Can't find private key for Apple Development Push Services

S

16

70

I've consulted many sources out there and still can't figure this out.

http://code.google.com/p/apns-php/wiki/CertificateCreation

Basically after I download the Development Push SSL Certificate from the iOS Provisioning Portal > App IDS (with Enable for Apple Push Notification service selected) and I double click the certificate (filename aps_development.cer) to open it, the Keychain opens. I then select "login" and "Certificates" on the left panels. On the right panel I see "Apple Development IOS Push Services:..." and all instructions I've consulted so far have told me to "expand" this option by clicking the arrow next to the name to reveal the private key, but there is no expand option for this certificate. Can anyone help me find this private key? Did I download the wrong certificate?

Thanks

Sextant answered 30/1, 2013 at 21:33 Comment(0)

D

46

I noticed that the expand icon is actually visible when clicking on 'My Certificates' in the left menu (Keychain).

Data answered 2/5, 2013 at 16:1 Comment(3)

This is actually insane UX. – Degeneration 29/8, 2016 at 0:41

I wasted my time by deleting and recreating certificates many times. Thanks, it helped. – Flashboard 17/4, 2022 at 5:55

I'm running MacOS Ventura, the Keychain app looks a little bit different here. You can now find the 'My Certificates' button right above the list. – Azotemia 3/12, 2022 at 16:7

J

42

My problem was that, for some reason the various certs were being added to the 'System' keychain instead of the 'login' one.

By selecting 'login' and then adding them with the little '+' (next to the i) they've been added to the right place.

Jez answered 6/3, 2015 at 3:35 Comment(3)

I just dragged the icon from the System keychain to the login one to solve this same problem. Too simple! – Oria 8/4, 2016 at 21:58

Did the work for me. For some (like me), who are not able to find the "+" key, its at the bottom left section. – Ergocalciferol 30/3, 2017 at 9:48

fixed it for me... – Descry 26/7, 2023 at 13:28

M

36

What I faced, when I was creating CSR file, I was putting Common Name with a space. And the certificates created by this CSR file were not showing expand arrow in the Keychain Access

After I made a new CDR File with a short common name and recreated certificates, it installed well and has a private key.

Manriquez answered 3/9, 2015 at 5:39 Comment(12)

For me, this actually addressed my problem. Thanks! – Phillida 6/3, 2016 at 10:14

This addressed my problem too – Looksee 10/3, 2016 at 14:40

I had the same issue but my common name was empty so it didn't work. Adding name helped! – Grissom 28/12, 2016 at 14:34

Good one, Thanks ! – Dicast 8/4, 2017 at 14:8

I spend all night because of this issue. – Rehearing 16/5, 2017 at 19:50

I wonder how many working hours this bug causes. Thanks - that helped! – Wavelength 26/7, 2017 at 12:5

I believe this has fixed my no-dropdown-arrow situation as well. Crazy. – Mannes 14/9, 2017 at 19:49

I didn't get the point. Was the problem with space or with name length? If it was length - then what is the limit? – Michaelson 24/10, 2017 at 13:1

Space was the issue. – Manriquez 30/10, 2017 at 8:54

Good one, Worked for me. Thanks! – Rainmaker 9/1, 2018 at 9:24

This fixed mine, Thanks! – Hexangular 8/9, 2020 at 15:11

thanks you saved my life, how come apple accept us to add name with space when this cause an issue!!! – Zamia 13/11, 2020 at 13:20

M

18

on the machine you are trying to access this cert, do you have the key with which you signed the Certificate Signing Request (based on which apple created that certificate for you)?

You should ask the person who created that certificate. Thats probably the only way you can get the private key.

Melee answered 30/1, 2013 at 21:40 Comment(7)

When I signed the CSR, I got a certificate "iPhone Developer:[name]" with a private key "iOS Developer:[name]" along with it. Is this the private key that I should use for my apns-dev-key? – Sextant 30/1, 2013 at 22:36

It worked when I removed the existing Development Push SSL Certificate and created a new one with my own certificate generated from CSR, but there has to be a way around this for other team members to be able to access the private key when they download the certificate, right? – Sextant 30/1, 2013 at 22:58

Yes. and that way, is to export (right click on the certificate in keychain and export) the cert-key pair (or just the key) to your team members. That way, when your team members double click the certificate-key pair, both these will be loaded onto the keychain – Melee 30/1, 2013 at 23:29

@KenYu where did you get 'your own certificate generated from CSR' from? I am just able to get a CertificateSigningRequest. – Mansuetude 5/4, 2014 at 23:21

you upload the CSR in the dev portal. after that, you can download the signed certificate from the portal – Melee 16/3, 2016 at 16:2

I had same issue and your response helped me. I was trying to generate push certificates on a new macbook. But when I switched back to my old mac, it worked. My old mac will probably die soon, what certs/keys, etc should i export off my old mac on the new one and keep a back up? – Moon 8/3, 2017 at 22:29

Any cert/key pair related to apps in production / appstore, also the ones used for APNS, and the private keys related to your apps. – Melee 9/3, 2017 at 20:47

T

16

Goto the keychain access and follow steps as given below...

enter image description here

Teratism answered 4/3, 2015 at 7:5 Comment(0)

S

14

I had the exact same problem. Double-clicking the .cer file put the certificate in the Keychain, but did not show any private key (nor was the entry expandable).

I fixed the issue with these steps:

Quit keychain access.
right-click the .cer file (e.g. aps_production.cer)
Select "Open With > Keychain access (default)"

... and voila, now it shows up with the private key. Which is rather odd, since it was opening Keychain access anyways.

Stevana answered 27/2, 2015 at 2:36 Comment(0)

G

12

Delete the certificate that has no private key. Open Login in Keychain, then drag the file from Finder to Login and your certificate now has a private key!

Geminius answered 20/6, 2016 at 8:49 Comment(0)

T

11

My problem was that I was not looking under "Certificates" but under "All Items":

Torment answered 7/1, 2017 at 11:37 Comment(3)

This is the correct answer. For some reason, 'All Items' does not show the pair as a pair, only the certificate! – Ferrocyanide 8/5, 2019 at 4:12

This answer helped, all others didn't (macOS 10.14.5). – Shu 23/10, 2019 at 15:51

I spent the whole morning wondering why I don't get the tiny triangle. Thanks! – Purl 18/8, 2020 at 14:12

S

9

I was just double clicking on the certificate. What helped me eventually was to drag the certificate into the relevant section.

More details can be found in this blog: How to Export a Push Notification Certificate in a p12 file?

Stripy answered 15/6, 2016 at 7:15 Comment(2)

BTW, do we actually generate a pair of keys and a certificate for each app? I found it so messy I have trouble locating which app with which key and certificate. – Ferromagnetic 2/9, 2016 at 8:48

This must be the correct answer – Shalloon 25/4 at 1:58

A

2

Leaving this here in the hope that it helps somebody with similar symptoms - When you click aps.cer for opening it with Keychain Assistant, it prompts you with a dialog to select a keyring to import the Certificate into. For me, the private key didn't show up in a collapsible for any other keyring than login (i.e. others such as System or System Roots seemed to show only the Certificate).

Aeneas answered 4/1, 2016 at 12:8 Comment(1)

My god, THANK YOU. Why is this a thing. This should not be a thing. – Fuselage 20/12, 2016 at 4:3

W

1

Yet another answer to this...

After you create your CSR, before actually uploading it to the Apple site, you can go look within Keychain Access under the logins -> keys and see that you already have new public and private keys with the same name as you entered in your new CSR's CommonName.

So when you upload the CSR to the Apple, then download the certificate, then double-click the certificate, Keychain access is just matching up that downloaded certificate with the public key that was already in your Keychain Access list and it attaches the private key.

So if you are not able to get the private key after all of this, try recreate your CSR.

The strange thing to me is that, I had read that you could use the same CSR each time you recreate your certificate, but for some reason that is not working for me. Perhaps because the old expired certificate that I was replacing was no longer in my Keychain Access list and so therefore there was no public/private key pair that matched the newly generated certificate.

Whitsun answered 16/5, 2017 at 15:51 Comment(1)

Thanks a lot for the explanation, mate! This saving me tons of headache. I was trying to create new certificate using given CSR file from my old machine, but apparently I cannot export the CER file result to P12 because apparently it missing the public & private key. So I follow your suggestion to recreate the CSR in my new machine and making sure the CommonName is correct. Voila! It works! – Jaws 4/6, 2023 at 22:19

W

1

The .cer file does not contain the private key, only the public one. So all of these solutions are relevant only from the computer who issued the original CSR, or from a computer where the original certificate's keypair was imported to Keychain.

If you don't have access to the private key, you would have to generate a new certificate. However - you do not have to invalidate the old one from Apple's certificate portal, as you may use multiple APNS certificates for the same app ID.

Weider answered 12/6, 2018 at 16:40 Comment(0)

C

0

Delete the certificate that has no private key. Open Login in Keychain

Drag this two certificate in keychain

Woo you. have private key In your keychain.

Coat answered 26/9, 2019 at 6:3 Comment(1)

I don't think you can import CSR in the keychain... – Purl 18/8, 2020 at 14:13

D

0

I tried various answers on this question with no luck. I think what helped me was following the bottom of the Add Certificate page instruction:

So I double-clicked AppleWWDRCA and AppleWWDRCAG3. Then installed the generated certificated and "My certificates" section started to show certificates with private keys.

Diastole answered 2/7, 2021 at 13:20 Comment(0)

S

0

The reason is CSR file that was used to create this push certificate is not from your machine. You can ask person whoever created this certificate for private key.

Safeconduct answered 19/8, 2021 at 11:55 Comment(0)

O

0

Nothing above helped because Apple Software is crap. What I needed to do to make it work was to close and restart Keychain Access. That was all. What a poor programming Apple.

Ordway answered 3/8, 2022 at 19:30 Comment(0)

Recommended topics

Hot tags