uploaded to our secure servers via the Boarding Pass Console.

SITA will sign the pkpass passbook files on your behalf. Passbook passes must be signed by the issuer to be displayed in the Passbook application.

If you do not specify your airlines certificate and key, SITA's certificate and key will be used to sign all .pkpass boarding passes for your partition.

For development purposes, it is okay for partitions to share a certificate but Passbook updates do not work reliably on phones that have passes from different partitions that share the same certificate/passTypeIdentifier.

Note: Production systems MUST have a unique signing certificate and key for their partition. The generic SITA certificate has a passtype identifier of pass.aero.sita.lab.boardingpass. A dedicated SITA certificate can be created for your partition on request. It will have a passType identifier of pass.aero.sita.lab.boardingpass.xx where xx is the partition code.

A .p12 Certificate file and password is generated in the iOS Dev Centre at developer.apple.com.

Note: Both the certificate and key are in a single .p12 file.

For Windows/OpenSSL users, you can convert the .p12 file into PEM file format. PEM is the standard format for OpenSSL and many other SSL tools.

Use OpenSSL to convert the certificate and key into two separate PEM files for importing for uploading into Boarding Pass servers.

Uploading Pass Certificates and Keys to SITA

To upload a Passbook certificates and keys:

  1. Select the following menu options:
    Application Developer > Passbook Signing > Apple Cert & Key

  2. Select whether to use SITA certificates and keys for signing Passbooks or use your own custom certificate and key.
  3. Click on the Edit button to upload a custom certificate and key. The Change Passbook Signing dialog is displayed:

  4. Select which certificate type to load:
    • Default/Built-in Certificate (Development Only)
    • .P12 File with Certificate and Key (Password Required)
    • .PEM Certificate and .PEM Private Key
  5. Browse and select the relevant certificate files and key files.
  6. Save to upload files.

Note: On completion, the passTypeIdentifier should match what you specified when creating the certificate.