Normally, I can export the certificate from the keychain that I download from the apple member center as a p12 file. However, it seems that Apple may have changed something?!
I require it as a p12 to import it into Amazon's SNS service. I have tried converting to PEM files but it's producing an error on the console.
The solution I have found has been posted here: https://stackoverflow.com/a/19502944/1198404
I copy and paste the answer: Turns out all you have to do is select "My Certificates" on the left panel and it enables the .p12 option.
You can't export to a .p12 because you don't have the private key installed on your machine (if you did, you would have an "expand" arrow next to the certificate like your iPhone Distribution certificate has.) You will need to get the private key from the machine that generated the certificate before you export.
If the accepted answer doesn't apply to you (e.g., because you created the CSR from the same Mac, and should have the private key on this Mac), here's one more possibility:
When you happen to have selected the wrong keychain (like if you accidentally had single clicked on the System keychain rather than Login keychain), you may run into the same problem. If the cert signing request came from that machine, it would associate the private key with the Login keychain (at least, that seems to be the default). So if you somehow then downloaded and imported the certificate into another keychain like the System keychain (or iCloud keychain, as some comments have mentioned), Keychain Access would not find the matching private key and would not put the cert under "My certificates", and so it cannot export a p12. It would be similar to the case of importing to the keychain on a different Mac.
Make sure the import is into the keychain associated with the private key. Often this would be the Login keychain.
You don't have the private key.
So the solution is you have to revoke the previous certificate and create a new APNS profile again.
You can export from Cert just like below.
Related
Right now I'm developing apps on a brand new macbook. I have downloaded the certSigninRequest
Now I have added both the ios distribution certificate and the private key which is (certSigninRequest)
But whenever I try to export my app it keeps saying missing private key. I have added to my Keychain already
For your case, the appropriate way to use the Distribution Certificate to be legal on other machine(s) is to export it from the current machine that uses the certificate.
To do this:
Navigate the the keychain access.
Go to the targeted certificate, expand it and select both the certificate and the private key:
Right click and select "Export 2 items...".
Obviously, you should fill the required info, such as the name of the exported file and a password.
The output of the above steps would be a .p12 file, which should be installed on the other machine(s). Note that revoking the original certificate will also makes this exported file to be invalid.
Do not request a new distribution certificate for the new machine, it will automatically revoke the previous one (which leads to make the first machine's certificate to be invalid). This thing is you would generate only one Distribution Certificate -by generating a "CertificateSigningRequest" file from the current machine- and then export it to be able to install it on the other machines, which means that all machines use the same distribution certificate.
Also, the following questions might be related to your case:
missing private key in the distribution certificate on keychain
How can I add private key to the distribution certificate?
I was trying to generate a new APNs certificate for my app on our build server but when I got to the "Export 2 items" step for the Certificate and Private Key, I found that I didn’t have two items. My certificate didn’t have any private key with it.
I can see in my keychain that the certificate belongs to the System keychain whilst the public and private key are in my CI-Jenkins keychain.
I repeated the process on my development machine and it worked fine there.
The only difference being that the build server is currently set to use our custom CI-Jenkins keychain as opposed to the default login keychain.
Anybody knows what is happening there and if it makes sense? Do I need to swap keychain before generating the certificate and then swap back on my build server?
The solution is to just drag the certificate from the System keychain to the login keychain. Then it will automatically associate the correct private key with it.
I have created certificate & provisioning profile related to my iphone app.
but when I run app it shows doesn't match any valid certificate/private key pair in the default keychain
& then I realize that it is not certificate which i have created.
what should I do now?
I have tried to delete previous certificate but it does also not working it again came back.
You should have the private key used to create the certificate present in your keychain app for you to be able to code sign your app. Start fresh, create a new certificate, this time make sure to store the private key as .p12 file.
You have not installed the .p12 file. Please go through the Apple docs for Certificate/Provisioning-profile creation process. That will help you to understand the whole process of signing an iOS app.
You can always verify certificate, which provision created with.
Provision profile have public key encoded in base64. You can compare hash sums or finger print with private key on your mac.
Here is example code how to export certificate from provision in ruby gist.gitgub
I downloaded a personal development certificate from the Apple Developer center and imported it to my keychain. Now, I want to export it as a .p12 file and encrypt it with a password. When I right click the certificate in the Keychain tab Certificates, and press the Export button, the .p12 option is not highlighted/available. Instead of the other 3 options (.cer, .pem, .p7b), which are available.
I tried a couple of things yet, like adding the Apple ID, which was used to create the certificate, to System preferences->Users and Groups->My account, but that didn't solve it. The certificate was created on a different Macbook than I'm using now.
Is it possible to export it as a .p12 in any way?
One point of interest: the Keychain Assistant window has a "Category" list in the right pane below the title bar (used to be in the lower part of the left panel). You can only export a p12 from the "(My) Certificates" view.
In the "All Items" view, you can see the certificates and the keys alongside, so that they're distinct items with no possibility of multiple selection; in the Certificates view, there's a tree structure with keys as child items of certificates, so that selecting a certificate implicitly selects the corresponding private key too.
The missing .p12 option means that you only have either the private key or the certificate on your machine. You need both of these to generate a .p12 (and incidentally, you'll need both the private key and certificate to sign your apps).
So, find out which of these you're missing, add the missing piece to Keychain, and the .p12 option will be available.
You can check in your keychain whether the private key is associated with the development certificate.
You can export the private key and certificate as .p12 only if it is there.
I was struggling with the same issue - I was able to sign macOS applications locally with my "Developer ID certificate", but wasn't able to export that certificate as a .p12 file (required by Azure Pipelines). What I found after maybe an hour of trying everything is that you need to store the Developer ID certificate in the "login" keychain (only there you can see also your private key and the "Export as .p12" option), not in the "System" keychain as I used to have for many years...
So although the Developer ID certificate stored in the System keychain works fine with Xcode, it doesn't allow you to export it as a .p12 file until you reimport it to the "login" keychain...
Just select Certificate from the left panel to export it as .p12
I got new computer. Firstly i copied iOS-project from old one. Then, i refreshed profiles in organizer, but all of them got status "valid signing identity not found"
So in Keychain Access all certificates are OK
Any ideas? How should i valid all this profiles? Thnx
There is no private keys in your certificate
Go to your old mac click on 3 right click on private key and export that key give a password for the key. copy that to private key to pendrive and import that to new Mac Keychain it asks for Password so give the password you set in old mac when Exporting. Restart the xcode it works fine
The certificates are okay, but the private keys required to sign the certificate are not here : you can see this because there is no disclose triangle near the certificate in the Keychain.app.
The keys that goes along the certificate should have a .p12 extension, but if you can't find it, your best bet is to revoke the certificates using the DevCenter, and create them back again and download them onto that new system.
If you have your private keys in your old mac you can create your .p12 file like this:
http://seventhsoulmountain.blogspot.com/2013/09/how-do-i-create-p12-file.html
But if you do not, you have to revoke your old certificate and create a new one.
This is such a pain sometimes. Recently I had to face this. The certificates may appear but you do not have the private keys with you. For a complete guide click below:
http://seventhsoulmountain.blogspot.com/2013/09/ios-code-sign-in-complete-walkthrough.html