What's the role of the password in Certificates.p12 file for iOS push notification

Question

For implementing push services for iOS Apps , we need to export push certificates from Keychain access as Certificates.p12 file and upload that to APN server. While exporting it asks for a password. What is the difference between a Certificate.p12 file exported with password and a blank password ? The cloud services like parse.com which supports push messages does not accept a .p12 file exported with a password. When We are coding our own APN server, should we use a .p12 file exported with password or without password ? For me, with a p12 file exported without password, I get "UnrecoverableKeyException: Get Key failed" error.

Thanks in advance for your help.

Answer 1

Answer is simple, Will explain with an example.

Consider your p12 file as a ATM Card (Debit/Credit card) and think if you don't have passwords for that, what happens if someone get your card ?

Same here, if you won't password protect that p12, anyone who have that p12 file can send push notifications (malicious) to your apps, using that p12 file.

Answer 2

The p12 file is an encrypted container for your X.509 Push Notification Certificate and it's corresponding Private Key. Because nobody should be able to use your certificate/private key for malicious purposes, it is strongly recommended that you protect your p12 file with a password. Else anybody who gets your p12 file will be able to communicate with Apple's Push Servers using your Developer Identity (which is defined by the certificate).