Configure Mobile Flash Pass for Apple Wallet

In order to issue Mobile Flash Passes to Apple Wallet, you must set up an Apple Developer account, create the Pass Type, and design the Credentials. For additional considerations, refer to Setup Accounts for Mobile Flash Pass.

Register for Apple Developer Account

  1. Go to https://developer.apple.com.
  2. Click Account on the top right.
  3. Sign in with your company's Apple ID.
  4. If you don't have one, follow the steps to create an account.
    1. Review the Apple Developer Agreement.
      1. Select the checkbox to accept the terms of the Apple Developer Agreement.
      2. Click Submit.
    2. Click Join the Apple Developer Program at the bottom.
    3. Click the Enroll button at the top right.
    4. Follow the steps to enroll as a corporation. This will involve proving that you are a legal company.

      5. Note: An Apple Developer Account will cost $99 USD per year.

Setup Pass Type ID and Certificate

  1. Log in to your Apple Developer Account at https://developer.apple.com.
  2. Choose Account on the top right.
  3. From the left menu choose Certificates, IDs & Profiles.
  4. Set up the Pass Type ID.
    1. Click Identifiers.
    2. Click the + icon.
    3. Choose Pass Type IDs.
    4. Click Continue.
    5. Give a meaningful description name and choose an pass type identifier following the Apple reverse domain name guidelines.
    6. Confirm the details.
    7. Click Register.
  5. Create a Certificate and Key for the Pass Type ID.
    1. Click Certificates.
    2. Click the + icon.
    3. Under Services, select Pass Type ID Certificate.
    4. Click Continue.
    5. Provide a friendly name and choose the previously created Pass Type ID from the dropdown menu.
    6. Click Continue.
    7. Follow the instructions from Apple to create a Certificate Signing Request (CSR) on your Mac.

      8. Note: Instructions for generating a Certificate Signing Request on Windows machine are available here.

    8. Upload the certificate signing request file.
    9. Click Continue.
    10. Download your certificate.
    11. On your Mac, click the downloaded certificate file to install it into Keychain Access.
    12. While still in Keychain Access, click the Keys category on the bottom left.
    13. Find the "private key" entry for the certificate downloaded in Step 5.j.
    14. Right-click the entry.
    15. Click Export.
    16. Choose a file location for the .p12 file.
    17. Provide a password to protect the .p12 file.
    18. Provide your Mac password to allow export.

    6. You now have the following items required to setup Instant ID as a Service:

    • Apple Wallet Key File: The P12 Export file

    • Apple Wallet Key Password: The P12 Export Password

    • Apple Wallet Pass Type ID: The reverse domain name style identifier from Step 4.

  6. Navigate to Administration > Configuration > Mobile Flash Pass from the Main Menu Main Menu in Instant ID as a Service. The Mobile Flash Pass page opens.
  7. Select Enabled in the Apple Wallet Settings area.
  8. Enter the Apple Wallet Pass Type ID.
  9. Upload the .p12 file downloaded in Step 5.p.
  10. Enter the password set in Setp 5.q.
  11. Click Save.

Generate CSR in Windows

  1. Install OpenSSL for Windows (available here).
  2. Launch a command prompt.
  3. Enter a Change Directory command to navigate to the OpenSSL bin directory, such as

    4. CD C:\OpenSSL\bin

  4. Create the private key by entering the following in the command line:

    5. openssl genrsa -out mykey.key 2048

  5. Create the CSR file by entering the following in the command line:

    6. openssl req -new -key mykey.key -out CertificateSigningRequest.certSigningRequest -subj /emailAddress=yourAddress@example.com, CN=John Doe, C=US

    Note: Replace the email address, CN (certificate name), and C (country) values with your own.

  6. Upload the CSR to your Apple Developer Account.
  7. Download the pass.cer file to your OpenSSL bin directory.
  8. Create a .pem file from the downloaded certificate by entering the following in the command line in your Windows command session:

    9. openssl x509 -in pass.cer -inform DER -out pass.pem -outform PEM

  9. Export a .p12 file from the newly created .pem file by using the following command line:

    10. openssl pkcs12 -export -inkey mykey.key -in pass.pem -out pass.p12

  10. Set the file's password.

    11. Note: Save this password with the Pass Type ID and the exported .p12 in the same file and folder.

  11. Navigate to Administration > Configuration > Mobile Flash Pass from the Main Menu Main Menu in Instant ID as a Service. The Mobile Flash Pass page opens.
  12. Select Enabled in the Apple Wallet Settings area.
  13. Enter the Apple Wallet Pass Type ID.
  14. Upload the certificate created in Step 9.
  15. Enter the password created in Step 10.
  16. Click Save.