I have one .key file from which I generated a .csr file that I used to purchase a GoDaddy code signing certificate. From GoDaddy I received one .spc file.
I exported the spc file to pem with the following command:
openssl pkcs7 -inform DER -in mycert.spc -print_certs -out certs.pem
I then opened the certs.pem file and copied the first two certificates to a file called cert-chain.crt and the last one (which is mine) to one called server.crt.
I tried to sign the file like with this command:
openssl smime -sign -in a.mobileconfig -out signed_a.mobileconfig -signer cert/server.crt -inkey cert/ios_apn.key -certfile cert/cert-chain.crt -outform der -nodetach
But what I got is:
unable to load certificate
11911:error:0906D06C:PEM routines:PEM_read_bio:no start line:/SourceCache/OpenSSL098/OpenSSL098-41/src/crypto/pem/pem_lib.c:648:Expecting: TRUSTED CERTIFICATE
What am I doing wrong? How should I normally sign the a.mobileconfig file with the provided SPC file?
Your certificate is in DER format, but openssl is assuming PEM format. You should add -inform der to the command:
openssl smime -sign -in a.mobileconfig -out signed_a.mobileconfig -signer cert/server.crt -inkey cert/ios_apn.key -certfile cert/cert-chain.crt -inform der -outform der -nodetach
Related
I have the following files
server.csr
serverprivate.key
serverpublic.key
Provided by vendor: vendor.pem
I need to convert the certificate to a .p12 files and tried the following command via openssl
openssl pkcs12 -export -out esim.p12 -inkey private.key -in ca-preprod.crt
and i'm getting "NO CERTIFICATE MATCHES PRIVATE KEY"
How to generate a .p12 file using the files I have now?
Till date I used to follow below steps to create p12 file for push.
openssl x509 -in aps_development.cer -inform DER -out aps_development_identity.pem -outform PEM}
openssl pkcs12 -nocerts -out private_development_key.pem -in Certificates.p12
openssl rsa -out private_key_noenc.pem -in private_development_key.pem
openssl pkcs12 -export -in aps_development_identity.pem -inkey private_key_noenc.pem -certfile CertificateSigningRequest.certSigningRequest -name "aps_development_identity" -out aps_development_identity.p12
Note : I already have aps_development.cer, Certificates.p12, CertificateSigningRequest.certSigningRequest in my folder.
However today I got error on executing last statement in terminal.
After executing last sentence, I get error as below.
openssl pkcs12 -export -in aps_development_identity.pem -inkey private_key_noenc.pem -certfile CertificateSigningRequest.certSigningRequest -name "aps_development_identity" -out aps_development_identity.p12
unable to load certificates --> this is what I get in response
Till now I didn't get any error like this.
Any idea what I am missing.
I am tagging Swift as iOS developer might have faced this issue. So I just added Swift tag to bring them into this question.
I just figured that this is happening due to I update the Ruby for pods.
Any there anything updated in Ruby for this export?
Finally I found a solution.
openssl pkcs12 -export -in aps_development_identity.pem -inkey private_key_noenc.pem -name "aps_development_identity" -out aps_development_identity.p12
Just remove -certfile CertificateSigningRequest.certSigningRequest from last statement & you are done.
I got this error because there were spaces in my cer file that I coped and pasted from a website. When I retired with a file with no spaces it worked.
My question is simply: What is the encoding of the .pem and .csr file created by openssl using this command:
openssl req -nodes -newkey rsa:2048 -keyout key.pem -out some.csr \
-subj "/C=XY/ST=UVW/L=SOMETOWN/O=STH/OU=STHELSE/CN=my.cert.test"
I do past some information from which i do not know if they are of importance for the answer of this question:
I am working on a xterm under x11. I have a up to date linux distribution (opensuse leap 42.2) and use openssl in my shell to create a csr file. I have a setting in my env XTERM_LOCALE=de_DE.UTF-8.
You can set encoding by passing -outform DER or -outform PEM where der is binary file and pem is in base64.
well i have tried the below
openssl x509 -req -in <cert_name>.csr -signkey <key_name>.key -out output.crt
but seems to throw an error
140735226307408:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: CERTIFICATE REQUEST
Any solutions?
The source of the problem is the form of your CSR : While working with X509, your data can be store using 2 forms : DER and PEM.
By default openssl assumes you are using PEM.
In your case, you should first convert the CSR in PEM format :
openssl req -inform DER -in <cert_name>.csr -out <cert_name>.pem
And then
openssl x509 -req -in <cert_name>.pem -signkey <key_name>.key -out output.crt
Which is the terminal command line equivalent for installing the development certificate (.cer file) without having access to Keychain Access utility?
I have an cloud rented MAC which doesn't offeer me access to the Keychain utility, but I'm allowed to use the terminal.
The key is to use OpenSSL in order to convert the iOS developer certificate file into a PEM certificate file and then to generate a P12 file based on the PEM certificate and the certificate key earlier generated. source
openssl x509 -in developer_identity.cer -inform DER -out developer_identity.pem -outform PEM
openssl pkcs12 -export -inkey mykey.key -in developer_identity.pem -out iOS_dev.p12
Try to see if this works for you :
http://lists.apple.com/archives/apple-cdsa/2010/Mar/msg00021.html