Till date I used to follow below steps to create p12 file for push.
openssl x509 -in aps_development.cer -inform DER -out aps_development_identity.pem -outform PEM}
openssl pkcs12 -nocerts -out private_development_key.pem -in Certificates.p12
openssl rsa -out private_key_noenc.pem -in private_development_key.pem
openssl pkcs12 -export -in aps_development_identity.pem -inkey private_key_noenc.pem -certfile CertificateSigningRequest.certSigningRequest -name "aps_development_identity" -out aps_development_identity.p12
Note : I already have aps_development.cer, Certificates.p12, CertificateSigningRequest.certSigningRequest in my folder.
However today I got error on executing last statement in terminal.
After executing last sentence, I get error as below.
openssl pkcs12 -export -in aps_development_identity.pem -inkey private_key_noenc.pem -certfile CertificateSigningRequest.certSigningRequest -name "aps_development_identity" -out aps_development_identity.p12
unable to load certificates --> this is what I get in response
Till now I didn't get any error like this.
Any idea what I am missing.
I am tagging Swift as iOS developer might have faced this issue. So I just added Swift tag to bring them into this question.
I just figured that this is happening due to I update the Ruby for pods.
Any there anything updated in Ruby for this export?
Finally I found a solution.
openssl pkcs12 -export -in aps_development_identity.pem -inkey private_key_noenc.pem -name "aps_development_identity" -out aps_development_identity.p12
Just remove -certfile CertificateSigningRequest.certSigningRequest from last statement & you are done.
I got this error because there were spaces in my cer file that I coped and pasted from a website. When I retired with a file with no spaces it worked.
Related
I have the following files
server.csr
serverprivate.key
serverpublic.key
Provided by vendor: vendor.pem
I need to convert the certificate to a .p12 files and tried the following command via openssl
openssl pkcs12 -export -out esim.p12 -inkey private.key -in ca-preprod.crt
and i'm getting "NO CERTIFICATE MATCHES PRIVATE KEY"
How to generate a .p12 file using the files I have now?
well i have tried the below
openssl x509 -req -in <cert_name>.csr -signkey <key_name>.key -out output.crt
but seems to throw an error
140735226307408:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: CERTIFICATE REQUEST
Any solutions?
The source of the problem is the form of your CSR : While working with X509, your data can be store using 2 forms : DER and PEM.
By default openssl assumes you are using PEM.
In your case, you should first convert the CSR in PEM format :
openssl req -inform DER -in <cert_name>.csr -out <cert_name>.pem
And then
openssl x509 -req -in <cert_name>.pem -signkey <key_name>.key -out output.crt
I am trying to convert an Apple Push Certificate (received in .pem format from https://identity.apple.com/pushcert/) to PKCS12 on a Windows machine. I have OpenSSL installed.
Here are the steps I am trying:
Generate CSR
openssl req -out d:\cert\request.csr -new -newkey rsa:2048 -nodes -keyout d:\cert\csrPrivateKey.pem
Upload signed CSR to Apple and download issued certificate (pushCert.pem)
Convert .pem certificate to pkcs12
openssl pkcs12 -export -in d:\cert\pushCert.pem -inkey d:\cert\csrPrivateKey.pem -out d:\cert\pushCert.p12 -name "apns-cert"
When I try this last step, I get an error "No certificate matches private key" and an empty file is created. If anyone has any suggestions it would be greatly appreciated.
Thanks!
I have one .key file from which I generated a .csr file that I used to purchase a GoDaddy code signing certificate. From GoDaddy I received one .spc file.
I exported the spc file to pem with the following command:
openssl pkcs7 -inform DER -in mycert.spc -print_certs -out certs.pem
I then opened the certs.pem file and copied the first two certificates to a file called cert-chain.crt and the last one (which is mine) to one called server.crt.
I tried to sign the file like with this command:
openssl smime -sign -in a.mobileconfig -out signed_a.mobileconfig -signer cert/server.crt -inkey cert/ios_apn.key -certfile cert/cert-chain.crt -outform der -nodetach
But what I got is:
unable to load certificate
11911:error:0906D06C:PEM routines:PEM_read_bio:no start line:/SourceCache/OpenSSL098/OpenSSL098-41/src/crypto/pem/pem_lib.c:648:Expecting: TRUSTED CERTIFICATE
What am I doing wrong? How should I normally sign the a.mobileconfig file with the provided SPC file?
Your certificate is in DER format, but openssl is assuming PEM format. You should add -inform der to the command:
openssl smime -sign -in a.mobileconfig -out signed_a.mobileconfig -signer cert/server.crt -inkey cert/ios_apn.key -certfile cert/cert-chain.crt -inform der -outform der -nodetach
after exporting to p.12 in MacOSX, can i run the following 3 step in Linux? Or i must get it done in the same machine where i export to P.12 before i upload to Linux server to use with my php script?
openssl pkcs12 -clcerts -nokeys -out apns-dev-cert.pem -in apns-dev-cert.p12
openssl pkcs12 -nocerts -out apns-dev-key.pem -in apns-dev-key.p12
openssl rsa -in apns-dev-key.pem -out apns-dev-key-noenc.pem
I am not sure but this might be helpful:
1) CertificateCreation
2) apple-push-notification-service-tutorial
I think there is no problem in use the openssl in a linux machine. The algorithm is the same.
I used this tutorial and works great: http://blog.boxedice.com/2009/07/10/how-to-build-an-apple-push-notification-provider-server-tutorial/