Apple keychain private/public key issue - macos

I accidentally deleted the private and public key pair of my certificate, but I can't find anything helpful to undo or add those to my certificate again.
Actually the developement certificate has expired, so i redownloaded the new one.
Than I wanted to add the private/public key to my new certificate. And there it happend, i deleted it.
How can I get these and set them to my actual certificate again.

I had this issue two days ago.
Open Keychain Access
What you have to do is make backups of all your certificates and then go and delete all the private and public keys and certificates on your machine relevant to apple.
Then in Keychain Access click on Keychain Access(Menu Bar) and in the menu select Certificate Assistant -> Request a certificate from a certificate authority.
Enter your details and make sure Saved to disk and Let me specify key chain pair is selected.
Save it.
On the next screen: These values must be:
Key Size: 2048 bits
Algorithm: RSA
You then need to log into the Provisioning Portal on apple's website and revoke all certificates there.
Then click distribution and say Add Certificate and select the file you created earlier.
You can then request all certificates again. Re-download all certificates, once you start opening the downloaded certificates your new key pair and certificate will be in Keychain Access.
If you have any questions check out http://developer.apple.com/ios/manage/distribution/index.action

Related

Developer ID Application Certificate missing a child key in Keychain Access

I am trying to recreate a Developer ID Application certificate, so I can sign my application. I had an existing certificate, but it's about to expire, so I am trying to regenerate a new one.
However, when I download a newly generated certificate from developer.apple.com, the imported certificate has no key as its child node in Keychain Access. The old certificate had this. When I attempt to use the certificate for code signing I receive something like:
/tmp/myapp.app/Contents/app/bin/myapp.exe: errSecInternalComponent
I am following the instructions to obtain a signed certificate using Certificate Assistant:
Ensuring nothing is selected in Keychain Access, click Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority.
I enter my email, accept the default Common Name and click Saved to disk.
In developer.apple.com I click the "+" to Create a New Certificate
I choose Developer ID Application
I upload the CSR I saved above
I download the .cer file that is generated
I open the .cer file. This adds the certificate.
As you can see, the certificate does not have a private key inside it, like the old one:
Unfortunately I don't have the old certificate now having deleted it in a fit of pique but it looked like this:
... although in my case it had my private key.
I've noticed reference to the claim that creating a CSR also creates a public/private key pair, but I cannot see these anywhere in Keychain Access.
Later, I did manage to import the certificate and it show the private key. I think this was when I imported it into the same keychain as that which contains a private key "Dan Gravell" - login. However, I have since tried replicating that and now the certificate is being imported without a key again.
Xcode appearance
I've discovered there's a little more information in Xcode. The certificate shows "Missing Private Key" next to it:
When I look this error up, the suggestions seem to be that the certificate has been given to a developer by some third party that didn't include the private key. However, in my case I am that third party who has created the CSR and received the certificate originally and I thought I had the private key, otherwise I wouldn't have been able to create the CSR in the first place. All these items appear to be in my keychain.
I (eventually) got a reply from Developer Program Support. They issued a new certificate which I installed via XCode this time. I documented my other steps here: https://stackoverflow.com/a/74210449/28190

About aps_developer_identity.cer related

I downloaded my push notification certificate "aps_developer_identity.cer" from apple developer portal, and installed it. This certificate shows up only in the "certificates" filter and not in "My Certificates" filter in my keychain. Where am I going wrong? I need to export the ".p12" of "aps_developer_identity.cer" and upload it to UrbanAirship for testing purpose. Please help
Make sure that you have the private key signing the certificate in your Keychain. If that's not the case, revoke the old certificate and generate a new one with one of your private keys.

Xcode 4 SVN hanging at "Checking out" if client certificate required

I am trying to get Xcode 4 working with my svn repository. I type in the svn address, which it says is reachable, but when I try to check out, it comes up with "The server 'svn.testbedapp.com' requires a client certificate." (it doesn't provide the option to supply the certificate) and then it shows "Checking out 'ProjectName'" indefinitely with s pinning wheel.
Any ideas how I supply the certificate or get it checking anything out?
It's a known issue.
Open terminal, type
svn ls <your repository address>
confirm certificates, check login/pass.
After that repo will work fine in xcode.
You can put your certificate file name to SVN configuration file
~/.subversion/servers
In section [global] just add a line (use a full path - not relative)
ssl-client-cert-file = /path/to/your/certificate.p12
Optionally you can add also
ssl-client-cert-password = yourpassphrase
store-passwords = yes
store-ssl-client-cert-pp = yes**
To answer the original question:
The server “foo.example.com” requires a client certificate.
Translation: Xcode can't find the SSL client certificate in your keychain, the certificate is not valid, or if there's multiple certificates, Xcode doesn't know which one to use.
To install a certificate in your keychain: In Finder, open the file that contains your client certificate (typically a .p12 file). Click Add, then enter the password to decrypt the .p12 file. If you have the corresponding root certificate (typically a .pem file), import it as well and click "Always Trust" when prompted.
To make sure the certificate is valid: In Keychain Access, select the client certificate and look for a green checkmark and the words "This certificate is valid".
If you see "This certificate was signed by an unknown authority",
install a corresponding root certificate.
If you see "This certificate was signed by an untrusted issuer", look for where it says "Issued by", find the corresponding root certificate by that name, and mark the root certificate as trusted (at least for X.509 Basic Policy).
If you see "This certificate has expired", delete it and get a new one.
To associate the URL with a specific certificate: You need an identity preference. Xcode can't do this, but both Keychain Access and Safari can. In Keychain Access, select the client certificate and choose File menu > New Identity Preference…. Enter the repository URL (e.g. https://foo.example.com/path/to/repository) and click Add.
Alternatively: In Safari, go to your repository URL. If there are multiple certificates installed, Safari will prompt "The website “foo.example.com” requires a client certificate" and show a list of certificates. Choose the one you installed in step (1).
To get everything working, you also need to get past these two common errors:
Client certificate filename: Authentication realm: https://foo.example.com:443
Translation: Subversion can't find your SSL client certificate on disk.
Xcode uses Keychain, and Subversion itself (as of v1.4) uses Keychain as well for passwords. For certificates, however, Subversion must be pointed to files on disk.
1) Open ~/.subversion/servers in your favorite text editor. At the bottom, add the line
ssl-client-cert-file = /path/to/first.last.p12
where the value is the path to your client certificate in PKCS#12 format.
svn: OPTIONS of 'https://foo.example.com/path/to/repository': SSL handshake failed, client certificate was requested: SSL error: sslv3 alert handshake failure
Translation: Subversion can't find the password to decrypt your SSL client certificate.
See explanation above.
To save your .p12 password in Keychain: In Terminal, type
svn ls https://foo.example.com/path/to/repository
When prompted, enter the password for the .p12 file. This will be stored in your keychain as an application password.
When prompted, enter the administrator password for your Mac.
When prompted, enter your server credentials. This will also be stored in your keychain as an application password.
At this point, you should see the contents of your repository displayed in Terminal.
Note: If you use Versions by Black Pixel, at least v1.2.2 seems to have trouble using Keychain for passwords, so in ~/.subversion/servers you'll also need to add the line
ssl-client-cert-password = yourpassword
where your password is in cleartext. (This is obviously not secure, so don't do it unless you have to.)

The container "…" must contain only one certificate and its private key

I am unable to install a mobile provisioning certificate on iOS 5 because I get this error:
The container "…" must contain only one certificate and its private key.
I used the same process that worked in the past but on iOS 5 it doesn't work and I have no idea how to export my certificate in a "desirable" state.
I was able to fix this by exporting the private key from the "Certificates" Category of Keychain, rather than exporting the Key directly.
So export the NAME of the cert, not the private key itself, and you should be good to go.
I think a more specific answer is that you...
open up Keychain app
(I am assuming you already have the key pair of your Identity in a keychain )
Like #Brent Shaffer says, choosing from "Certificates" is more straight forward
(The reason being is that the Keychain App logically groups the Certificate and private key for identities when using the "Certificates" view)
SHIFT-select both your SMIME certificate and its corresponding private key
right-click the selection and choose 'Export 2 Items'
Save as a (.p12) file with a very strong password
email the .p12 file to your email account
And from your iphone Mail app you can tap the .p12 file
and Mail will suggest to import this as a Profile. You will need the password from earlier.

installing certificate in key chain

my private key chain dose not showing the certificate that i have recently downloaded. on double clicking the certificate and assigning the key chain doesnot showing the certificate in drop down menu!
I would check:
If the certificate has not expired.
If you have installed the root certificate this one refers to.
Check in Login keychain or other accounts whether you certificates exists in that or not. or
Make sure you have clicked All Items in the Category Section on the Left bottom side

Resources