Cannot find app private key for iOS app - ios

I need a private key (.p12 file) for my iOS app in order to enable push notifications through Amazon SNS. I can't find a private key for my app in Keychain Access. I only see Developer and Distribution Keys for myself and my company. I could have deleted it as I deleted two things related to the app from Keychain Access in order to use updated versions. I may have deleted the wrong thing. Can I regenerate the keys in Xcode? If not, how do I create a new app to get new keys?
UPDATE: I found this tutorial that describes in detail what I am trying to do.
http://www.adventuresofanentrepreneur.net/creating-a-mobile-appsgames-company/setting-up-aws-sns-to-send-push-notifications-to-ios-devices
Steps 4.1-4.5 are the steps I cannot perform. This is because there is no key for my app in my keychain only certificates. I tried creating a wholly new app and following the process again and I have no key for that app either.
UPDATE 2: I found the following instructions that make me think there is something wrong with my Mac as it doesn't generate a key when I install the APNs certificate I download from Developer Center.
http://kklolk.blogspot.co.uk/2013/11/amazon-sns-with-apple-apn.html
If I download the APN certificate and install it on my keychain, I see the certificate on the keychain but not the key. I have keys on my keychain for non-APN developer and distribution but these fail the openssl test against the Apple push servers listed in the tutorial
CONNECTED(00000003)
depth=1 C = US, O = "Entrust, Inc.", OU = www.entrust.net/rpa is incorporated by reference, OU = "(c) 2009 Entrust, Inc.", CN = Entrust Certification Authority - L1C
verify error:num=20:unable to get local issuer certificate
verify return:0
140735234900832:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:1256:SSL alert number 46
140735234900832:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---
I can use my non-APN .p12 files in the Amazon SNS New App page on AWS but they give the error - The credentials you entered are invalid. Please enter valid credentials and try again. I also tried combing the APNs certificate generated for the app with the keys from the developer and distributor keys, which gave the error - There was a transient failure registering the app with Amazon SNS. Please try again (Request ID: Unknown).
The problem certainly looks to be that my computer is not correctly generating keys from the certificates for APNs Development and Production.

I found an answer here:
Can't find private key for Apple Development Push Services
For me, I already had the certificate, but I didn't know how to find its private key. If you click "My Certificates" under categories, then a dropdown arrow appears next to your certificate. Click this and you should get your private key.

I had the same issue myself. What I found was that you need to make sure that the certificate that you are using to generate the .p12 file from in keychain access is one you created using your CertificateSigningRequest file.
I went back to the Apple Developer Member Center and created another Certificate for development purposes using my CertificateSigningRequest file. When I downloaded this and opened it up in keychain access the private key was now included. Exporting that private key pair as .p12 file allowed me to successfully register the application in AWS SNS. Note if using a Development certificate to export your private key you will need to create your application in SNS using the APNS Sandbox selection. If you are using a Production Certificate you need to use the normal APNS selection.

I have a tentative answer for this. When creating a certificate in Keychain Access, first select an iOS Developer or iOS Distribution, then go to the menu Keychain Access > Certificate Assistant > Request a Certificate from Certificate Autority With "iOS D...".
The above is during step 1 of http://docs.aws.amazon.com/sns/latest/dg/mobile-push-apns.html#verify-cert-private-key-apns
Before I was simply going straight to the menu where I noticed it then said Request a Certificate from Certificate Authority With "". Selecting an iOS developer key first results in their being a key associated with the certificate cer when imported. This let me generate the p12, which AWS accepted. However, messaging to iOS devices still isn't working so it isn't a full success yet.

Related

What is a right way to generate the Certificates while using FCM

I am amazed to see that When ever I am creating Certificates "Apple Push Notification service SSL (Production & Development)" it is not shown in Profiles
Things are very much changed on Developer portal And after bashing my head many times (deleting and creating different certificates) its is not working for me
What I am doing:
Attempt 1: When I create certificates from certificate menu it did appear on Profile menu (from where we create provisioning profile & selects certificates) but when I create APNs SSL certificate it never appears in provisioning profile menu
Attempt 2: I created separate SSL certificate and created p12 file from them and uploaded them into FCM server and then i created normal certificate and generated Provisioning profile and installing them in xcode it gives me error of not including something for Notification.
So after trying all these I am now not able to run app on device and not able to work around for FCM notification
Question: What steps are needed to create certificate while working on FCM?
"NOTE: Since all interface and working procedures are updated on developer portal is updated so all help on SO and other places are out date. Please let me know what should I do and how it is done in precise manner it will be great help. THANKS"
I suggest to use for push notification, .p8 key because this same key will work for both sandbox And production mode.
Use this solution to generate .p8 Key And upload key on firebase read this articles

pushsharp push notification to iOS error with the certificate

Hi all I am new to iOS development, I have put in the deep end to get push notifications. I found pushsharp and was using this tutorial
Tutorial I a using
I have used a windows application instead of web application and add the latest pushsharp. The code build and runs but i get the following exception
The error happens at the following location
I have revoked my certificate and recreated it several times and also i have tried exporting the certificate and the key. Both give me the same error.
When I am creating the certificate, I created one for iOS Development in Apple portal.
This is what I have tried so far
Based on comment from Jack Hua, i have tried the following
Logged into apple portal and deleted
App ID's
Certificates
Provisioning profiles
Xamarin visual studio has no provisioning profile as expected
Starting with a Clean slate
Key Chain access
Request certificate from certification authority (Code Signing)
save the cert signing request
Registered a new app with bundle identifier and push services enabled
Add new provisioning profile
create certificate
Use the certificate signing request created (Step 3)
download certificate
Double click on the certificate to install into keychain
(Keychain has new entry now)
Right click an export a p12
(If I do not do this I wasn't able to see the certificate in the provisioning profiles section)
Select the certificate and create the provisioning profile
Re-open Xamarin studio and the provisioning profile is shown in the project properties
Now create the APNs develpment certificate
Key Chain access
Request certificate from certification authority (APNs)
Save the cert signing request
Select the app id created (Step 4)
Edit App ID
Under push notification select create certificate
Select the certification signing request(Step 14)
Download the certificate
Double click on the certificate to install it
(Now two entries show in Keychain certificates, one for code signing and another for APNs)
Select the APNs certificate in keychain access and export .p12 file
Include this in my sample project
(Create as per the youtube video with appropriate device token)
I still get the same Apns connection error.
What am i missing?
Based on Jack Hua comment I have further made this attempt.
I have set the validation flag to false, I still get the connection error however the inner exception is 'Invalid Device Token'
Made a bit of progress after some research, the device token i had has spaces removing the spaces i do not get any errors however the notification is never shown on my iPad. I am using Sandbox and iOS development certificates, provisioning profiles. Wondering is this a know issue in development and it will work in production. Any help is greatly appreciated guys!!!
That error message is generated when creating an ApnsConfiguration object, see source code.
if (!Regex.IsMatch (commonName, "Apple.*?Push Services")
&& !commonName.Contains ("Website Push ID:"))
throw new ArgumentOutOfRangeException ("Your Certificate is not a valid certificate for connecting to Apple's APNS servers");
You are not creating a push certification... The tutorial you are following is creating a distribution provisioning profile that allows you to submit your app to the Apple App Store (not notification).
You can follow this document to generate a notification certification and config your app to enable the ability of push notofication.
Refer: send-push-notification-to-ios-pushsharp-certificate

iOS APNS through Amazon SNS and Unity - Cannot create a development iOS certificate

I'm trying to set up push notifications through Amazon SNS in Unity.
I have the Android side of things working perfectly but we're having issues with iOS. I am able to get the device to register to a Apple Production SNS application and subscribe to a topic but as soon as I attempt to send a notification the endpoints "Enabled" status becomes "False".
I read that this could be due to the certificate being set as Production although we followed the instructions on creating a Development certificate, when I try uploading the .p12 file to create an Apple Development platform in SNS it always gives an error saying:
"You provided a certificate of type iOS Production"
We have tried multiple times to download the development certificate and tried rebuilding the app with a new bundle ID and new app on the Apple development site without touching the production button but it always ends up being a production certificate after exporting the .p12 from KeyChain...
Also, every .p12 we have created had the exact private key and certificate as the last.
What could be going wrong?
This Worked for Me:
1 - Download the Certificate from Apple (APNS Certificate for Development or Production)
2 - Double click on your Certificate to open it in your KeyChain
3 - Select it, Right-Click on it and press EXPORT "Cer" *** DO NOT SELECT IT TOGETHER WITH YOUR PRIVATE KEY, Select it By ITSELF!
4 - Name your new p12 and Upload this to SNS in the Setup Stage
DONE, this will work!
---> Its weird that Amazon's SNS requires a NON-Signed .p12 instead of the Combined .p12 (including private key) like other platforms, but... Go Discuss with Amazon...
This worked for me;
Follow the steps in this guide;
http://docs.aws.amazon.com/sns/latest/dg/mobile-push-apns.html
Now in SNS when creating DO NOT upload the p12.
Open up the files generated in step 2 & 3 in a text editor.
Copy the certificate from the .pem generated in step 2 into the certificate text area.
Copy the private key from the .pem generated in step 3 to the private key text area.
It should create. My guess is that some old certificate was being tagged along in my .p12 file.

I've lost the certification to generate a .p12, How I can generate a new one?

Currently, I have one app publishes in the appStore and I don't know exactly why the push notifications are not working. Something is wrong with the .p12 file in my server because when my server try to generate a push and send it to Apple Environment, I can see next error in my log:
02-27 11:42:11,868 [IOSPushNotificationSender] ERROR javapns.notification.PushNotificationManager - Delivery error: javapns.communication.exceptions.InvalidCertificateChainException: Invalid certificate chain (Received fatal alert: certificate_unknown)!  Verify that the keystore you provided was produced according to specs...
2013-02-27 11:42:11,874 [IOSPushNotificationSender] ERROR camMan.server.mobile.ApplePNSSender - javapns.communication.exceptions.InvalidCertificateChainException: Invalid certificate chain (Received fatal alert: certificate_unknown)!  Verify that the keystore you provided was produced according to specs...
Ok, I've tried to generate a new .p12 file but I don't remember exactly which one was the original certificate (.cer).
I've tried to download the (.cer) from the provisioning profile but when I open it with keychain access, this certificate hasn't got any private key.
So, I am lost, I don't know what can I do...Can I generate a new .p12 file without to have to modify any certification or whatever in my app? I don't want to upload a new version of my app in appStore...only I need to know how generate or download or whatever to set a new and valid .p12 file and send again push notifications.
Also I've checked all the settings in provisioning portal and everything is Enabled,Active like others apps that I have...so I think the only problem is the .p12
Also I still have the same key/paswoord of the p.12...only I've lost the CSR (.cer).
It sounds like the private key is missing on your machine - either it was deleted, or it belongs to another Mac.
In either case, you can simply revoke the existing vert and create a new one by uploading a new CSR (created by the Keychain Access app on your Mac).
Without a private key, your certificates and provisioning files are worthless. Revoke them all, delete them all, and regenerate new certificates and provisions after carefully re-reading Apple's documentation on the topic. You must modify the Build settings in your Xcode projects to use the new ones if it doesn't do this automatically. This won't affect apps already approved and in the App Store.
Since you had push notifications working during development phase are probably familiar with the procedure of installing certificate to your server.
You can create and install a new certificate whenever you want if you lost your old files.
Two things you have to keep your eye on:
development phase:
you are using Development Push SSL Certificate
your target server is: gateway.sandbox.push.apple.com
production phase:
you are using Production Push SSL Certificate
your target server is: gateway.push.apple.com

Certificate stuff in iOS MDM operation

Now I'm trying to make an MDM server which manages iOS devices using APNS push notifications.
So far I went over number of Apple official documents about configuration profile, mdm protocol, APNS push and etc.
But some of the steps necessary for the MDM full flow, I can't figure out clearly.
APNS certificate which MDM server has to use for push notification
Who(Vendor? or customer?) creates CSR and who(Vendor? or customer?) generates APNS certificate by uploading the CSR in Apple Push Portal?
(What the Apple document says and what Google says are not matching each other..)
Identity certificate which has to be contained in Configuration Profile
How to create the identity certificate and in where?
How to include it in the Configuration Profile using iPCU?
Searching on web I could see pretty lots of information about these but not all of them says consistent answer, so I got to feel more dizzy. :-(
Any piece of help/information will be appreciated.
Thanks.. :-)
I have some basic points in order to generate a MDM certificate.
MDM certificate is use to manage the enrolled device.
The policies will work over the air(APNS).
The Server-Clint communication will happened through APNS.
I am going to answer your questions below.
Q: APNS certificate which MDM server has to use for push notification:
A: In order to manage the iOS device you need to install the profile in server.
First of all you need to create the CSR in your server using IIS manager.
After generate the CSR file you need to sign by any third party vendor,then you will get the .SCSR file. Hear the vendor will sign your CSR using a private key.
Once have the .SCSR you need to upload the file to apple push cert site.
After upload the SCSR file you will get the .PEM file.
Once have the .PEM file need to complete the request using IIS manager.
Your certificate will visible in the certificate list.Right click on the certificate and export with password.
Hear the customer means whoever creating the CSR.Vendor means the certificate whoever signing.
Feel free to ask the questions if you are not clear.
I have prepared some basic steps for you to configure Push notification as follows :
Go to Developer.apple.com
Check with Member centre
Navigate to iOS provisioning portal
check if app id exists
Create new app id
select created app (configure)
Enable push notification and in app
CSR from apple MAC user with keychain app(give account creds)
Enter CSR and generate
Download production certificate
Give this to MAC user again to generate p12 file
Provisioning go to distribution
Create New Distribution profile
Profile name is “APP name (space) Dist”
Hope this will help you.. Please feel free to ask if anything is not clear to you.
You can't much info regarding this. But I will tell you, use iPCU for creating config profiles. Use a server for sending these config profiles as a response.
Use a separate server for CA and issuing the authority.
You(Vendor/Customer) have to create a APNS certificate and you have to use it in the server, for sending push notification.
Let me know whether you have found a breakthrough or still you struck somewhere

Resources