I downloaded a personal development certificate from the Apple Developer center and imported it to my keychain. Now, I want to export it as a .p12 file and encrypt it with a password. When I right click the certificate in the Keychain tab Certificates, and press the Export button, the .p12 option is not highlighted/available. Instead of the other 3 options (.cer, .pem, .p7b), which are available.
I tried a couple of things yet, like adding the Apple ID, which was used to create the certificate, to System preferences->Users and Groups->My account, but that didn't solve it. The certificate was created on a different Macbook than I'm using now.
Is it possible to export it as a .p12 in any way?
One point of interest: the Keychain Assistant window has a "Category" list in the right pane below the title bar (used to be in the lower part of the left panel). You can only export a p12 from the "(My) Certificates" view.
In the "All Items" view, you can see the certificates and the keys alongside, so that they're distinct items with no possibility of multiple selection; in the Certificates view, there's a tree structure with keys as child items of certificates, so that selecting a certificate implicitly selects the corresponding private key too.
The missing .p12 option means that you only have either the private key or the certificate on your machine. You need both of these to generate a .p12 (and incidentally, you'll need both the private key and certificate to sign your apps).
So, find out which of these you're missing, add the missing piece to Keychain, and the .p12 option will be available.
You can check in your keychain whether the private key is associated with the development certificate.
You can export the private key and certificate as .p12 only if it is there.
I was struggling with the same issue - I was able to sign macOS applications locally with my "Developer ID certificate", but wasn't able to export that certificate as a .p12 file (required by Azure Pipelines). What I found after maybe an hour of trying everything is that you need to store the Developer ID certificate in the "login" keychain (only there you can see also your private key and the "Export as .p12" option), not in the "System" keychain as I used to have for many years...
So although the Developer ID certificate stored in the System keychain works fine with Xcode, it doesn't allow you to export it as a .p12 file until you reimport it to the "login" keychain...
Just select Certificate from the left panel to export it as .p12
Related
Right now I'm developing apps on a brand new macbook. I have downloaded the certSigninRequest
Now I have added both the ios distribution certificate and the private key which is (certSigninRequest)
But whenever I try to export my app it keeps saying missing private key. I have added to my Keychain already
For your case, the appropriate way to use the Distribution Certificate to be legal on other machine(s) is to export it from the current machine that uses the certificate.
To do this:
Navigate the the keychain access.
Go to the targeted certificate, expand it and select both the certificate and the private key:
Right click and select "Export 2 items...".
Obviously, you should fill the required info, such as the name of the exported file and a password.
The output of the above steps would be a .p12 file, which should be installed on the other machine(s). Note that revoking the original certificate will also makes this exported file to be invalid.
Do not request a new distribution certificate for the new machine, it will automatically revoke the previous one (which leads to make the first machine's certificate to be invalid). This thing is you would generate only one Distribution Certificate -by generating a "CertificateSigningRequest" file from the current machine- and then export it to be able to install it on the other machines, which means that all machines use the same distribution certificate.
Also, the following questions might be related to your case:
missing private key in the distribution certificate on keychain
How can I add private key to the distribution certificate?
I need a private key p12 file in order to generate a PEM file for push notifications.
I found in many places the steps to create the file, but I always have the same problem on the final step:
Open Keychain Access on my Mac. Within the Keychain Access drop down menu, select Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority. This generates the CSR.
Login into my developer account. Create an unique Apple ID for my application, with push notifications selected (Certificates, Identifiers and Profiles > iOS Apps > Certificates > App IDs).
Open settings for the newly created appliction's id. Go to "Push notifications" and create an "Production SSL certificate". Upload the CSR when it ask for it.
When it finishes download the .cer file.
Double click on the certificate file to install it on the "Keychain Access" app.
Select the private key item under the installed certificate and right click to export it into a p12 file.
Here it´s an screen shot of what i see.
But I can not find any private key item under the certificate item.
Please I really need someone to help me.
Thanks for your patience.
I just got a similar problem looking for apns certificate so here is the solution if someone else need it : APNs certificate missing private key when generating with custom keychain
Just drag and drop the certificate currently in the "System" keychain into the "login" keychain and you will get your certificate with its associated key in the "login" keychain.
Normally, I can export the certificate from the keychain that I download from the apple member center as a p12 file. However, it seems that Apple may have changed something?!
I require it as a p12 to import it into Amazon's SNS service. I have tried converting to PEM files but it's producing an error on the console.
The solution I have found has been posted here: https://stackoverflow.com/a/19502944/1198404
I copy and paste the answer: Turns out all you have to do is select "My Certificates" on the left panel and it enables the .p12 option.
You can't export to a .p12 because you don't have the private key installed on your machine (if you did, you would have an "expand" arrow next to the certificate like your iPhone Distribution certificate has.) You will need to get the private key from the machine that generated the certificate before you export.
If the accepted answer doesn't apply to you (e.g., because you created the CSR from the same Mac, and should have the private key on this Mac), here's one more possibility:
When you happen to have selected the wrong keychain (like if you accidentally had single clicked on the System keychain rather than Login keychain), you may run into the same problem. If the cert signing request came from that machine, it would associate the private key with the Login keychain (at least, that seems to be the default). So if you somehow then downloaded and imported the certificate into another keychain like the System keychain (or iCloud keychain, as some comments have mentioned), Keychain Access would not find the matching private key and would not put the cert under "My certificates", and so it cannot export a p12. It would be similar to the case of importing to the keychain on a different Mac.
Make sure the import is into the keychain associated with the private key. Often this would be the Login keychain.
You don't have the private key.
So the solution is you have to revoke the previous certificate and create a new APNS profile again.
You can export from Cert just like below.
I'm try to use apns service on ios,
but I can't export .p12 on my mac
(I can't open to see the key on left side of certificate)
I have no idea how to fix that?
http://i.stack.imgur.com/p1Q2F.png
I found that when I double-click the Certificates,
they always in Certificates not My Certificates,
so I cant found the private key,
anyone know how to fix it?
In the side bar select "My Certificates" (fourth item from the top), then select the certificate, (not just the key).
You need to ensure that both of your public and private keys correspond to the identity that belongs to the certificate. I suggest deleting the certificates, and requesting new ones - this is what worked for me.
You will see a small dropdown arrow next the certificate you are trying to export when there are keys associated with it.
Make sure that your default keychain is set to the keychain where the certificate is showing up without the .p12 export option. When you generate a .CSR to generate the cert the default keychain is used.
Set a keychain to default by right clicking it in the Keychain Access app and selecting 'Make Keychain "YouKeychainName" Default'
i am trying to Converting a developer certificate into a P12 file as a describbed here using Virtual Machine mac....but when converting
Personal Information Exchange (.p12) file format is disabled
what should i do
The .p12 option is disabled because, you only selected either the private key or the certificate on your machine. You need both of them for creating a .p12 file.
Steps to create .p12 file:
Run the Keychain Access Application on your Mac.
Select the login keychain from the top-left panel
Select “My Certificates” from the “Category” menu in the left panel
Find your iPhone Developer/Distribution Certificate. DO NOT select iPhone Developer/Distribution: My Company
Expand this item, and inside you should see the Private Key.
Select BOTH the key and the certificate (Hold CMD and click both items)
Right click and select Export 2 Items...
Save your key in the Personal Information Exchange (.p12) file format, and call the file “Certificates.p12”
You will be prompted to create a password that is used when you attempt to import this key on another computer
Enter a password and save
How did you get the certificate onto your machine?
Did you:
a) download it from the iOS cert portal
b) Send a certificate request from this very same computer and go thru the process to get it downloaded from the iOS cert portal
Note that option B means you have a private key associated with it because it was requested from this very same computer. If you are doing option A, then the private key is not on that machine
If you are trying to transfer your cert and private key from one computer to the next, the easiest way to do it is using the Keychain Access program, exporting the cert/key to *.p12 format for transfer.
If you open the Keychain Access program and find your developer certificate, click the arrow ned to it and make sure there is an associate sub key with it.
If so, right click the cert and click Export.
If not, then you need to do so from the original computer that the certificate was requested from to include the private key.
In the Keychain Access Application I have moved my installed certification from the system folder to login folder (in left-top), then p12 exporting was enabled.