I know how to view the expiration date of an .ipa file's provisioning profile (by renaming the ipa to zip, then unzip it and view the ExpirationDate key in the embedded.mobileprovisioning file).
But how can I view the expiration date of the certificate itself that was used to sign the ipa?
I found that you can use the codesign utility to "extract" certs:
codesign --display --extract-certificates /Applications/Example.app
This produces three files: codesign0, codesign1, codesign2. Not sure how to proceed after that.
Do the following:
unzip -q MyApp.ipa
$ codesign -d --extract-certificates Payload/*.app
$ openssl x509 -inform DER -in codesign0 -noout -nameopt -oneline -dates
After doing the above, you will get output with:
notAfter=Aug 4 16:08:00 2017 GMT
This is the certificate expiration date.
Related
I had export .cer file from keychain and using below command try to convert in .pem file but in resulted .pem file missing
-----BEGIN PRIVATE KEY-----
please any one can give another way to do that
command are like
openssl pkcs7 -text -in certfile.cer -print_certs -outform PEM -out certfile.pem
If anyone wants to use command which is recommended for creating pem file,
then here is solution on my gist.
openssl x509 -in aps_development.cer -inform der -out PushChatCert.pem
openssl pkcs12 -nocerts -in PushChatKey.p12 -out PushChatKey.pem
cat PushChatCert.pem PushChatKey.pem > ck.pem
First 3 commands will generate pem, but if you want to test then 4th and 5th command will be necessary.
If you got error that about unknown command 'telnet' then install telnet from brew.
Also, I have the same issue when I convert .p12 file into .pem file
when I open that .pem file in that missing ----BEGIN PRIVATE KEY-----
So after searching find out solution use this convert .p12 to .pem
openssl x509 -inform der -in certificate.cer -out certificate.pem
Look no further. This is all that it takes.
I have implement the push notification after create the ck.pem file on development end. But when i create on distribution end then we check the ck.pem file is correct or not.I have error show below:-
pksinghs-Mac-mini:SchoolPush pksingh$ php /Users/pksingh/Desktop/SchoolPush/simplepush.php
Warning: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:
error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown in /Users/pksingh/Desktop/SchoolPush/simplepush.php on line 21
Warning: stream_socket_client(): Failed to enable crypto in /Users/pksingh/Desktop/SchoolPush/simplepush.php on line 21
Warning: stream_socket_client(): unable to connect to ssl://gateway.push.apple.com:2195 (Unknown error) in /Users/pksingh/Desktop/SchoolPush/simplepush.php on line 21
Failed to connect: 0
pksinghs-Mac-mini:SchoolPush pksingh$
i have ck.pem file and pushnofication.php in same folder on desktop.
Can anybody help me.
Find the tutorial for how to create certificate and implement notification from below link
https://www.raywenderlich.com/123862/push-notifications-tutorial
you can use below command to create certificate
so there are something wrong in creating distribution certificate
Use below command to create certificate
openssl x509 -in aps_production.cer -inform der -out PushChatCert.pem
openssl pkcs12 -nocerts -out PushChatKey.pem -in Certificates_dist.p12
cat PushChatCert.pem PushChatKey.pem > ck_dist.pem
openssl s_client -connect gateway.push.apple.com:2195 -cert PushChatCert.pem -key PushChatKey.pem
where
aps_production.cer = downloaded from developer apple
Certificates_dist.p12 = Exported from your keychain after installing aps_production.cer
project config:
CODE_SIGN_IDENTITY = "iPhone Developer: Maarten Billemont (9V38BLC46F)";
PROVISIONING_PROFILE = "6A477BC7-051A-4FE4-B285-E6E658937C24";
profile:
profile.mobileprovision.plist is the plist contents of the mobile provisioning profile:
$ PlistBuddy -c 'Print :Name' profile.mobileprovision.plist
iOS Team Provisioning Profile: *
$ PlistBuddy -c 'Print :UUID' profile.mobileprovision.plist
6A477BC7-051A-4FE4-B285-E6E658937C24
$ PlistBuddy -c 'Print :DeveloperCertificates' profile.mobileprovision.plist | grep -a Maarten
QTZ8SQGT6H1907U0iPhone Developer: Maarten Billemont (9V38BLC46F)10U
$ PlistBuddy -c 'Print :DeveloperCertificates:1' profile.mobileprovision.plist | openssl md5
cc0e202ff8be100352e04a4e9cc8763a
$ openssl md5 < ios_development.cer
cc0e202ff8be100352e04a4e9cc8763a
$ openssl x509 -inform der -subject -noout < ios_development.cer
subject= /UID=QTZ8SQGT6H/CN=iPhone Developer: Maarten Billemont (9V38BLC46F)/OU=7PCL8KGYD3/O=Tristan Interactive Inc./C=CA
keychain:
Common Name: iPhone Developer: Maarten Billemont (9V38BLC46F)
This certificate is valid.
This certificate has an associated private key.
This certificate and its private key are in the default keychain.
build result:
Check dependencies
Code Sign error: No codesigning identities found: No codesigning identities (i.e. certificate and private key pairs) that match the provisioning profile specified in your build settings (“iOS Team Provisioning Profile: *”) were found.
CodeSign error: code signing is required for product type 'Application' in SDK 'iOS 7.1'
question
What could be causing this code sign error? What other information could I gather to diagnose the problem? Can I somehow find out the exact codesign command used to double-check it's using the exact identifiers from the project configuration? How does it determine what keychain to look at? Can I run it in debug/diagnostic/verbose mode?
It is pretty well explained in the error message that the specified provisioning profile's certificate and private key pair does not exist in your keychain. Double check the certificate you had selected for the prov profile. Download it and place it again in your keychain. Then, reboot your computer.
I am having some trouble creating my .p12 certificate.
I have previously created an application with push notification, this works fine.
The application takes the users device id and saves it into a database.
I have added the code into my new application(with the amendments to work with the new application), and from the Log it seems to be working in the same way as my other app.
I have downloaded the relevant files that i need and then i know i needed to use ssl to be able to create my new and combined p12.
I cant for the life of me remember how i created the p.12 file.
I'm using moonapns.
I have used the following:
Step 1:
openssl x509 -in aps_developer_identity.cer -inform DER -out
aps_developer_identity.pem -outform PEM}
Where aps_developer_identity.cer is the file you download from the
portal
Step 2:
openssl pkcs12 -nocerts -out APSCertificates.pem -in
APSCertificates.p12
Where APSCertificates.p12 is a file you export from the Mac Keychain.
This is critical, you must import the certificate from the portal into
keychain. Find it in My Certificates, open the disclosure triangle and
highlight both the certificate and the private key, then right click
and export them. Give them a password and save them to a p12 file.
Step 3:
openssl pkcs12 -export -in aps_developer_identity.pem -out
aps_developer_identity.p12 -inkey APSCertificates.pem
I have added the certificate and it isn't working, i'm not receiving the notification to the device. Does any one know how else i am supposed to create the certificate??
openssl pkcs12 -export -in your_app.pem -inkey your_key.pem -out your_app_key.p12
refer this link
http://www.raywenderlich.com/forums/viewtopic.php?f=20&t=7468
Try this:
After downloading the .cer file (aps_development certificate is not the ios_development), manages the pem file with the following command:
openssl x509 -in "path_to_apple_cert.cer" -inform DER -out "path_to_an_output_Cert.pem" -outform PEM
Take your APSCertificates.p12 file and run the second command:
openssl pkcs12 -nocerts -in "path_to_exported_p12_from_apple_cer.p12" -out "path_to_an_output_Key.pem" -passin pass:your_p12_password -passout pass:your_new_p12_password
Now take the two pem files that you generated and run the following command:
openssl pkcs12 -export -inkey "path_to_an_output_Key.pem" -in "path_to_an_output_Cert.pem" -out "path_to_final_p12.p12" -passin pass:your_new_p12_password -passout pass:your_final_p12_password
This is your P12 for push notifications.
If you do not want to use the
$ cat command PushChatCert.pem PushChatKey.pem > ck.pem
contained in some instances, if you are on windows you can use:
type PushChatCert.pem PushChatKey.pem > ck.pem
So, I've been looking around a lot of how to create a p12 file for iPhone development, and I think I'm doing exactly as I am supposed to, but at the last step I get some errors that are more or less impossible to decipher.
I am running Windows 7, and these are the steps I do:
1) Create the private key. I do this by running this command (cmd is opened in Administrator mode):
openssl genrsa -out mykey.key 2048
2) Create the CSR file
openssl req -new -key mykey.key -out developer_identify.csr
3) Upload the csr file to the iPhone dev site. Here I do the following:
Click on menu Identifiers --> App IDs, select the correct App ID, click Edit, click Create Certificate, click Continue, select the CSR-file created above and proceed. Wait for the site to tell me its all OK, and then download the *aps_development.cer* file.
4) Create the PEM file:
openssl x509 -in aps_development.cer -inform DER -out
developer_identity.pem -outform PEM
5) And lastly, create the p12 file (and this is where it fails):
openssl pkcs12 -export -inkey mykey.key -in developer_identity.pem
-out iphone_dev.p12
The output after the last command:
Loading 'screen' into random state - done
Enter Export Password:
Verifying - Enter Export Password:
8216:error:060740A0:lib(6):func(116):reason(160):NA:0:
8216:error:23077073:lib(35):func(119):reason(115):NA:0:
8216:error:2306C067:lib(35):func(108):reason(103):NA:0:
8216:error:23073067:lib(35):func(115):reason(103):NA:0:
The p12 file is 0 bytes.
The PEM file looks alright, starts with
-----BEGIN CERTIFICATE-----
then a lot of jibberish and then ends with
-----END CERTIFICATE-----