I'm new to Azure KeyVault. I'm trying to create a new version of self-signed and CA signed certificates and first I got a message saying it was successfully created but while refreshing the page, the new version doesn't show up. Another attempt on adding new version shows me this error
RAW ERROR
A new key vault certificate can not be created or imported while a pending key vault certificate's status is inProgress
I have given it a day for the new version of the certificate to show but nothing shows up.
Normally, it may take some time to create a new version of self-signed certificate:
When the states is complete, your new version certificate will show up:
Version list:
It seems to be a temporary error. I suggest you create a new certificate and try again. If the error persists, you may contact the Azure support team. They would be able to help you further by checking the resource.
Related
After downloading my certificate from the apple developer portal, I successfully create a p12 file but whenever I try to create a platform application on aws, enter the certificate password, I just keep getting the error below.
There was an error reading the selected certificate. Verify the
password and try again.
I have tried with short and no passwords but nothing seems to accept the password.
Any ideas?
I was able to make this work, by doing the following:
Delete all old keys related to previous attempts in your Keychain > login (macos)
Request a new certificate from Request Certificate from Authority. Make sure no keys are selected when you execute this function.
I chose a single word in lowercase for Common name.
Add certificate to Apple Developer Portal
Download the CSR
Double click on the CSR to import the keys into your Keychain.
Your private key should have a dropdown with the certificate listed. My previous attempts did not have this. Export the p12.
The p12 worked in AWS SNS when entering the password, the public and private keys were extracted from the p12.
I generate .certSigningRequest file via Keychain Access (Keychain Access -> Certificate Assistant -> Request a Certificate From a Certificate Authority..., I fill in my mail and I save it to disk).
When I log into Apple developer account and try to generate Certificate with it I get message: "Invalid CSR - Invalid Certificate"
I did this number of times previously with my previous Mac but it is not working on my new system.
What am I doing wrong? I have followed exact steps https://help.apple.com/developer-account/#/devbfa00fef7
I think this is a Apple error. you just need to simply refresh the website again and again or need to use another browser.
Just forgot to input 'Common name' in Certificate Assistant form.
So, make sure you filled
User Email Address
Common Name
Saved on disk check
I have the .cer certificate that is downloaded from Apple Developer Portal of the client I don't have authentication for. I am running openssl x509 to read the .cer which doesn't shows any value that matches the #id (the name on the .cer and .p12 that gets uploaded to the fastlane managed repo) but the Team Id and Team Name
Please suggest how do I get the #id value locally when I can't get the certs using Spaceship (which does return the #id value once I login to Spaceship)?
Reference:
https://www.rubydoc.info/github/fastlane/spaceship/Spaceship/Certificate
I can answer one of your two questions:
How does spaceship gets the #id value for .cer files from Apple Developer Portal?
When spaceship creates a certificate it does so by sending a request to an API:
https://github.com/fastlane/fastlane/blob/75302f9f842fb1d7361dc1e769cdd7398022f4b4/spaceship/lib/spaceship/portal/certificate.rb#L309-L313
The response from that API call is used to create an object (via the new above) that also includes an id property:
https://github.com/fastlane/fastlane/blob/75302f9f842fb1d7361dc1e769cdd7398022f4b4/spaceship/lib/spaceship/portal/certificate.rb#L214-L253
That id is then used to define the filename the certificate is written to (unless you define a filename manually):
https://github.com/fastlane/fastlane/blob/f32b007ff45e648b37b6c9c2037ac481f36b7780/cert/lib/cert/runner.rb#L191-L195
When creating ad hoc provisional profile, it asks for Certificate Signing Request.
It seems it would yet create a new set of public/private key pair? Can I use an existing one?
Below is the instruction given. The step I have in question is "create a name for your private key". I already have two key pairs I wish to use existing ones.
To manually generate a Certificate, you need a Certificate Signing
Request (CSR) file from your Mac. To create a CSR file, follow the
instructions below to create one using Keychain Access. Create a CSR
file.
In the Applications folder on your Mac, open the Utilities folder and
launch Keychain Access.
Within the Keychain Access drop down menu, select Keychain Access >
Certificate Assistant > Request a Certificate from a Certificate
Authority.
In the Certificate Information window, enter the following information:
In the User Email Address field, enter your email address.
In the Common Name field, create a name for your private key (e.g., John Doe Dev Key).
The CA Email Address field should be left empty.
In the "Request is" group, select the "Saved to disk" option.
Click Continue within Keychain Access to complete the CSR generating process.
You don't need to create Separate Certificate Signing Request (CSR) each time. You can use the same CSR as many time as you can. No problem on using same CSR each time. i use same CSR for creating certificates.
But you have to create at least one time
I'm configuring stuff on the provisioning portal for a new app which will use APNS.
When I went to configure the App Id for pushes the web site popped up a dialog saying I had to use Keychain Access and request a certificate from a CA.
However this is a step I've already been through with a previous app, therefore is there any need to do so again? If there's no need, is it still a good idea, and if so why?
If there's no need to generate a CSR again, then I no longer have the CSR file from previously, so is there anyway to recover it?
Certificates belong to hostnames.
If the hostname is the same, yes you can.
If it is a subdomain, and the certificate is a wildcard, yes you can.
If the hostname is different, you can generate a new csr and apply for your new certificate.