Ken Yu
Ken Yu

Reputation: 751

Can't find private key for Apple Development Push Services

I've consulted many sources out there and still can't figure this out.

http://code.google.com/p/apns-php/wiki/CertificateCreation

Basically after I download the Development Push SSL Certificate from the iOS Provisioning Portal > App IDS (with Enable for Apple Push Notification service selected) and I double click the certificate (filename aps_development.cer) to open it, the Keychain opens. I then select "login" and "Certificates" on the left panels. On the right panel I see "Apple Development IOS Push Services:..." and all instructions I've consulted so far have told me to "expand" this option by clicking the arrow next to the name to reveal the private key, but there is no expand option for this certificate. Can anyone help me find this private key? Did I download the wrong certificate?

Thanks

Upvotes: 70

Views: 42409

Answers (16)

Vaiden
Vaiden

Reputation: 16132

The .cer file does not contain the private key, only the public one. So all of these solutions are relevant only from the computer who issued the original CSR, or from a computer where the original certificate's keypair was imported to Keychain.

If you don't have access to the private key, you would have to generate a new certificate. However - you do not have to invalidate the old one from Apple's certificate portal, as you may use multiple APNS certificates for the same app ID.

Upvotes: 1

aqm
aqm

Reputation: 190

Nothing above helped because Apple Software is crap. What I needed to do to make it work was to close and restart Keychain Access. That was all. What a poor programming Apple.

Upvotes: 0

nikBhosale
nikBhosale

Reputation: 541

The reason is CSR file that was used to create this push certificate is not from your machine. You can ask person whoever created this certificate for private key.

Upvotes: 0

RustamG
RustamG

Reputation: 1825

I tried various answers on this question with no luck. I think what helped me was following the bottom of the Add Certificate page instruction: Intermediate Certificates

So I double-clicked AppleWWDRCA and AppleWWDRCAG3. Then installed the generated certificated and "My certificates" section started to show certificates with private keys.

Upvotes: 0

Hardik Bar
Hardik Bar

Reputation: 1760

Delete the certificate that has no private key. Open Login in Keychain

enter image description here

Drag this two certificate in keychain

Woo you. have private key In your keychain.

Upvotes: 0

hvaughan3
hvaughan3

Reputation: 11105

Yet another answer to this...

After you create your CSR, before actually uploading it to the Apple site, you can go look within Keychain Access under the logins -> keys and see that you already have new public and private keys with the same name as you entered in your new CSR's CommonName.

So when you upload the CSR to the Apple, then download the certificate, then double-click the certificate, Keychain access is just matching up that downloaded certificate with the public key that was already in your Keychain Access list and it attaches the private key.

So if you are not able to get the private key after all of this, try recreate your CSR.

The strange thing to me is that, I had read that you could use the same CSR each time you recreate your certificate, but for some reason that is not working for me. Perhaps because the old expired certificate that I was replacing was no longer in my Keychain Access list and so therefore there was no public/private key pair that matched the newly generated certificate.

Upvotes: 1

Sam
Sam

Reputation: 6160

My problem was that I was not looking under "Certificates" but under "All Items": enter image description here

Upvotes: 11

user619237
user619237

Reputation: 1892

Goto the keychain access and follow steps as given below...

enter image description here

Upvotes: 16

RomeoF
RomeoF

Reputation: 299

Delete the certificate that has no private key. Open Login in Keychain, then drag the file from Finder to Login and your certificate now has a private key!

Upvotes: 12

Luda
Luda

Reputation: 7078

I was just double clicking on the certificate. What helped me eventually was to drag the certificate into the relevant section.

enter image description here

More details can be found in this blog: How to Export a Push Notification Certificate in a p12 file?

Upvotes: 9

Angad
Angad

Reputation: 2823

Leaving this here in the hope that it helps somebody with similar symptoms - When you click aps.cer for opening it with Keychain Assistant, it prompts you with a dialog to select a keyring to import the Certificate into. For me, the private key didn't show up in a collapsible for any other keyring than login (i.e. others such as System or System Roots seemed to show only the Certificate).

Upvotes: 2

Vaibhav Saran
Vaibhav Saran

Reputation: 12908

What I faced, when I was creating CSR file, I was putting Common Name with a space. And the certificates created by this CSR file were not showing expand arrow in the Keychain Access

After I made a new CDR File with a short common name and recreated certificates, it installed well and has a private key.

enter image description here

Upvotes: 36

nbsp
nbsp

Reputation: 2291

My problem was that, for some reason the various certs were being added to the 'System' keychain instead of the 'login' one.

By selecting 'login' and then adding them with the little '+' (next to the i) they've been added to the right place.

Upvotes: 42

Tim O'Neil
Tim O'Neil

Reputation: 511

I had the exact same problem. Double-clicking the .cer file put the certificate in the Keychain, but did not show any private key (nor was the entry expandable).

I fixed the issue with these steps:

  1. Quit keychain access.
  2. right-click the .cer file (e.g. aps_production.cer)
  3. Select "Open With > Keychain access (default)"

... and voila, now it shows up with the private key. Which is rather odd, since it was opening Keychain access anyways.

Upvotes: 14

wspruijt
wspruijt

Reputation: 1067

I noticed that the expand icon is actually visible when clicking on 'My Certificates' in the left menu (Keychain).

Upvotes: 48

Nitin Alabur
Nitin Alabur

Reputation: 5812

on the machine you are trying to access this cert, do you have the key with which you signed the Certificate Signing Request (based on which apple created that certificate for you)?

You should ask the person who created that certificate. Thats probably the only way you can get the private key.

Upvotes: 18

Related Questions