The way to prepare for the Apple Push Service certificate is simple as following. You are supposed to be one had done all needed procedures before you start, including but not limited to apply an App ID, request certificate and download it, import the certificate into the KeyChain and then export it out as P12 format.
Three files you would hold after you generated and submitted the Apple Push Service Certificate, and exported them from KeyChains.
The certificate file signing request file, put it away.
The P12 format package containing certificate and its key.
The downloaded APS certificate file.
Use the APS certificate file to generate certificate PEM file in x509 der form.
openssl x509 -in aps_development_PushLib.cer -inform der -out PushLibCert.pem
Use the P12 CerKey file to generate Key PEM file. You need to enter import password, and set thge PEM pass phrase.
openssl pkcs12 -nocerts -out PushLibKey.pem -in PushLib_CerKey.p12
This time interactivity is needed for security.
Enter Import Password: [THE PASSWORD YOU HAVE SET FOR P12]
MAC verified OK
Enter PEM pass phrase: [PASS PHRASE YOU SET]
Verifying - Enter PEM pass phrase: [PASS PHRASE YOU SET, AGAIN]
Integrate the two generated PEM files into one. The result PEM file is used for connect Apple Push Service Server.
cat PushLibCert.pem PushLibKey.pem > PushLibDuoCK.pem