No-quota push notifications using a root Certificate Authority

This blog post was authored by Austin Laugesen, a Program Manager on the Windows Phone team.

- Adam

These are the steps you can take to implement no-quota (unthrottled) push notifications for your Windows Phone app using Microsoft Push Notification Services (MPNS). Implementing no-quota push notifications means that your app won’t be restricted by a daily limit of push notifications.

1. Obtain a private key from a root Certificate Authority (CA) that is a member of the Windows/Windows Phone root certificate program.

• Create a certificate signing request (CSR).

1. Here is an example of how to create a CSR for Windows. Note that each CA follows a different process to create a CSR.
2. Caveat: users can use different software to create CSRs.

1. See IIS 8: Better certificate management and IIS 8.0 Centralized SSL Certificate Support: SSL Scalability and Manageability for info about how to store a private key in Windows using Internet Information Services (IIS).

• Sign in to Windows Phone Dev Center.
• Click the Dashboard navigation link.
  
• On the left side of the page, click Account.
  
• Click Certificates.
  
• Click Browse to find the .cer file you’d like to upload.
• Click Upload to upload the certificate.

• Install your root CA’s public certificate on these computers.
• Install the private key (issued by the CA) on these computers.

1. SSL authentication uses these two certificates to perform mutual authentication.
2. Root CA validation occurs on your computer.
   When your service sends a request to the MPNS it will authenticate the MPNS with the public key, which you provided on Dev Center, with the public root CA certificate on your computer.

For more info about push notifications, see Push notifications for Windows Phone.