I'm trying to export the APNs certificate as a .p12 file.
but, after I double click on the .cer file, I can't find it under "My Certificates", and I'm not allowed to export it as .p12 file (but .cer, .pem, p7b).
why? I created this certificate on the same computer.
Issue seems to be with you private key. If private key associated with certificate is missing then it will not get displayed in keychain under "My certificates" sections. You can still see under all certificates.
Create a new certificate with new certificate signing request file and try to install it on mac. This may solve your problem.
I ran into this issue and decided I'd just let fastlane do the work: https://docs.fastlane.tools/actions/pem/
It generated the correct files and I was on my way in less than 30 seconds!
Thanks Fastlane!
I just ran into this myself. It seems that if in Keychain Access you try to export the Certificate from the All Items tab, it just tries to export the certificate without the key. When trying to export from the My Certificates tab, it worked as expected and I could export as .p12
Related
Let's say an Apple developer program membership has expired, so new code signing certificates cannot be requested from the Apple site. Still I have a backup of:
developerID_application.cer, developerID_installer.cer (and the expiration date is 2024, so it is still valid)
a CertificateSigningRequest.certSigningRequest file from 2 years ago, that was created exactly at the same time than the .cer files
How to install these certificates on a new Mac installation, such that we can use productsign to sign a .pkg installer with them?
Here is what I tried:
Import the .cer files in the "System" Keychain, it seems successful
Import the AppleWWDRCA.cer in the Keychain that I used at the creation time of these certificates (https://developer.apple.com/certificationauthority/AppleWWDRCA.cer), idem
productsign --sign "Developer ID Installer: MyName" myinstaller.pkg myinstaller_signed.pkg
Result:
productsign: error: Could not find appropriate signing identity for "Developer ID Installer: MyName"
I have looked at OS X productsign error: Could not find appropriate signing identity but it does not help here: I only have the 2 .cer files and the .certSigningRequest file. I don't have another Private key file. Also when I open the .certSigningRequest file, I see:
Please specify the issuing Certificate Authority for MyName's certificate request
Issuing CA: Let me choose
What would you like to do?
Create a certificate for yourself
Create a CA
Use your CA to create a certificate for someone else
Request a certificate from an existing CA
Set the default CA
View and evaluate certificates
What to do with this previous .certSigningRequest file?
There is nothing you can do, if the 3 named files is all you have.
*.cer, Is just the public key and some attributes signed by someone else (a CA).
*.certSigningRequest, guessed from the name, is a PKCS#10 - public key and some attributes requested to be signed by someone else (a CA).
What you need is the private key.
If you have a system running or a full system image backup (to be restored) with the private keys in the keychain (~/Library/Keychains/login.keychain-db) you can export them to move to another system:
Start XCode.
In the Menu click Xcode > Preferences.
Click Accounts (top of the window).
Click the gear icon (right of the Delete button in the lower-left corner).
Choose Export Developer Accounts from the pop-up menu.
Xcode encrypts/password-protects the exported file (*.developerprofile).
I'm facing weird situation. For Apple Push Notification I can't export .p12 file from Keychain access. I can highlight both items and click on Export 2 items but after that nothing happens. All steps are correct as I've been doing it all the time. It seems something is wrong with keychain access or my Mac? I did it successfully few days back for another key and it worked, exporting for this old one doesn't work now. I don't think there is any error or problem in generating certificate otherwise it should work for older keys.
Login is selected in left pane. Any suggestions?
This problem also happens when you happen to have selected the wrong keychain (like if you accidentally had single clicked on the System keychain rather than Login keychain). If the cert signing request came from that machine, it would associate the private key with the Login keychain. So if you somehow then downloaded and imported the certificate into the System keychain, Keychain Access would not find the matching private key and would not put the cert under "My certificates", and cannot export a p12. You might as well have tried importing to the keychain on a different Mac.
So, make sure the import is into the keychain associated with the private key. Often this would be the Login keychain.
Rebooting machine worked in my case.
I've downloaded the .cer file from developer A/c. Double clicking on it, is adding that file in Certificate section but when am going to key section to export key am not able to see that key. So that I can export it as .p12 file.
this is a common issue, The solution is simple:
Who ever created the developer credentials originally needs to go to the keychain on their computer and right click on the key(s) for private and public and export the key to a file. Then you just download that file on your computer and open it, and it will be added to your keychain.
You need to have both the private key (.pem file) and the certificate for your provisioning profiles.
From :
https://stackoverflow.com/a/12867936/3901620
I am able to generate the required .pem file for Apple Push Notification Service by using the following method:
On Mac, use Keychain Access app to create CSR from Private Key and upload to Provisioning Portal and generate the required Certificate. Download the .cer file and drag/drop it into Keychain Access app. Select both this .cer file and the Private Key and choose Export 2 Items. Save it as .p12 file. Use openssl to convert .p12 to .pem
This method all works fine, except I want to create a script to automate this more.
So is there a way to use Terminal (bash script, Apple script) to create the .p12 file from the downloaded .cer file) and the Private Key stored in Keychain Access?
Thanks
I haven't tried this on Mac, but there is instruction from Adobe (read the second part) how to do this on Windows. AFAIK openssl cli for Mac and Window has has common interface.
I had to do this in order to get the certificates to play nice with our .NET push provider service application, so I turned the conversion process into a shell script. I'm not an expert on the tools being used in the process, so feedback would be appreciated, but it certainly is working for us.
Check the script's opening comments for the steps necessary to get it all to work, and it should spit out a usage line to you if you don't use it properly.
https://gist.github.com/misterwell/7e27d7396724580352f1
I want to create a safari extension on my Windows 7 pc. I have created a safari developer certificate properly but I couldn't really install it. After some googling, I tried importing it into Personal and Trusted Root Certification authorities. But Extension Builder keeps showing "No Safari Developer Certificate." I even revoked the certificate and created a new one. Still no luck. Can anybody help me?
When you enter something like certmgr.msc in the run command in Windows, you will get to see something like this:
So using the certificate consists of the following steps:
Save the file and run the command in cmd.exe as directed in the developer certificate generator in extension certificate developer.
When you are done, check the certmgr (shown in the image above) and see a certificate named "Safari Developer" installed somewhere near Certificate Enrollment Requests. Cut the certificate and paste one copy inside trusted root certification Authorities and another inside Personal.
Generate the csr file and install the file inside Personal folder and trusted root certification Authorities folder.
Extension builder will now recognize the certificate.