I was trying to generate a new APNs certificate for my app on our build server but when I got to the "Export 2 items" step for the Certificate and Private Key, I found that I didn’t have two items. My certificate didn’t have any private key with it.
I can see in my keychain that the certificate belongs to the System keychain whilst the public and private key are in my CI-Jenkins keychain.
I repeated the process on my development machine and it worked fine there.
The only difference being that the build server is currently set to use our custom CI-Jenkins keychain as opposed to the default login keychain.
Anybody knows what is happening there and if it makes sense? Do I need to swap keychain before generating the certificate and then swap back on my build server?
The solution is to just drag the certificate from the System keychain to the login keychain. Then it will automatically associate the correct private key with it.
Related
Right now I'm developing apps on a brand new macbook. I have downloaded the certSigninRequest
Now I have added both the ios distribution certificate and the private key which is (certSigninRequest)
But whenever I try to export my app it keeps saying missing private key. I have added to my Keychain already
For your case, the appropriate way to use the Distribution Certificate to be legal on other machine(s) is to export it from the current machine that uses the certificate.
To do this:
Navigate the the keychain access.
Go to the targeted certificate, expand it and select both the certificate and the private key:
Right click and select "Export 2 items...".
Obviously, you should fill the required info, such as the name of the exported file and a password.
The output of the above steps would be a .p12 file, which should be installed on the other machine(s). Note that revoking the original certificate will also makes this exported file to be invalid.
Do not request a new distribution certificate for the new machine, it will automatically revoke the previous one (which leads to make the first machine's certificate to be invalid). This thing is you would generate only one Distribution Certificate -by generating a "CertificateSigningRequest" file from the current machine- and then export it to be able to install it on the other machines, which means that all machines use the same distribution certificate.
Also, the following questions might be related to your case:
missing private key in the distribution certificate on keychain
How can I add private key to the distribution certificate?
Normally, I can export the certificate from the keychain that I download from the apple member center as a p12 file. However, it seems that Apple may have changed something?!
I require it as a p12 to import it into Amazon's SNS service. I have tried converting to PEM files but it's producing an error on the console.
The solution I have found has been posted here: https://stackoverflow.com/a/19502944/1198404
I copy and paste the answer: Turns out all you have to do is select "My Certificates" on the left panel and it enables the .p12 option.
You can't export to a .p12 because you don't have the private key installed on your machine (if you did, you would have an "expand" arrow next to the certificate like your iPhone Distribution certificate has.) You will need to get the private key from the machine that generated the certificate before you export.
If the accepted answer doesn't apply to you (e.g., because you created the CSR from the same Mac, and should have the private key on this Mac), here's one more possibility:
When you happen to have selected the wrong keychain (like if you accidentally had single clicked on the System keychain rather than Login keychain), you may run into the same problem. If the cert signing request came from that machine, it would associate the private key with the Login keychain (at least, that seems to be the default). So if you somehow then downloaded and imported the certificate into another keychain like the System keychain (or iCloud keychain, as some comments have mentioned), Keychain Access would not find the matching private key and would not put the cert under "My certificates", and so it cannot export a p12. It would be similar to the case of importing to the keychain on a different Mac.
Make sure the import is into the keychain associated with the private key. Often this would be the Login keychain.
You don't have the private key.
So the solution is you have to revoke the previous certificate and create a new APNS profile again.
You can export from Cert just like below.
I need a private key (.p12 file) for my iOS app in order to enable push notifications through Amazon SNS. I can't find a private key for my app in Keychain Access. I only see Developer and Distribution Keys for myself and my company. I could have deleted it as I deleted two things related to the app from Keychain Access in order to use updated versions. I may have deleted the wrong thing. Can I regenerate the keys in Xcode? If not, how do I create a new app to get new keys?
UPDATE: I found this tutorial that describes in detail what I am trying to do.
http://www.adventuresofanentrepreneur.net/creating-a-mobile-appsgames-company/setting-up-aws-sns-to-send-push-notifications-to-ios-devices
Steps 4.1-4.5 are the steps I cannot perform. This is because there is no key for my app in my keychain only certificates. I tried creating a wholly new app and following the process again and I have no key for that app either.
UPDATE 2: I found the following instructions that make me think there is something wrong with my Mac as it doesn't generate a key when I install the APNs certificate I download from Developer Center.
http://kklolk.blogspot.co.uk/2013/11/amazon-sns-with-apple-apn.html
If I download the APN certificate and install it on my keychain, I see the certificate on the keychain but not the key. I have keys on my keychain for non-APN developer and distribution but these fail the openssl test against the Apple push servers listed in the tutorial
CONNECTED(00000003)
depth=1 C = US, O = "Entrust, Inc.", OU = www.entrust.net/rpa is incorporated by reference, OU = "(c) 2009 Entrust, Inc.", CN = Entrust Certification Authority - L1C
verify error:num=20:unable to get local issuer certificate
verify return:0
140735234900832:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:1256:SSL alert number 46
140735234900832:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---
I can use my non-APN .p12 files in the Amazon SNS New App page on AWS but they give the error - The credentials you entered are invalid. Please enter valid credentials and try again. I also tried combing the APNs certificate generated for the app with the keys from the developer and distributor keys, which gave the error - There was a transient failure registering the app with Amazon SNS. Please try again (Request ID: Unknown).
The problem certainly looks to be that my computer is not correctly generating keys from the certificates for APNs Development and Production.
I found an answer here:
Can't find private key for Apple Development Push Services
For me, I already had the certificate, but I didn't know how to find its private key. If you click "My Certificates" under categories, then a dropdown arrow appears next to your certificate. Click this and you should get your private key.
I had the same issue myself. What I found was that you need to make sure that the certificate that you are using to generate the .p12 file from in keychain access is one you created using your CertificateSigningRequest file.
I went back to the Apple Developer Member Center and created another Certificate for development purposes using my CertificateSigningRequest file. When I downloaded this and opened it up in keychain access the private key was now included. Exporting that private key pair as .p12 file allowed me to successfully register the application in AWS SNS. Note if using a Development certificate to export your private key you will need to create your application in SNS using the APNS Sandbox selection. If you are using a Production Certificate you need to use the normal APNS selection.
I have a tentative answer for this. When creating a certificate in Keychain Access, first select an iOS Developer or iOS Distribution, then go to the menu Keychain Access > Certificate Assistant > Request a Certificate from Certificate Autority With "iOS D...".
The above is during step 1 of http://docs.aws.amazon.com/sns/latest/dg/mobile-push-apns.html#verify-cert-private-key-apns
Before I was simply going straight to the menu where I noticed it then said Request a Certificate from Certificate Authority With "". Selecting an iOS developer key first results in their being a key associated with the certificate cer when imported. This let me generate the p12, which AWS accepted. However, messaging to iOS devices still isn't working so it isn't a full success yet.
I have created certificate & provisioning profile related to my iphone app.
but when I run app it shows doesn't match any valid certificate/private key pair in the default keychain
& then I realize that it is not certificate which i have created.
what should I do now?
I have tried to delete previous certificate but it does also not working it again came back.
You should have the private key used to create the certificate present in your keychain app for you to be able to code sign your app. Start fresh, create a new certificate, this time make sure to store the private key as .p12 file.
You have not installed the .p12 file. Please go through the Apple docs for Certificate/Provisioning-profile creation process. That will help you to understand the whole process of signing an iOS app.
You can always verify certificate, which provision created with.
Provision profile have public key encoded in base64. You can compare hash sums or finger print with private key on your mac.
Here is example code how to export certificate from provision in ruby gist.gitgub
the problem is, that I want to create a new private/public key pair for a new App.
So i followed the documentation (http://developer.apple.com/ios/manage/certificates/team/howto.action) and it said to first created a new key pair.
Ok, than i got a certificate signing request file, which i had to upload to the developer homepage (Certificate > Developement).
There I found out, that (and because) we allready have an app in the appstore, there is allready a certificate. So i downloaded the existing one and doubleclicked it in the finder. The keychain opended, but didn't append the certificate to the newly created private key (as i expacted).
What did I do wrong? What do i have to do, to activate this key pair?
Can someone help me in this issue?
Thanks
Br
Nic
Every certificate will have a public and private key. And also if you are talking about the developer certificate, every developer account can have only one certificate.
What you get to download from the apple website is only your public key. You need the private key to sign the apps. Your private key will be in the machine where you generated the CSR.
Check the "Saving your Private Key and Transferring to other Systems" section in http://developer.apple.com/ios/manage/certificates/team/howto.action to find out how to export your private key from that machine and use it in a different machine.
If you cannt get the machine where you generated the CSR, then you can revoke the existing one and generate a new one. But remember that this will make the existing profiles generated from this certificate invalid.
I was having the same problem and I had to delete all my provisioning profiles and existing certificates and then I followed the step-by-step instructions from this article:
Creating Your Signing Certificates by Apple and it had me up and running in 5 minutes after hours of banging my head!