We have an iOS app whose push notification cert has expired and we're trying to create a new one. I've created new certs in the Provisioning portal (ios_developer.cer, ios_distribution.cer) and downloaded them. I was following instructions here on Stack Overflow to convert it to PEM and then to P12 files, but I'm stuck. When I then attempt to convert the PEM to P12, it wants a private key of some sort, and I don't know where to get it.
I've also tried loading these into Keychain Access. I had read that you could export them as P12 from there, but when I do the Import, they don't appear anywhere.
Your private key is generated when you created the signing request in Keychain Access. After the cert is generated and downloaded, double-clicking it will add it to Keychain Access where it will be matched up with the private key. You can then select the cert, and open the arrow to also select the private key and export them together as a .p12 file from Keychain Access.
.p12 files are used to publish app on the Apple App Store
A. On your Mac Create a (.certSigningRequest) CSR file
Open Keychain Access from Utilities
From Keychain Access toolbar select Keychain Access -> Preference
In the pop up window select Certificates tab
Set both “Online Certificate Status Protocol” and “Certificate Revocation List” to “Off"
Close this window
Now from toolbar, open Keychain Access > Certificate Assistant > Request a Certificate From a Certificate Authority
Enter email address and common name that you used to register in the iOS Developer Program
Keep CA Email blank and select “Saved to disk” and “Let me specify key pair information”
Click Continue
Choose a filename & destination on your hard drive
Click Save
In the next window, set “Key Size” value to “2048 bits”
Set “Algorithm” to “RSA”
Click Continue
This will create and save your certSigningRequest file (CSR) to your hard drive. A public and private key will also be created in Keychain Access with the Common Name entered.
B. Create ".cer" file in iOS developer account
Login to apple developer account Click “Certificates, Identifiers & Profiles”
Click “Provisioning Profiles”
In the “Certificates” section click “Production”
Click the “Add” (+) button at the top-right of the main panel
Now, choose “App Store and Ad Hoc”
Click Continue
Click “Choose File” & find CSR file you’ve made from your hard drive
Click Generate
Click Download to get the file
C. Install .cer and generate .p12 certificate
Find .cer file you’ve downloaded and double-click
Set Login drop-down to “login" and Click Add
Open up KeyChain Access and you'll find profile created in Step A
You can expand “private key” profile (shows certificate you added)
Select only these two items (not the public key)
Right click and click “Export 2 items…” from popup
Now make sure file format is “.p12” and choose filename and destination on your hard drive
Click Save. Now, you’ll be prompted to set a password but keep these both blank
Click OK. Now, you have a .p12 file on your hard drive
Take a note that if issue still persists then try below step as well:
If your keychain is present in iCloud then remove all keychain content from iCloud and do new setup in iCloud This should work.
you will not get the expand option unless you filter by choosing (Certificates) from key chain left bottom corner
OK, problem solved! it seems that when i double click on the certificate, it automatically installs it in the SYSTEM keychain - i don't know why. So instead, i simply drag and drop the certificate into the LOGIN keychain and then all is good. Thanks to this article -> Adding certificates to keychain and generating .p12 file format - alon rosenfeld 10 months ago
To get your p12 file go this way..
Step 1. In XCode > Go to Project settings > General > Signing section > Signing Certificate
See which certificate you are using for this particular app as shown in image below
Step 2. Open Keychain > on Left bottom Category section > Certificates
Look for the certificate and open child by clicking on down arrow as show in image
Step 3. Right click and export as "Certificates.p12" by giving your password eg. "123456"
For anyone else having the greyed/grayed out P12 option:
Make sure you are in the My Certificates or Certificates category in
Keychain Access.
https://sailthru.zendesk.com/hc/en-us/articles/115000032546-Can-t-export-my-certificate-in-p12-format
For anyone still having this issue, the solution for me was to NOT select both and "Export 2 items" (the key and the certificate) - rather just export the certificate which ALREADY includes the key. As of 2016 i think this is the way to do it because previous uploads that worked with the export 2 items no longer work.
For anyone else having the greyed/grayed out P12 option,
here is the latest screenshot (2021) from my macbook pro.
I ended up here as I was trying to build an iOS app in the cloud using MS Visual Studio App Center WITHOUT a Mac. The issue is every tutorial uses the top rated answer above by Jayprakash Dubey. That approach uses a Mac and KeyChain. The solution comes from SO here.
You need a Key (aps_development.key), and then:
Create key pair : openssl genrsa -out aps_development.key 2048
Create CSR : openssl req -new -sha256 -key aps_development.key -out
aps_development.csr
Upload the CSR to developer portal to get the certificate
aps_development.cer
Convert the certificate: openssl x509 -inform DER -outform PEM -in
aps_development.cer -out aps_development.pem
Build the PKCS#12: openssl pkcs12 -inkey aps_development.key -in
aps_development.pem -export -out aps_development.p12
You can then go ahead and make an app id and a provisioning profile. This will allow you to build in the App Center.
Related
I need a private key p12 file in order to generate a PEM file for push notifications.
I found in many places the steps to create the file, but I always have the same problem on the final step:
Open Keychain Access on my Mac. Within the Keychain Access drop down menu, select Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority. This generates the CSR.
Login into my developer account. Create an unique Apple ID for my application, with push notifications selected (Certificates, Identifiers and Profiles > iOS Apps > Certificates > App IDs).
Open settings for the newly created appliction's id. Go to "Push notifications" and create an "Production SSL certificate". Upload the CSR when it ask for it.
When it finishes download the .cer file.
Double click on the certificate file to install it on the "Keychain Access" app.
Select the private key item under the installed certificate and right click to export it into a p12 file.
Here it´s an screen shot of what i see.
But I can not find any private key item under the certificate item.
Please I really need someone to help me.
Thanks for your patience.
I just got a similar problem looking for apns certificate so here is the solution if someone else need it : APNs certificate missing private key when generating with custom keychain
Just drag and drop the certificate currently in the "System" keychain into the "login" keychain and you will get your certificate with its associated key in the "login" keychain.
I'm using Appery platform to develop hybrid Apps. For one of the Apps that is already published to Apple Store, I want to enable Push Notifications. The devices are being registered correctly with DeviceID and Token. However, when I try to send push notifications, they do not go through, and platform only returns this error which does not reveal much to me:
Description: Unrecoverable error occurred while trying to communicate with Apple servers: null
Devices count: 100
I tried all possible attempst to solve this problem in futile.
Most of the tutorials and questions are about creating new App with Push Notification enabled, and not about enabling Push notification to already published App. Therefore, it created a fair amount of confusion as where should I start from and what should I update and what should I leave (e.g., I cannot start from the scratch, my App already registered with an App ID)
Here I describe the steps I've taken to enable PN for my App
In Apple developer account, I chose App IDs from Identifiers menu, and I chose my targeted App ID, clicked Edit , ticked Push Notification option and it became configurable with yellow bulb.
Then, in the same page, I clicked Create Certificate under Production SSL Certificate.
I uploaded the CSR file that I created long time ago when I published the App. I downloaded the aps_production.cer file
As pointed out here, I double clicked on aps_production.cer file to install it in the Keychain Access application, and I can see `Apple Production IOS Push Service certificate and the private key below it in Keychain.
Right clicked on the certificate in Keychain and exported .p12 file
Back to Apple developer: under provisioning profiles menu, I chose distribution and created new provisioning profile: Distribution -> App Store option -> Continue -> my App ID continue -> The certificate my App used when I published first time (The certificate here is not SSL push notification certificate I generated just now. It is the certificate that was created when I published the App first time).
I downloaded the provisioning profile.
I add all certificates to my platform (basically, .p12 file and provisioning profile. Bundle ID is the same). Then, I generated xcode project which I open in xCode
In xCode, under code Signing I chose the certificate that I created the App with (it is the only option displayed), and I double clicked on my provisioning profile so it appears provisioning profile options (I'm very skeptical about this step though). I built and validated the project successfully, submitted it to App store, it appeared under prerelease section, and Test Flight invitation is received.
I downloaded the App on iPhone and iPad, once I launched the App, I could see it being registered correctly at the backend.
When I send push notification (from Appery Platform) I get the error above
Appery support informed me that is something has to do with the certifications mismatch
Now my question is, what is in my steps causing the error? What is missing or not being done properly?
These are other references I used trying to solve the problem
How to create APNS certificates
Apple Push Notification Services in iOS 6 Tutorial: Part 1/2
JavaPNS error handling - contradiction in the documentation?
what type of certificate do you need in iOS
I can't remember clearly but you need to convert p12 (like in the link above) and have the converted file and will run on the server. Something like this.
I'm not sure but I think problem maybe at step 4 & 5.
Let try my steps:
Expand this option then right click on “Apple Development Push Services” > Export “Apple Development Push Services ID123″. Save this as apns-dev-cert.p12 file somewhere you can acess it.
Do the same again for the “Private Key” that was revealed when you expanded “Apple Development Push Services” ensuring you save it as apns-dev-key.p12 file.
These files now need to be converted to the PEM format by executing this command from the terminal:
openssl pkcs12 -clcerts -nokeys -out apns-dev-cert.pem -in
apns-dev-cert.p12 openssl pkcs12 -nocerts -out apns-dev-key.pem -in
apns-dev-key.p12
If you wish to remove the passphrase, either do not set one when exporting/converting or execute:
openssl rsa -in apns-dev-key.pem -out apns-dev-key-noenc.pem
Finally, you need to combine the key and cert files into a apns-dev.pem file we will use when connecting to APNS:
cat apns-dev-cert.pem apns-dev-key-noenc.pem > apns-dev.pem
Hope it help.
Step1 :
Go to Apple development account and in the Certificate press the PLUS button and follow the steps.
Under Production, select the
“Apple Push Notification service SSL (Sandbox & Production)”
checkbox, then click Continue.
Upload CSR certificate and continue...
Launch Keychain Access.
In the Category section, select My Certificates.
Find the certificate you want to export and disclose its contents.
You’ll see both a certificate and a private key.
Select both the certificate and the key, and choose File > Export Items.
From the File Format pop-up menu, choose a file format that your server accepts.
Enter a filename in the Save As field, and click Save.
The certificate and key are saved to the location you specified as a text file in the Personal Information Exchange format (a file with a .p12 file extension).
Follow the Link
i am trying to Converting a developer certificate into a P12 file as a describbed here using Virtual Machine mac....but when converting
Personal Information Exchange (.p12) file format is disabled
what should i do
The .p12 option is disabled because, you only selected either the private key or the certificate on your machine. You need both of them for creating a .p12 file.
Steps to create .p12 file:
Run the Keychain Access Application on your Mac.
Select the login keychain from the top-left panel
Select “My Certificates” from the “Category” menu in the left panel
Find your iPhone Developer/Distribution Certificate. DO NOT select iPhone Developer/Distribution: My Company
Expand this item, and inside you should see the Private Key.
Select BOTH the key and the certificate (Hold CMD and click both items)
Right click and select Export 2 Items...
Save your key in the Personal Information Exchange (.p12) file format, and call the file “Certificates.p12”
You will be prompted to create a password that is used when you attempt to import this key on another computer
Enter a password and save
How did you get the certificate onto your machine?
Did you:
a) download it from the iOS cert portal
b) Send a certificate request from this very same computer and go thru the process to get it downloaded from the iOS cert portal
Note that option B means you have a private key associated with it because it was requested from this very same computer. If you are doing option A, then the private key is not on that machine
If you are trying to transfer your cert and private key from one computer to the next, the easiest way to do it is using the Keychain Access program, exporting the cert/key to *.p12 format for transfer.
If you open the Keychain Access program and find your developer certificate, click the arrow ned to it and make sure there is an associate sub key with it.
If so, right click the cert and click Export.
If not, then you need to do so from the original computer that the certificate was requested from to include the private key.
In the Keychain Access Application I have moved my installed certification from the system folder to login folder (in left-top), then p12 exporting was enabled.
I downloaded a personal development certificate from the Apple Developer center and imported it to my keychain. Now, I want to export it as a .p12 file and encrypt it with a password. When I right click the certificate in the Keychain tab Certificates, and press the Export button, the .p12 option is not highlighted/available. Instead of the other 3 options (.cer, .pem, .p7b), which are available.
I tried a couple of things yet, like adding the Apple ID, which was used to create the certificate, to System preferences->Users and Groups->My account, but that didn't solve it. The certificate was created on a different Macbook than I'm using now.
Is it possible to export it as a .p12 in any way?
One point of interest: the Keychain Assistant window has a "Category" list in the right pane below the title bar (used to be in the lower part of the left panel). You can only export a p12 from the "(My) Certificates" view.
In the "All Items" view, you can see the certificates and the keys alongside, so that they're distinct items with no possibility of multiple selection; in the Certificates view, there's a tree structure with keys as child items of certificates, so that selecting a certificate implicitly selects the corresponding private key too.
The missing .p12 option means that you only have either the private key or the certificate on your machine. You need both of these to generate a .p12 (and incidentally, you'll need both the private key and certificate to sign your apps).
So, find out which of these you're missing, add the missing piece to Keychain, and the .p12 option will be available.
You can check in your keychain whether the private key is associated with the development certificate.
You can export the private key and certificate as .p12 only if it is there.
I was struggling with the same issue - I was able to sign macOS applications locally with my "Developer ID certificate", but wasn't able to export that certificate as a .p12 file (required by Azure Pipelines). What I found after maybe an hour of trying everything is that you need to store the Developer ID certificate in the "login" keychain (only there you can see also your private key and the "Export as .p12" option), not in the "System" keychain as I used to have for many years...
So although the Developer ID certificate stored in the System keychain works fine with Xcode, it doesn't allow you to export it as a .p12 file until you reimport it to the "login" keychain...
Just select Certificate from the left panel to export it as .p12
I am following the step given in https://github.com/Redth/PushSharp/wiki/How-to-Configure-&-Send-Apple-Push-Notifications-using-PushSharp to while working step by step for Apple Push Notifications.
I got stuck in the middle. I added Apple Push Notification development Certificates. But the certificates appears under SYSTEM/Certificates instead of LOGIN/Certificates section. May be due to this or may be not, I did't get save as .p12 file format option when i try to save file as p12 format as explained in step 19. I also tried generating certificates without checking
LET MY SPECIFY KEY PAIR CHAIN INFORMATION as explained in step 10.
Can anybody suggest me how to make aps-development.cer under login/certificates in key chain and then proceed the given step to obtain .p12 file?
Thanks in advance for your help and support.
Please try following Three steps
Step 1:Open your Keychain Access app.
Step 2:You will see list in left side as 'Login' ,'System' and 'System Roots', just drag your certificate in 'Login' option.
Step 3: You will get certificate install successfully in Keychain Access.
After this process you can create the .p12 certificate.
Step by step instruction how to download certificate and generate .p12
You need a valid certificate to be able to generate .p12 file. Step 1-3 describe steps to download valid certificate from the Apple Developer Account. Step 4-8 describe how to use this certificate to generate .p12 file.
Logon to DEVELOPER.APPLE.COM
(From the left menu) Go to 'Certificates, ID's & Profiles' or (From the main panel) Click on 'Certificates, Identifiers & Profiles'
(From the left menu) Click on Certificate type ie Production -> Click on the Certificate name to expand more options -> Click on 'Donwload'
(From the mac menu) Go to Utilities -> Key Chain
(From the top menu of Key Chain) Go to Key Chain Access
Open location where certificate has been downloaded and double click on it (This should auto generate new record in the Key Chan Access certificate list)
(From the Key Chain Access certificate list) right click on the newly created certificate record and choose 'Export...'
Save file as .p12