Pass certificates are used to protect your registered Pass Type IDs. Every Pass Type ID needs at least one Pass Certificate assigned so that it can be used for passes. The certificate allows Wallet to verify if a Pass was generated by your business or if someone else tried to generate a pass using your Pass Type IDs. Wallet will only allow Passes with valid signatures to be added.
In order to create a pass certificate, a private key is generated that will be used to create the signature for passes. Only with this private key it is possible to produce valid signatures for your passes. Apart from signing your passes, the certificate is also used to send push notifications to your passes.
📝 Note: This security check if a pass was correctly signed by the Pass Type ID owner is only possible for Apple as the registry. Other Wallet compatible applications on other mobile platforms can not and don't perform such a check.
⚠️ Important: You should not rely on the pass signature to prevent / detect malicious behaviour. Everybody with an apple developer account is able to produce a valid signature for a pass that is using their own pass type ID. As the Pass Type ID is not visible in the user interface, you have no way of distinguishing as pass that is using your own pass type ID and one that uses another Pass Type ID. In order to prevent and detect malicious behaviour you need to put additional security measures in place. PassSlot provides you with a powerful validation and redemption system (see the section called “Scanning & Validation” that you can use for this.
ℹ️ Tip: PassSlot has built a Pass Type ID wizard that will handle all the technical details about creating a private key and requesting a pass certificate. Once setup, PassSlot will automatically sign your passes and send push notifications using your pass certificate.
Expiration and Renewal
Pass certificates are only valid for 356 days and will expire thereafter. You will need to renew them before they expire so that your passes continue to work. If your certificate expires and you don't renew it, newly generated passes can't be added to Wallet and you will not be able to update existing passes. You will be reminded by Apple via email if your certificate are about to expire.