Unable to export Apple production push SSL certificate in .p12 format

Question

I am using Urban airship in my application for push notification. So, I need to download the push SSL certificate from Apple developer portal. After downloading, I added that in keychain access. But no private key was created for the certificate. When I tried to right click and export the certificate, I was not able to export that as .p12 file as the .p12 file extension was disabled while saving. I am unable to attach the screenshots here due to lesser reputation.

Someone please tell me where is the issue here. How should I do that?

Answer 1

The others answers here have helped me a ton over the years. Well, it's that time of year again, and I'm just going to pitch in:

In my case, the .p12 format is disabled when exporting unless I'm in the "My Certificates" tab. The tricky part is that "My Certificates" always appears empty - I have to search in the search bar while on the My Certificates tab, and only then will the certificate appear and let me export as .p12, same as Gabe.

Answer 2

I was able to enable the p12 option by clicking opening the certificate's dropdown, clicking on the contained private key, going to the access control tab, then changing the setting to "Allow all applications to access this item"

Answer 3

I got it resolved, but solution is bit weired. It turns out you just need to open keychain and select the "My Certificate" tab of "login". Now go to your downloaded certificate and double click it, it will appear under "My Certificate" and you can see private key as well. Now you can easily export you cert in .p12 format Cheeres!

Answer 4

Turns out all you have to do is select "My Certificates" on the left panel and it enables the .p12 option.

Answer 5

You need to select "Certificates" tab in Access Key Chain.

Answer 6

In my case, the certificate did not appear until I searched by its name! I even took a video as proof. "Login" and "My Certificates" were both selected, I went through the full flow to regenerate it from scratch twice and every time the certificate was not there for me to export the .p12 file. Once I entered its name in the search bar it appeared! :flip_table_emoji:

Apple, fix your bugs! 2 hours of my life that will never come back.

Answer 7

Tried a lot of the suggestions above and this was the solution (@Greg) that worked for me:

The keychain you have selected on the left hand side in Keychain Access when generating the Certificate signingrequest must be the same keychain you import the signed certificate back into. Otherwise it treats it as someone else's and keychain access won't show the private key in the drop down.

Answer 8

You can use the Onesignal provisionator tool to create a push SSL certificate. It's free and does all the confusing bit for you.

It will revoke your current one as you generate it, so it's important to be quick when uploading it to the relevant place if you are live.

This worked with me for OneSignal push notifications, but I see no reason why it wouldn't work for other push notifications.

Answer 9

In order to export as p12 you either need to generate the cert from your machine or have the key that was used to generate it on your machine.

To ensure this will work:

1. Log in to Apple's Dev Center

2. Go to the Provisioning Portal or Certificates, Identifiers & Profiles

3. Go to Certificates and create a Apple Push Notification service SSL From here on you will be guided through the certificate generation process.

4. After you download the generated cert, install it in your keychain (double click the cert file or drag and drop into the keychain window.

5. Then select "Certificates" from the left panel. Right click the cert you want to export and the p12 option will be there.

Note: it won't be there unless you generated the cert from your machine

Answer 10

For me, instead of right-clicking on the main certificate row within Keychain Access and selecting Export, I had to click the drop-down arrow next to the certificate that I was trying to export and then right-click the entry below that and then select Export. Then you are actually selecting the private key part instead of the public key part.

Answer 11

In addition to verifying that the certificate was issued from certificate request from the Keychain Access -> Certificate Assistant on the same computer, ensure that the received .cer file is installed into the correct keychain.

The best way to do this is select the appropriate keychain under the left Keychains, most likely 'login', ensure 'My Certificates' is selected under Category, then drag and drop the .cer file into the main file list area.

Answer 12

In my case, I made the .cer file into "system" option not the "login" option. then I move the .cer file from the "system" to "login" option then press "My Certificates" then export it .p12 is ok..

Answer 13

Make you are selecting a private key and not a public key because you probably have both types on the list.

Answer 14

Apple do not store the private key you used to create your certificates. You need to already have a copy of it on your machine.

It sounds as if perhaps either somebody else requested the push certificate you're trying to download, or you requested it on another machine. If you can't find the private key you will need to create a new certificate request and upload it via the developer portal.