CSR algorithm/size incorrect. Expected: RSA(2048)

My development and production APNS certificates are due to expire in January so I've just started the renewal process.


I open keychain access and ask Certificate Assistant > Request a certificate from a certificate authority.


I filled out the fields as normal (my email, descriptive text, save to disk) and it generated the .certSigningRequest file but when I upload that I get:


An unspecified error occurred.

CSR algorithm/size incorrect. Expected: RSA(2048)


Now I can't see any settings for what CSR algorithm or size in the certificate assistant dialog.


This is keychain access Version 9.0 (55171.20.2) running on El Capitan.


Any ideas why this is failing and what I should do to fix it?

I have the same problem. Did you find a solution?

I'm having the same proboem right now, also with El Capitan and a fresh itunes connect account.

I'm having the same problem. Have not yet been able to google myself an answer.

It's not as if one is given any options to change the CSR algorithm...

Anybody found a way around it yet?


/A

I'm having the same problem.

Same here...

Can anybody explain how fix this issue? I'm creating certificate for the first time and can't go next step because of this.

+1 on this. I get an option with request a certificate from a certificate authority with "imessage encryption key"... And the request is invalidated with the same error. My account is also about to expire but I guess there are few months remaining.

I figured out the problem. It seems like you need to make sure that you have selected "iCloud" in the list of keychains. This is usually present at the top left of your keychain access window. Once you have iCloud selected there, click on the Keychain Access -> Certificate Assistant -> Request a certificate from a certificate authority and follow the usual steps. This worked like a charm.

Just got this error also


Fixed it by clicking Keychain Access -> Certificate Assistant -> Open..

My Request a certificate from a certificate authority had "IMessenger" addded at the end


Hope this helps

As the error message indicates, the Certificate Signing Request for the Merchant Identity Certificate requires the RSA-2048 algorithm. As an alternative, you can use openSSL to generate the CSR via the following steps:

  1. Execute the following openSSL command to create a private key:

openssl genrsa -out privateKey.key 2048

  1. Execute the following openSSL command to generate a certificate signing request (CSR) from the private key:

openssl req -new -key privateKey.key -out certificateSigningRequest.csr

  1. Login to the Apple Developer Portal and upload the CSR file. You can then download the newly generated certificate.

I have changed file extension from certSigningRequest.certSigningRequest ◁ to ▶︎ certSigningRequest.csr and Its working fine for me.

Remove/create again Merchant ID.

OK, this issue confounded me. I reached out to Apple and they sent me here. The suggestions didn't work. But I found my particular issue.

First, I followed the directions given by Apple. https://developer.apple.com/help/account/create-certificates/create-a-certificate-signing-request

When I went into Keychain Access > Certificate Assistant... many of the options ended with "With <key>"... literally those words. This would generate a faulty certificate. The issue was that I had "login" selected under Default Keychains in the app, but had no key selected. Apple should update their instructions to tell you select "System" instead. Then when you go into the Keychain Access > Certificate Assistant... none of the options will be for a key (or an unselected one) and that process will work.

Apple, you may send me my support assistance check.

CSR algorithm/size incorrect. Expected: RSA(2048)
 
 
Q