Notification Hub: The certificate specified in apple credentials does not have a private key

Hi everyone,

I'm trying to use the "Create Notification Hub" API, which I can successfully do if my payload reads:

<?xml version="1.0" encoding="utf-8"?><entry xmlns="http://www.w3.org/2005/Atom"><content type="application/xml">   <NotificationHubDescription xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/netservices/2010/10/servicebus/connect">   </NotificationHubDescription></content></entry>

However as soon as I try to include APNs key / cert, I get an HTTP 400 from the server: "The certificate specified in apple credentials does not have a private key" even though I'm specifying the private key as documented:

<?xml version="1.0" encoding="utf-8"?><entry xmlns="http://www.w3.org/2005/Atom"><content type="application/xml"><NotificationHubDescription xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/netservices/2010/10/servicebus/connect"><ApnsCredential><Properties><Property><Name>Endpoint</Name> <Value>gateway.sandbox.push.apple.com</Value> </Property><Property><Name>ApnsCertificate</Name> <Value>${CERT}</Value> </Property><Property><Name>CertificateKey</Name> <Value>${KEY}</Value></Property></Properties></ApnsCredential></NotificationHubDescription></content></entry>

I am generating the value of ${CERT} by running the following command, which gives me a base64 string of length 1917, over 30 lines:

CERT=`openssl pkcs12 -in key.p12 -passin "pass:xxxxxx" -nodes -nomacver | awk '/-+BEGIN CERTIFICATE-+/{text="";}/-+END CERTIFICATE-+/{print text}/^[A-Za-z0-9+\/=]+$/{text=text $0}' `

I know the value of ${CERT} is correct because if I substitute some garbage, the API rejects it with a message about invalid certificate.

Similarly, I am generating the value of ${KEY} by running the following command, which gives me a base64 string of length 1612 over 25 lines:

KEY=`openssl pkcs12 -in key.p12 -passin "pass:xxxxxx" -nodes -nomacver | awk '/-+BEGIN RSA PRIVATE KEY-+/{text="";}/-+END RSA PRIVATE KEY-+/{print text}/^[A-Za-z0-9+\/=]+$/{text=text $0}'`

Regardless of the value of ${KEY}, I always get the above error message.

Any pointers are very much appreciated!