For aesthetic reasons, I would like to use the same private key that I used to create my distribution certificate a while ago, to create a new development certificate (my old one expired). But the "How to create a development certificate:" on the iOS provisioning portal require that you use Keychain Access create a new key. When I try to do Keychain Access > Certificate Assistant > Request a Certificate From a Certificate Authority With "(my key name)" the Certificate Assistant doesn't actually create a CSR file.
出于美观的原因,我希望使用我以前创建分发证书时使用的相同的私钥,以创建新的开发证书(我的旧版本已过期)。但是,在iOS供应门户上的“如何创建开发证书:”要求使用Keychain访问创建一个新密钥。当我尝试进行密钥链访问>证书助理>时,使用“(我的密钥名)”从证书颁发机构请求证书时,证书助理实际上并不创建CSR文件。
Does anyone know if this can be done, and if so, how?
有人知道这能不能做到吗?如果可以,怎么做?
4 个解决方案
#1
49
First, I had to export my private key from the keychain as a p12 file. I tried scripting this, but was unsuccessful.
首先,我必须从密钥链中导出我的私钥作为p12文件。我尝试过编写脚本,但是没有成功。
- Open keychain and select your private key
- 打开密钥链并选择您的私钥
- Right-click and select "Export "
- 右键单击并选择“Export”
- Use a p12 file type.
- 使用p12文件类型。
Run the following openssl command to convert your password-protected p12 file to a pem. openssl will prompt for a password.
运行以下的openssl命令,将密码保护的p12文件转换为pem。openssl将提示输入密码。
openssl pkcs12 -in your-newly-exported-p12-file.p12 -out your-newly-exported-p12-file-as-a-pem.pem -nodes
Run the following command on your pem file to generate the csr.
在pem文件上运行以下命令来生成csr。
openssl req -new -key your-newly-exported-p12-file-as-a-pem.pem -out your-csr-to-submit-to-apple.csr
#2
4
To generate a CSR from an existing Private Key in Keychain Access, just right-click (two-finger click) on the Private Key you want to use and choose REQUEST A CERTIFICATE FROM A CERTIFICATE AUTHORITY WITH "(My Key Name)"
要从密钥链访问中的现有私钥生成CSR,只需右键单击要使用的私钥,并选择“(我的密钥名)”从证书颁发机构获得证书。
Then enter the User Email Address and CA Email Address (I just use the same email address for both) and then choose Saved To Disk.
然后输入用户电子邮件地址和CA电子邮件地址(我只对两者使用相同的电子邮件地址),然后选择保存到磁盘。
#3
2
Are you comfortable with OpenSSL and the command-line? There's a discussion on a mailing list about creating the CSR manually. FWIW, I wasn't able to create a CSR using a selected key in Keychain Access/Certificate Assistant either.
您熟悉OpenSSL和命令行吗?关于手工创建CSR的邮件列表有一个讨论。FWIW,我也不能使用Keychain Access/Certificate Assistant中的选择键创建CSR。
#4
0
I went through this hell today. I wanted to automate the export of a key to create the CSR via commandline. I found a tool written in c that promised what I wanted: keychain_access. I compiled and played around with it but wasn't able to export my distribution key. I created the tool again from scratch with the newest apple security API's and keychain item attribute printing, but still wasn't able to find the key by label. I was able to list it with no label search. In an desperate attempt I renamed to key in the keychain access tool and renamed it back to the old name. After that my tool finally picket up the key by label. And also the right click REQUEST A CERTIFICATE FROM A CERTIFICATE AUTHORITY WITH "(My Key Name)" started to work again as well. It seems that the name was saved in a different encoding or something. Not event apples own keychain access tool was able to find the key!
我今天经历了这个地狱。我想通过命令行自动导出一个键来创建CSR。我找到了一个用c语言编写的工具,它承诺了我想要的东西:keychain_access。我编译并使用它,但无法导出我的分发密钥。我用最新的apple security API和keychain item属性打印重新创建了这个工具,但是仍然无法通过标签找到密钥。我可以在没有标签搜索的情况下列出它。在一次绝望的尝试中,我重命名为keychain访问工具中的关键字,并将它重新命名为旧名称。在那之后,我的工具终于按标签把钥匙挑出来了。同时,右击请求证书颁发机构的证书(我的密钥)也开始工作。似乎这个名字被保存在不同的编码中。没有事件苹果自己的钥匙链访问工具能够找到钥匙!
#1
49
First, I had to export my private key from the keychain as a p12 file. I tried scripting this, but was unsuccessful.
首先,我必须从密钥链中导出我的私钥作为p12文件。我尝试过编写脚本,但是没有成功。
- Open keychain and select your private key
- 打开密钥链并选择您的私钥
- Right-click and select "Export "
- 右键单击并选择“Export”
- Use a p12 file type.
- 使用p12文件类型。
Run the following openssl command to convert your password-protected p12 file to a pem. openssl will prompt for a password.
运行以下的openssl命令,将密码保护的p12文件转换为pem。openssl将提示输入密码。
openssl pkcs12 -in your-newly-exported-p12-file.p12 -out your-newly-exported-p12-file-as-a-pem.pem -nodes
Run the following command on your pem file to generate the csr.
在pem文件上运行以下命令来生成csr。
openssl req -new -key your-newly-exported-p12-file-as-a-pem.pem -out your-csr-to-submit-to-apple.csr
#2
4
To generate a CSR from an existing Private Key in Keychain Access, just right-click (two-finger click) on the Private Key you want to use and choose REQUEST A CERTIFICATE FROM A CERTIFICATE AUTHORITY WITH "(My Key Name)"
要从密钥链访问中的现有私钥生成CSR,只需右键单击要使用的私钥,并选择“(我的密钥名)”从证书颁发机构获得证书。
Then enter the User Email Address and CA Email Address (I just use the same email address for both) and then choose Saved To Disk.
然后输入用户电子邮件地址和CA电子邮件地址(我只对两者使用相同的电子邮件地址),然后选择保存到磁盘。
#3
2
Are you comfortable with OpenSSL and the command-line? There's a discussion on a mailing list about creating the CSR manually. FWIW, I wasn't able to create a CSR using a selected key in Keychain Access/Certificate Assistant either.
您熟悉OpenSSL和命令行吗?关于手工创建CSR的邮件列表有一个讨论。FWIW,我也不能使用Keychain Access/Certificate Assistant中的选择键创建CSR。
#4
0
I went through this hell today. I wanted to automate the export of a key to create the CSR via commandline. I found a tool written in c that promised what I wanted: keychain_access. I compiled and played around with it but wasn't able to export my distribution key. I created the tool again from scratch with the newest apple security API's and keychain item attribute printing, but still wasn't able to find the key by label. I was able to list it with no label search. In an desperate attempt I renamed to key in the keychain access tool and renamed it back to the old name. After that my tool finally picket up the key by label. And also the right click REQUEST A CERTIFICATE FROM A CERTIFICATE AUTHORITY WITH "(My Key Name)" started to work again as well. It seems that the name was saved in a different encoding or something. Not event apples own keychain access tool was able to find the key!
我今天经历了这个地狱。我想通过命令行自动导出一个键来创建CSR。我找到了一个用c语言编写的工具,它承诺了我想要的东西:keychain_access。我编译并使用它,但无法导出我的分发密钥。我用最新的apple security API和keychain item属性打印重新创建了这个工具,但是仍然无法通过标签找到密钥。我可以在没有标签搜索的情况下列出它。在一次绝望的尝试中,我重命名为keychain访问工具中的关键字,并将它重新命名为旧名称。在那之后,我的工具终于按标签把钥匙挑出来了。同时,右击请求证书颁发机构的证书(我的密钥)也开始工作。似乎这个名字被保存在不同的编码中。没有事件苹果自己的钥匙链访问工具能够找到钥匙!