Login/Register
How to convert a .cer to a .p12 file
Asked Answered
Solved ssl-certificatep12keystore-access
H

6

83

I have two .cer files (developer and distribution) both are loaded into Keystore Access on Mac OS X. However I'm unable to export as a .p12 file.

ui

I tried OpenSSL, but still no luck:

openssl pkcs12 -export -in followMe_ios_development.cer -out followMe_ios_development.p12 -clcerts -nokeys

How can I export this .cer file as a .p12 so I can compile this app for iOS?

Hundred answered 23/8, 2016 at 1:37 Comment(2)
Perhaps this could help you. code.google.com/archive/p/apns-sharp/wikis/…Gulosity
Possible duplicate of aps_developer_identity.cer to p12 without having to export from Key Chain?Rocray
G
88

try this: given you have files as follow:

aps.cer, downloaded from Apple.

app.key, your own private key generated by openssl.

1st, convert the .cer file into .pem format:

openssl x509 -in aps.cer -inform DER -out aps.pem -outform PEM

2nd, use the .pem file and your private .key to generate .p12 file:

openssl pkcs12 -export -out aps.p12 -inkey app.key -in aps.pem

this should prompt to ask a password for this .p12 file.

CF:

aps_developer_identity.cer to p12 without having to export from Key Chain?

Creating a .p12 file

Galilee answered 13/2, 2017 at 3:36 Comment(5)
how do i get a app.key file?Nemeth
@Nemeth : this link might help you understand what is / how to generate a .key file, serverfault.com/questions/224122/…Shellbark
If I dont have the certificate key file, how can I generate one?Pederson
The command line would be a great tool if it was tooled properly. There's absolutely no helper functions such as autocomplete of file names, switches as you type etc. In keychain as the other answer suggests you can do this way faster with less hassle.Bacon
How do I get the export password after I run the second command, if I try putting in a random password I get an error unable to write 'random state' so I guess there's an existing password for the export but I don't know how to get itIdolla
H
113

What works for me dealing with Push Notification certifies has been:

  1. Open the certificate: open my_filename.cer and click "View Certificates" to see the certificate's name
  2. Go to Applications -> Utilities -> Keychain Access
  3. Ensure you have selected the "login" keychain, not the "system" one (thanks to @Matt Flettcher )
  4. Go to "Certificates"
  5. Look for the desired certificate
  6. Ensure that you can expand it and see under it the original ".certSigningRequest" used to generate the certificate
  7. At this moment you should be able to export it as ".p12"
Huston answered 22/6, 2017 at 10:25 Comment(4)
where is certSigningRequest? i cant find it when desired certificate selectedLegate
@Legate ensure that you can expand the row of the corresponding certificate, then whem you expand it by clicking in the left pointign triangle it should appear as a child with a key icon.Huston
I also had to make sure I was using the "login" keychain, not the "system" one which had automatically opened when i clicked the .cer fileUnspoiled
I could not open the certificate, however, I had to drag and drop it into the My certificates before I could see it, however, I could not see the certSigningRequest when I expanded it.Lavoisier
G
88

try this: given you have files as follow:

aps.cer, downloaded from Apple.

app.key, your own private key generated by openssl.

1st, convert the .cer file into .pem format:

openssl x509 -in aps.cer -inform DER -out aps.pem -outform PEM

2nd, use the .pem file and your private .key to generate .p12 file:

openssl pkcs12 -export -out aps.p12 -inkey app.key -in aps.pem

this should prompt to ask a password for this .p12 file.

CF:

aps_developer_identity.cer to p12 without having to export from Key Chain?

Creating a .p12 file

Galilee answered 13/2, 2017 at 3:36 Comment(5)
how do i get a app.key file?Nemeth
@Nemeth : this link might help you understand what is / how to generate a .key file, serverfault.com/questions/224122/…Shellbark
If I dont have the certificate key file, how can I generate one?Pederson
The command line would be a great tool if it was tooled properly. There's absolutely no helper functions such as autocomplete of file names, switches as you type etc. In keychain as the other answer suggests you can do this way faster with less hassle.Bacon
How do I get the export password after I run the second command, if I try putting in a random password I get an error unable to write 'random state' so I guess there's an existing password for the export but I don't know how to get itIdolla
O
19

I had the same problem where a .p12 export was not available, only .p7b. I solved it this way:

You don´t select your certificate via the "certificates" directory on the lower left, but via the "My Certificates" directory.

Like this, an arrow should show up left of your certificate. Click it, and you will see your private Key.

Right-Click on your private Key and select the "export Key" option. Now you can create a .p12 Certificate File, just as the doctor ordered.

Osis answered 15/3, 2020 at 19:38 Comment(1)
No luck. I guess that my private key... is gone!Bumgardner
L
4

You should select both cert and private key. Then you will able to export certs with p12 extension.

Latinity answered 16/6, 2020 at 14:29 Comment(0)
A
2

In my case the abilty to export in p12 format depends on certificate type. For "Apple Distribution" certificate type it is disabled, right like in your case.

When I created new certificate with type "IOS Distribution (App Store and Ad Hoc)" and processed it right like previous one, the p12 format became available in export dialog.

Abbott answered 4/3, 2021 at 18:2 Comment(0)
S
0

In my case I'm trying to create a pfx/PKCS12 file and have tried the given commands and ran through couple of issues out of which one was:

Unable to load certificate

So then tried with the below one command, which worked:

openssl pkcs12 -export -out requiredPFXfile.pfx -inkey yourPrivateKey.key -in yourcertificate.cer

Please find link for more details: https://www.ssl.com/how-to/create-a-pfx-p12-certificate-file-using-openssl/

Shellbark answered 23/5, 2018 at 21:59 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.