I had export .cer file from keychain and using below command try to convert in .pem file but in resulted .pem file missing
-----BEGIN PRIVATE KEY-----
please any one can give another way to do that
command are like
openssl pkcs7 -text -in certfile.cer -print_certs -outform PEM -out certfile.pem
If anyone wants to use command which is recommended for creating pem file,
then here is solution on my gist.
openssl x509 -in aps_development.cer -inform der -out PushChatCert.pem
openssl pkcs12 -nocerts -in PushChatKey.p12 -out PushChatKey.pem
cat PushChatCert.pem PushChatKey.pem > ck.pem
First 3 commands will generate pem, but if you want to test then 4th and 5th command will be necessary.
If you got error that about unknown command 'telnet' then install telnet from brew.
Also, I have the same issue when I convert .p12 file into .pem file
when I open that .pem file in that missing ----BEGIN PRIVATE KEY-----
So after searching find out solution use this convert .p12 to .pem
openssl x509 -inform der -in certificate.cer -out certificate.pem
Look no further. This is all that it takes.
Related
I using following comment to generate p12 file,
openssl x509 -in developer_identity.cer -inform DER -out developer_identity.pem -outform PEM
openssl pkcs12 -nocerts -in mykey.p12 -out mykey.pem
openssl pkcs12 -export -inkey mykey.pem -in developer_identity.pem -out iphone_dev.p12
p12 file was generated successfully for development but it wont work for distribution...
I got error in the last step, asking password for mykey.pem file after give password it shows
"No certificate matches private key"
Enter pass phrase for mykey.pem:
No certificate matches private key
Can any one help me with this?
I change .cer file for distribution but forget get .p12 file from keychain for distribution...
after get .p12 file from keychain its working.
Following procedure does not work,openssl at 4th step raisesĀ "No certificate matches private key". It works without -certfile parameter so is it really required? I saw same procedure at several places on the net. So is it really appropriate or am i doing something wrong?
Also OS X procedure only says to export certificate but should not it be both cert and pkey.
OpenSSL
Here is how to create a PKCS12 format file using open ssl, you will need your developer private key (which can be exported from the keychain) and the CertificateSigningRequest??.certSigningRequest
Convert apn_developer_identity.cer (der format) to pem: openssl x509 -in apn_developer_identity.cer -inform DER -out apn_developer_identity.pem -outform PEM
Next, Convert p12 private key to pem (requires the input of a minimum 4 char password): openssl pkcs12 -nocerts -out private_dev_key.pem -in private_dev_key.p12
(Optional): If you want to remove password from the private key: openssl rsa -out private_key_noenc.pem -in private_key.pem
Take the certificate and the key (with or without password) and create a PKCS#12 format file: openssl pkcs12 -export -in apn_developer_identity.pem -inkey private_key_noenc.pem -certfile CertificateSigningRequest??.certSigningRequest -name "apn_developer_identity" -out apn_developer_identity.p12
http://code.google.com/p/apns-sharp/wiki/HowToCreatePKCS12Certificate
I have a certificate and private key that I want to put together, in code, into a PKCS12 file with the OpenSSL library (libcrypto). I know how to do this via the command-line tool:
$ openssl x509 -in developer_identity.cer -inform DER -out developer_identity.pem -outform PEM
$ openssl pkcs12 -nocerts -in mykey.p12 -out mykey.pem
$ openssl pkcs12 -export -inkey mykey.key -in developer_identity.pem -out iphone_dev.p12
But how can I do it in code?
If you are willing to use C code in your objective-C code and you have OpenSSL library for iOS then you can do it.
You can use PKCS12_create function to create a PKCS12 structure and write it to file using i2d_PKCS12_bio function.
PKCS12_create takes the certificate, private key, passphrase, chain of CA certificates and other parameter.
It is explained in a pretty well manner in documentation.
I hope this will help you to start coding.
I am having some trouble creating my .p12 certificate.
I have previously created an application with push notification, this works fine.
The application takes the users device id and saves it into a database.
I have added the code into my new application(with the amendments to work with the new application), and from the Log it seems to be working in the same way as my other app.
I have downloaded the relevant files that i need and then i know i needed to use ssl to be able to create my new and combined p12.
I cant for the life of me remember how i created the p.12 file.
I'm using moonapns.
I have used the following:
Step 1:
openssl x509 -in aps_developer_identity.cer -inform DER -out
aps_developer_identity.pem -outform PEM}
Where aps_developer_identity.cer is the file you download from the
portal
Step 2:
openssl pkcs12 -nocerts -out APSCertificates.pem -in
APSCertificates.p12
Where APSCertificates.p12 is a file you export from the Mac Keychain.
This is critical, you must import the certificate from the portal into
keychain. Find it in My Certificates, open the disclosure triangle and
highlight both the certificate and the private key, then right click
and export them. Give them a password and save them to a p12 file.
Step 3:
openssl pkcs12 -export -in aps_developer_identity.pem -out
aps_developer_identity.p12 -inkey APSCertificates.pem
I have added the certificate and it isn't working, i'm not receiving the notification to the device. Does any one know how else i am supposed to create the certificate??
openssl pkcs12 -export -in your_app.pem -inkey your_key.pem -out your_app_key.p12
refer this link
http://www.raywenderlich.com/forums/viewtopic.php?f=20&t=7468
Try this:
After downloading the .cer file (aps_development certificate is not the ios_development), manages the pem file with the following command:
openssl x509 -in "path_to_apple_cert.cer" -inform DER -out "path_to_an_output_Cert.pem" -outform PEM
Take your APSCertificates.p12 file and run the second command:
openssl pkcs12 -nocerts -in "path_to_exported_p12_from_apple_cer.p12" -out "path_to_an_output_Key.pem" -passin pass:your_p12_password -passout pass:your_new_p12_password
Now take the two pem files that you generated and run the following command:
openssl pkcs12 -export -inkey "path_to_an_output_Key.pem" -in "path_to_an_output_Cert.pem" -out "path_to_final_p12.p12" -passin pass:your_new_p12_password -passout pass:your_final_p12_password
This is your P12 for push notifications.
If you do not want to use the
$ cat command PushChatCert.pem PushChatKey.pem > ck.pem
contained in some instances, if you are on windows you can use:
type PushChatCert.pem PushChatKey.pem > ck.pem
So, I've been looking around a lot of how to create a p12 file for iPhone development, and I think I'm doing exactly as I am supposed to, but at the last step I get some errors that are more or less impossible to decipher.
I am running Windows 7, and these are the steps I do:
1) Create the private key. I do this by running this command (cmd is opened in Administrator mode):
openssl genrsa -out mykey.key 2048
2) Create the CSR file
openssl req -new -key mykey.key -out developer_identify.csr
3) Upload the csr file to the iPhone dev site. Here I do the following:
Click on menu Identifiers --> App IDs, select the correct App ID, click Edit, click Create Certificate, click Continue, select the CSR-file created above and proceed. Wait for the site to tell me its all OK, and then download the *aps_development.cer* file.
4) Create the PEM file:
openssl x509 -in aps_development.cer -inform DER -out
developer_identity.pem -outform PEM
5) And lastly, create the p12 file (and this is where it fails):
openssl pkcs12 -export -inkey mykey.key -in developer_identity.pem
-out iphone_dev.p12
The output after the last command:
Loading 'screen' into random state - done
Enter Export Password:
Verifying - Enter Export Password:
8216:error:060740A0:lib(6):func(116):reason(160):NA:0:
8216:error:23077073:lib(35):func(119):reason(115):NA:0:
8216:error:2306C067:lib(35):func(108):reason(103):NA:0:
8216:error:23073067:lib(35):func(115):reason(103):NA:0:
The p12 file is 0 bytes.
The PEM file looks alright, starts with
-----BEGIN CERTIFICATE-----
then a lot of jibberish and then ends with
-----END CERTIFICATE-----