i am working push notifications .i downloaded all required certificate csr and ssl certificates all things and also converting .pem format my webservices team providing services in asp.net
so now we need to convert .pem format to .pfx format.how can we do this thing
i am using following commands and links. but it is not working for me
openssl pkcs12 -export -in Certificates.cer -inkey key.pem -out Certificates.pfx -certfile CA.cer
And i was follow these link also but i got error.
https://support.servertastic.com/convert-pem-to-pfx/
i have these files
Certificate.p12
key.p12
Certificates.pem
key.pem
ck.pem
Certificates.cer
What i will suggest is, Instead of converting the .PEM file to .PFX on your end , send the .PEM file to server from your side and ask the Web-Service developer to change the .PEM to .PFX on his end.
Related
I'm developing an ios (ipad) application with swift. I'm able to send an http request with a URLSession object and it works well. Now I would like to know how send an httpS request using my .crt and .key files. Does someone has a simple piece of code to do this ? Thanks in advance.
There is a good solution here but it works with p12
To convert to p12 I used this in the terminal)
openssl pkcs12 -export -in server.crt -inkey server.key -out cert.p12
https://github.com/MarcoEidinger/ClientCertificateSwiftDemo
I'm working on a project for a client. I have two .cer files (developer and distribution) both are loaded into Keystore Access on Mac OS X. However I'm unable to export as a .p12 file.
Alternatively I tried OpenSSL but still no luck...
openssl pkcs12 -export -in followMe_ios_development.cer -out followMe_ios_development.p12 -clcerts -nokeys
How can I export this .cer file as a .p12 so I can compile this app for iOS?
What works for me dealing with Push Notification certifies has been:
Open the certificate: open my_filename.cer and click "View Certificates" to see the certificate's name
Go to Applications -> Utilities -> Keychain Access
Ensure you have selected the "login" keychain, not the "system" one (thanks to #Matt Flettcher )
Go to "Certificates"
Look for the desired certificate
Ensure that you can expand it and see under it the original ".certSigningRequest" used to generate the certificate
At this moment you should be able to export it as ".p12"
try this:
given you have files as follow:
aps.cer, downloaded from Apple.
app.key, your own private key generated by openssl.
1st, convert the .cer file into .pem format:
openssl x509 -in aps.cer -inform DER -out aps.pem -outform PEM
2nd, use the .pem file and your private .key to generate .p12 file:
openssl pkcs12 -export -out aps.p12 -inkey app.key -in aps.pem
this should prompt to ask a password for this .p12 file.
CF:
aps_developer_identity.cer to p12 without having to export from Key Chain?
Creating a .p12 file
I had the same problem. .p12 Export was not available, only .p7b
I solved it very easily:
You donĀ“t select your certificate via the "certificates" directory on the lower left, but via the "My Certificates" directory.
Like this, an arrow should show up left of your certificate.
Click it, and you will see your private Key.
Right-Click on your private Key and select the "export Key" option. Now you can create a .p12 Certificate File, just as the doctor ordered.
Good Luck!
You should select both cert and private key. Then you will able to export certs with p12 extension.
In my case I'm trying to create a pfx/PKCS12 file and have tried the given commands and ran through couple of issues out of which one was : Unable to load certificate even I'm doing right. So then tried with the below one command instead of few others:
openssl pkcs12 -export -out requiredPFXfile.pfx -inkey yourPrivateKey.key -in yourcertificate.cer
Please find link for more details :-
https://www.ssl.com/how-to/create-a-pfx-p12-certificate-file-using-openssl/
I'm newbie to SSL & certs stuff & can't judge on other answers,appreciate everyone's work here!!
In my case the abilty to export in p12 format depends on certificate type. For "Apple Distribution" certificate type it is disabled, right like in your case.
When I created new certificate with type "IOS Distribution (App Store and Ad Hoc)" and processed it right like previous one, the p12 format became available in export dialog.
I'm trying to generate a new push notifications certificate on my IIS.
In the past I used to go to IIS mamager --> Server Certificates then select "Create Certificate Request", fill out the details and it generated a txt file which I uploaded to apple to generate and download the cer file.
My problem is that for some reason I can't upload this text file. I get this message:
Invalid CSR
Select a valid Certificate Signing Request
anyone encountered this issue?
Finally got it working.
This is what I did:
In IIS using Cygwin:
Generate private key:
openssl genrsa -out myAppName.key 2048
Generate csr file from private key:
openssl req -new -sha256 -key myAppNameCSR.key -out myAppName.csr
Upload csr file to apple to generate certificate
Download the certificate
Convert certificate to pem file
openssl x509 -in aps_development.cer -inform der -out myAppNameCert.pem
Generate pfx file
openssl pkcs12 -export -out myAppNameKey.pfx -inkey myAppNameCSR.key -in myAppNameCert.pem
To install the certificate in Windows Server:
Click Start > Run.
At the prompt, type in mmc, and then click OK to open the Microsoft Management Console.
Click File, and then click Add/Remove Snap-in.
Click Certificates from the list of available snap-ins, and then click Add..
Click Computer account.
Click Next, and then click Finish.
Click OK.
Right-click the Personal tree node and select All Tasks >Import.
Follow the Wizard, pointing it to the pfx file generated and provide the password used to secure it during creation.
Under the Personal tree node, double-click the Certificates folder.
Right-click the newly installed certificate.
Select All Tasks > Manage Private Keys.
In the Security tab, add the Network Service account providing Read access.
add the group IIS_IUSRS to the private key, and make sure it has full control.
Making a PEM File with Cygwin
So now you have these files:
The private key as a pfx file
The SSL certificate, aps_development.cer as pem file
Convert the pfx file to pem file:
openssl pkcs12 -nocerts -out myAppNameKey.pem -in myAppNameKey.pfx
Finally, combine the certificate and key into a single .pem file:
cat myAppNameCert.pem myAppNameKey.pem > ckDevelopment.pem
Hope this saves someone some time...
use Your keychain Access to genarate Certificate Signing Request
this tutorial might help you -
http://quickblox.com/developers/How_to_create_APNS_certificates
I bought an SSL certificate and all I've got is a .crt file.
I need to configure a https server on Delphi correctly. I use a module named sgcWebSockets 3.2. As I can see in manual, I need to set the following parameters:
1) SSLOptions/ CertFile/ KeyFile/ RootCertFile: you
need a certificate in .PEM format in order to encrypt
websocket communications.
2) SSLOptions/ Password: this is optional and only
needed if certificate has a password.
3) SSLOptions/ Port: port used on SSL connections.
But I have only a .crt file. I think I can convert it to .pem format using openssl. But what is this file will be? Is this a CertFile or RootCertFile? I haven't a KeyFile anyway. Will it works only with one cert file? I also haven't got any password. Should I leave this field empty? Please help.
You can convert your crt file to a pem file with OpenSSL as follows:
openssl x509 -inform der -in certificate.crt -out certificate.pem.
But that isn't the only file you need. You also need your private key which was used to generate your csr that you sent to the certificate authority and that also has to be in pem format. I'm not sure how you generated your csr, so I'd need more information to help you extract that or convert it to pem format.
I've followed the instructions as I believe to sign my mobileconfig file so, with a users permission, I can correctly set their APN. However, when using this mobileconfig file the screen from iOS still continues to show "Not Verified". However, under 'More Details' it gives some encouraging information -- the signing certification information all seems correct.
i.e., I'm close - any ideas?
I've tried the basics -
iOS mobileconfig walkarounds
and variations, including not using the certificate chain.
How to Sign and verify a .mobileconfig file in apple
Export certificate from the key chain
keychain access --> Certifcates(LeftPanel)--> right click the particular certificate and export the certificate.
convert .p12 file to PEM file (converting use this link www.sslshopper.com/ssl-converter.html)
Eg: InnovCertificates.p12 to InnovCertificates.pem
Download Apple Root Certificate and Apple Intermediate Certificate
(For my .mobileconfig file verification i am used Apple Inc. Root Certificate(Apple Root Certificate) and
Application Integration Certificate (Apple Intermediate Certificate) certificates.
you can also use these certificates or other certificates that have in the apple certificates www.apple.com/certificateauthority/)
The download file is combination of certificate and keys . (Read the certificate in Terminal commands are following link info.ssl.com/article.aspx?id=12149)
From this certificate file we need extract certificate.
extract certificate from Apple Root Certificate. Then extract certificate from Apple Intermediate Certificate
openssl x509 -inform DER -outform PEM -in AppleIncRootCertificate.cer -out root.crt.pem
openssl x509 -inform DER -outform PEM -in AppleAAICA.cer -out Intermediate.crt.pem
open the two extracted file in text editor,
copy and paste the Intermediate.crt.pem to beginning of the root.crt.pem and save .then your root.crt.pem file is combination of two certificate.
Sign and verify the .mobileconfig file
Once you have all the files listed above, you will run a command like the following:
openssl smime -sign -in Example.mobileconfig -out SignedVerifyExample.mobileconfig -signer InnovCertificates.pem -certfile root.crt.pem -outform der -nodetach
The result .mobileconfig file is signed and verified.
Use full links:
1.renren.io/questions/637349/ios-mobileconfig-walkarounds
2.developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/smime.1ssl.html#//apple_ref/doc/man/1/smime
3.www.apple.com/certificateauthority/
4.www.rootmanager.com/iphone-ota-configuration/iphone-ota-setup-with-signed-mobileconfig.html
5.info.ssl.com/article.aspx?id=12149
6.www.sslshopper.com/ssl-converter.html
7.wiki.cac.washington.edu/display/infra/Extracting+Certificate+and+Private+Key+Files+from+a+.pfx+File
8.stackoverflow.com/questions/9277426/ios-mobileconfig-walkarounds
9.stackoverflow.com/questions/991758/how-to-get-an-openssl-pem-file-from-key-and-crt-files
10.discussions.apple.com/thread/2363234