Import your .p12 file using something similar to
keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore /opt/openfire/resources/security/keystore -srckeystore /path/to/apns.p12 -srcstoretype PKCS12 -srckeypass <doesn’t_seem_to_matter> -destalias _rsa
and here’s the key step to resolve the “Pending Verification” message:
in the …/ssl-certificates.jsp page you should see a “…reply” box. in this box you want to paste in the converted-to-crt
you can convert that to crt manually, but I used https://www.sslshopper.com/ssl-converter.html
Convert that to DER/Binary where it indicates “Type of Current Certificate:” and save the resulting file as AppleWWDRCA.crt
the contents of which go in the *only input box ***on the …/ssl-certificates.jsp page and let openfire restart httpd, when/where prompted.
I hope this saves someone some valuable time.