Cannot export p12 certificate

Code Signing Certificates, Identifiers & Profiles
davidnusbaum OP
Created 1w
Replies 1
Boosts 0
Views 200
Participants 2

I have a pass type id that expired. I created a CSR in keychain access on my Mac. I uploaded the CSR and generated a new cert. I downloaded the new cert and imported into keychain access. I don't see the associated private key and I cannot export a .p12 certificate.

It's possible I started with the wrong key to generate the CSR or maybe I inadvertently deleted key while trying to locate the cert after importing. I'm not sure how to determine which.

I do still have the private key from the cert that expired. But, I cannot figure out how to sign a cert again, my only option now is download.

I've been searching the forum and while there may be an answer, I may just be looking for the wrong thing.

I could use some help if anybody would be so kind.

Replies  1
Boosts  0
Views  200
Participants  2
DTS Engineer OP
Apple
3d

Sorry for the delay. In Xcode 16 you can just turn on automatic signing and will create the private key in the keychain and everything you need. Just make sure the previous expired one is removed.

Let's go through a step-by-step guide to resolve this:

  • Verify the Expired Certificate and Private Key:

    • Open Keychain Access on your Mac.
    • In the 'Certificates' category, locate the expired certificate. Ensure that it has a private key associated with it. You can usually tell by looking at the details of the certificate. If the private key is not there, it means you might have deleted it accidentally.

  • Importing the New Certificate Correctly:

    • When you imported the new certificate, did you double-check that it was imported into the 'Login' keychain? Sometimes, certificates can be imported into the 'System' keychain.

  • Exporting the .p12 Certificate:

    • To export the .p12 certificate, you need both the certificate and its associated private key.
    • Select both the new certificate and its private key in Keychain Access.

  • Generating a New CSR with the Correct Private Key:

    • If you started with the wrong key to generate the CSR, here's how you can generate a new one with the correct private key:
      • Open Keychain Access.
      • In the 'Keys' category, locate the private key associated with the expired certificate (if you still have it).
      • Right-click on the private key and select "Request a Certificate from a Certificate Authority...".
      • Follow the prompts to create a new CSR using this private key.

  • Signing the Certificate Again:

    • If you need to sign the certificate again, you'll need to use the same private key that was used to generate the CSR.

As previously said, automatic signing is your friend on a clean machine.

Albert Pascual
  Worldwide Developer Relations.

0
Cannot export p12 certificate
First post date Last post date
 
 
Q