I using following comment to generate p12 file,
openssl x509 -in developer_identity.cer -inform DER -out developer_identity.pem -outform PEM
openssl pkcs12 -nocerts -in mykey.p12 -out mykey.pem
openssl pkcs12 -export -inkey mykey.pem -in developer_identity.pem -out iphone_dev.p12
p12 file was generated successfully for development but it wont work for distribution...
I got error in the last step, asking password for mykey.pem file after give password it shows
"No certificate matches private key"
Enter pass phrase for mykey.pem:
No certificate matches private key
Can any one help me with this?
I change .cer file for distribution but forget get .p12 file from keychain for distribution...
after get .p12 file from keychain its working.
Related
I had export .cer file from keychain and using below command try to convert in .pem file but in resulted .pem file missing
-----BEGIN PRIVATE KEY-----
please any one can give another way to do that
command are like
openssl pkcs7 -text -in certfile.cer -print_certs -outform PEM -out certfile.pem
If anyone wants to use command which is recommended for creating pem file,
then here is solution on my gist.
openssl x509 -in aps_development.cer -inform der -out PushChatCert.pem
openssl pkcs12 -nocerts -in PushChatKey.p12 -out PushChatKey.pem
cat PushChatCert.pem PushChatKey.pem > ck.pem
First 3 commands will generate pem, but if you want to test then 4th and 5th command will be necessary.
If you got error that about unknown command 'telnet' then install telnet from brew.
Also, I have the same issue when I convert .p12 file into .pem file
when I open that .pem file in that missing ----BEGIN PRIVATE KEY-----
So after searching find out solution use this convert .p12 to .pem
openssl x509 -inform der -in certificate.cer -out certificate.pem
Look no further. This is all that it takes.
With reference to this post: Devices being unregistered after push is sent, I have the same issue - my iPhone device is unregistered after sent a push notification. I tried the suggestion from that post, and I did this with my certificates:
-ios_development.cer - Development profile downloaded from Apple
-Certificates.p12 - APNS .p12 exported from the keychain
-openssl x509 -in ios_development.cer -inform DER -out apns.pem -outform PEM
-openssl pkcs12 -nocerts -in Certificates.p12 -out Certificates.pem
-openssl pkcs12 -export -inkey Certificates.pem -in apns.pem -out bluemixPush_dev.p12
and I got this error:
unable to load private key
97354:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.40.2/src/crypto/evp/evp_enc.c:330:
97354:error:0906A065:PEM routines:PEM_do_header:bad decrypt:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.40.2/src/crypto/pem/pem_lib.c:428:
Is anyone having the same issue?
#Jan As your private key is wrong, you are getting that error. Please follow the steps mentioned in the below link to create a .p12 certificate.
https://console.ng.bluemix.net/docs/services/mobilepush/t_push_provider_ios.html#create-push-credentials-apns-ssl
Following procedure does not work,openssl at 4th step raisesĀ "No certificate matches private key". It works without -certfile parameter so is it really required? I saw same procedure at several places on the net. So is it really appropriate or am i doing something wrong?
Also OS X procedure only says to export certificate but should not it be both cert and pkey.
OpenSSL
Here is how to create a PKCS12 format file using open ssl, you will need your developer private key (which can be exported from the keychain) and the CertificateSigningRequest??.certSigningRequest
Convert apn_developer_identity.cer (der format) to pem: openssl x509 -in apn_developer_identity.cer -inform DER -out apn_developer_identity.pem -outform PEM
Next, Convert p12 private key to pem (requires the input of a minimum 4 char password): openssl pkcs12 -nocerts -out private_dev_key.pem -in private_dev_key.p12
(Optional): If you want to remove password from the private key: openssl rsa -out private_key_noenc.pem -in private_key.pem
Take the certificate and the key (with or without password) and create a PKCS#12 format file: openssl pkcs12 -export -in apn_developer_identity.pem -inkey private_key_noenc.pem -certfile CertificateSigningRequest??.certSigningRequest -name "apn_developer_identity" -out apn_developer_identity.p12
http://code.google.com/p/apns-sharp/wiki/HowToCreatePKCS12Certificate
I have a certificate and private key that I want to put together, in code, into a PKCS12 file with the OpenSSL library (libcrypto). I know how to do this via the command-line tool:
$ openssl x509 -in developer_identity.cer -inform DER -out developer_identity.pem -outform PEM
$ openssl pkcs12 -nocerts -in mykey.p12 -out mykey.pem
$ openssl pkcs12 -export -inkey mykey.key -in developer_identity.pem -out iphone_dev.p12
But how can I do it in code?
If you are willing to use C code in your objective-C code and you have OpenSSL library for iOS then you can do it.
You can use PKCS12_create function to create a PKCS12 structure and write it to file using i2d_PKCS12_bio function.
PKCS12_create takes the certificate, private key, passphrase, chain of CA certificates and other parameter.
It is explained in a pretty well manner in documentation.
I hope this will help you to start coding.
I am having some trouble creating my .p12 certificate.
I have previously created an application with push notification, this works fine.
The application takes the users device id and saves it into a database.
I have added the code into my new application(with the amendments to work with the new application), and from the Log it seems to be working in the same way as my other app.
I have downloaded the relevant files that i need and then i know i needed to use ssl to be able to create my new and combined p12.
I cant for the life of me remember how i created the p.12 file.
I'm using moonapns.
I have used the following:
Step 1:
openssl x509 -in aps_developer_identity.cer -inform DER -out
aps_developer_identity.pem -outform PEM}
Where aps_developer_identity.cer is the file you download from the
portal
Step 2:
openssl pkcs12 -nocerts -out APSCertificates.pem -in
APSCertificates.p12
Where APSCertificates.p12 is a file you export from the Mac Keychain.
This is critical, you must import the certificate from the portal into
keychain. Find it in My Certificates, open the disclosure triangle and
highlight both the certificate and the private key, then right click
and export them. Give them a password and save them to a p12 file.
Step 3:
openssl pkcs12 -export -in aps_developer_identity.pem -out
aps_developer_identity.p12 -inkey APSCertificates.pem
I have added the certificate and it isn't working, i'm not receiving the notification to the device. Does any one know how else i am supposed to create the certificate??
openssl pkcs12 -export -in your_app.pem -inkey your_key.pem -out your_app_key.p12
refer this link
http://www.raywenderlich.com/forums/viewtopic.php?f=20&t=7468
Try this:
After downloading the .cer file (aps_development certificate is not the ios_development), manages the pem file with the following command:
openssl x509 -in "path_to_apple_cert.cer" -inform DER -out "path_to_an_output_Cert.pem" -outform PEM
Take your APSCertificates.p12 file and run the second command:
openssl pkcs12 -nocerts -in "path_to_exported_p12_from_apple_cer.p12" -out "path_to_an_output_Key.pem" -passin pass:your_p12_password -passout pass:your_new_p12_password
Now take the two pem files that you generated and run the following command:
openssl pkcs12 -export -inkey "path_to_an_output_Key.pem" -in "path_to_an_output_Cert.pem" -out "path_to_final_p12.p12" -passin pass:your_new_p12_password -passout pass:your_final_p12_password
This is your P12 for push notifications.
If you do not want to use the
$ cat command PushChatCert.pem PushChatKey.pem > ck.pem
contained in some instances, if you are on windows you can use:
type PushChatCert.pem PushChatKey.pem > ck.pem