Unable to export Apple production push SSL certificate in .p12 format

F

13

233

I am using Urban airship in my application for push notification. So, I need to download the push SSL certificate from Apple developer portal. After downloading, I added that in keychain access. But no private key was created for the certificate. When I tried to right click and export the certificate, I was not able to export that as .p12 file as the .p12 file extension was disabled while saving. I am unable to attach the screenshots here due to lesser reputation.

Someone please tell me where is the issue here. How should I do that?

Frances answered 27/3, 2013 at 15:13 Comment(0)

B

721

Turns out all you have to do is select "My Certificates" on the left panel and it enables the .p12 option.

Bambibambie answered 21/10, 2013 at 19:22 Comment(12)

it seems, since there's no private key available, the certificate is not listed under 'my certificates'. its only under 'certificates'. – Kymric 21/10, 2014 at 16:5

Sometimes you need to re-launch keychain app to your certificate to show up. – Missioner 12/10, 2016 at 21:21

What the hell! I was banging my head in the keychains section coming in the default option. – Hurlyburly 7/12, 2016 at 23:18

Same issue as @commonpike, not in the list. jdev112388's answer is correct. Looks like Apple changed things again – Pompidou 17/2, 2017 at 19:20

Another thing: you have to generate if from the same machine. Actually, you have to generate the Certificate signing request from the same KEYCHAIN! – Therefor 29/3, 2017 at 15:21

if this isn't a bug, that is the weirdest feature I have ever heard of... – Bumgardner 10/6, 2018 at 0:6

I don't have any certificates in 'My certificates'. Even if I completely request the certificate from the beginning on the same macbook. Does anyone know why I can't see the certificate in 'My certificate'? – Tamikotamil 11/2, 2020 at 16:31

According to the answer above, jdev112388's answer is correct. His answer doesn't show up for me though.. It's like having the same problem all over again. – Gerri 22/6, 2020 at 10:0

Exit and Reopen KeychainAccess . You may find your certificate in MyCerificates List . – Haematozoon 15/7, 2020 at 8:21

This has moved. My Certificates is on top and shows nothing, but "Certificates" tab (again, on top) shows my distribution cert and let's me export (only) as p12 – Influx 9/4, 2021 at 18:37

omg I'm back, because it has been a year and my cert expired. now I can't get it working anymore :-( – Influx 16/6, 2021 at 19:16

I did the search thing (somebody mentions on this page), went to My Certificates, click the little down arrow icon thing (for my cert), then I can see "private key" and this can be exported as a p12 file (for upload to Azure). – Influx 16/6, 2021 at 19:32

B

133

In my case, I made the .cer file into "system" option not the "login" option. then I move the .cer file from the "system" to "login" option then press "My Certificates" then export it .p12 is ok..

Bareilly answered 11/1, 2014 at 9:21 Comment(4)

WTF! Absolutely crazy but worked for me also. It also makes the dropdown arrow and the private key to appear. Thank you very much! – Twelfthtide 7/12, 2017 at 22:0

I did the same and was able to export .p12. thanks. I was thinking to revoke it and do it from other machines, but it works. – Petigny 27/7, 2019 at 7:2

It didn't work for me. I still can't see any certificates in the 'My certificates' section. I created a completely new certificatesigningrequest-file. Uploaded that to the apple developer portal to download the APNS certificate. I doubleclicked on that one but it only appears in the 'Certificates' section. Any ideas? – Tamikotamil 12/2, 2020 at 15:9

This should be the accepted answer. For me, I needed to copy the certificate from the System view and then paste it into the Login view. No human being should be subject to this kind of arbitrary nonsense. – Spenser 12/3 at 21:24

F

31

Apple do not store the private key you used to create your certificates. You need to already have a copy of it on your machine.

It sounds as if perhaps either somebody else requested the push certificate you're trying to download, or you requested it on another machine. If you can't find the private key you will need to create a new certificate request and upload it via the developer portal.

Freddafreddi answered 27/3, 2013 at 15:19 Comment(3)

But one thing... If I get the private key anyhow, how can I integrate that with the existing push certificate.? – Frances 27/3, 2013 at 15:21

You should ask whoever has the private key to export it and send it to you. You can then add it to your keychain, which with your push certificate will let you create the p12 file. – Freddafreddi 27/3, 2013 at 18:20

The certificate still doesn't appear in 'My certificates' when I completely do the request on the same macbook from the beginning. – Tamikotamil 11/2, 2020 at 16:33

I

31

In my case, the certificate did not appear until I searched by its name! I even took a video as proof. "Login" and "My Certificates" were both selected, I went through the full flow to regenerate it from scratch twice and every time the certificate was not there for me to export the .p12 file. Once I entered its name in the search bar it appeared! :flip_table_emoji:

Apple, fix your bugs! 2 hours of my life that will never come back.

Imagism answered 14/12, 2020 at 10:5 Comment(5)

this works perfectly. Need to find certificate via search bar – Geophagy 17/12, 2021 at 5:1

Apple doesn't care. :\ – Selfservice 20/1, 2022 at 8:59

this is crazy....you save my day! – Teletype 27/4, 2022 at 1:32

Crazy! they ruined my day, but you saved it. – Excerpta 8/6, 2022 at 4:5

Thank you really much Gabe, drinks on me ! – Mordred 10/1 at 14:56

S

21

In order to export as p12 you either need to generate the cert from your machine or have the key that was used to generate it on your machine.

To ensure this will work:

Log in to Apple's Dev Center
Go to the Provisioning Portal or Certificates, Identifiers & Profiles
Go to Certificates and create a Apple Push Notification service SSL From here on you will be guided through the certificate generation process.
After you download the generated cert, install it in your keychain (double click the cert file or drag and drop into the keychain window.
Then select "Certificates" from the left panel. Right click the cert you want to export and the p12 option will be there.

Note: it won't be there unless you generated the cert from your machine

Saransarangi answered 17/2, 2016 at 22:56 Comment(2)

The key here is that you generate it from your machine. Actually, you have to generate the Certificate signing request from the same KEYCHAIN! – Therefor 29/3, 2017 at 15:20

And the certificate assistant always uses whatever keychain was set as the default when the CSR was created. If you want to have the keys generated in a specific keychain set it as the default before you begin the CSR process. Once the CSR is created you can set it back. When importing the cert downloaded from Apple import it into the keychain that has the key pair. – Efflorescent 23/8, 2018 at 6:21

Q

13

In addition to verifying that the certificate was issued from certificate request from the Keychain Access -> Certificate Assistant on the same computer, ensure that the received .cer file is installed into the correct keychain.

The best way to do this is select the appropriate keychain under the left Keychains, most likely 'login', ensure 'My Certificates' is selected under Category, then drag and drop the .cer file into the main file list area.

Quilting answered 15/12, 2015 at 23:0 Comment(2)

Thanks @Quilting for mentioning "select the appropriate keychain" I just double clicked on the cer file and it was always going in the System keychain. – Astronaut 5/9, 2019 at 19:42

It didn't work for me. I still can't see any certificates in the 'My certificates' section. I created a completely new certificatesigningrequest-file. Uploaded that to the apple developer portal to download the APNS certificate. I doubleclicked on that one but it only appears in the 'Certificates' section. Any ideas? – Tamikotamil 12/2, 2020 at 15:10

D

10

For me, instead of right-clicking on the main certificate row within Keychain Access and selecting Export, I had to click the drop-down arrow next to the certificate that I was trying to export and then right-click the entry below that and then select Export. Then you are actually selecting the private key part instead of the public key part.

Deportment answered 26/12, 2015 at 16:7 Comment(2)

For the arrow to be visible, I needed to have the "Category" set to "Certificates" instead of "All Items" – Broker 20/4, 2016 at 22:51

exactly. right click on certificate itself does not produce "Export" option in context menu – Neoplatonism 8/2, 2017 at 19:42

G

8

I got it resolved, but solution is bit weired. It turns out you just need to open keychain and select the "My Certificate" tab of "login". Now go to your downloaded certificate and double click it, it will appear under "My Certificate" and you can see private key as well. Now you can easily export you cert in .p12 format Cheeres!

Gutter answered 14/9, 2023 at 5:26 Comment(3)

Worked for me.Thank you. In case .p12 was disabled. – Wilkens 14/9, 2023 at 12:59

Thanks for confirming, might help others! – Gutter 21/9, 2023 at 15:54

Wow that's confusing, this was the solution for me as well. – Substantial 8/4 at 16:41

B

4

Make you are selecting a private key and not a public key because you probably have both types on the list.

Breakout answered 19/12, 2013 at 23:12 Comment(0)

G

0

You can use the Onesignal provisionator tool to create a push SSL certificate. It's free and does all the confusing bit for you.

It will revoke your current one as you generate it, so it's important to be quick when uploading it to the relevant place if you are live.

This worked with me for OneSignal push notifications, but I see no reason why it wouldn't work for other push notifications.

Gerri answered 22/6, 2020 at 11:20 Comment(1)

Unfortunately the two-factor authentication isn't working at the moment – Christianize 30/9, 2021 at 14:25

J

0

Tried a lot of the suggestions above and this was the solution (@Greg) that worked for me:

The keychain you have selected on the left hand side in Keychain Access when generating the Certificate signingrequest must be the same keychain you import the signed certificate back into. Otherwise it treats it as someone else's and keychain access won't show the private key in the drop down.

Justinajustine answered 4/8, 2020 at 22:39 Comment(0)

R

0

You need to select "Certificates" tab in Access Key Chain.

Remedial answered 23/9, 2021 at 6:41 Comment(0)

V

0

I was able to enable the p12 option by clicking opening the certificate's dropdown, clicking on the contained private key, going to the access control tab, then changing the setting to "Allow all applications to access this item"

Verrocchio answered 26/1 at 8:0 Comment(0)

Recommended topics

Hot tags