192
votes

I am using Urban airship in my application for push notification. So, I need to download the push SSL certificate from Apple developer portal. After downloading, I added that in keychain access. But no private key was created for the certificate. When I tried to right click and export the certificate, I was not able to export that as .p12 file as the .p12 file extension was disabled while saving. I am unable to attach the screenshots here due to lesser reputation.

Someone please tell me where is the issue here. How should I do that?

10

10 Answers

623
votes

Turns out all you have to do is select "My Certificates" on the left panel and it enables the .p12 option.

109
votes

In my case, I made the .cer file into "system" option not the "login" option. then I move the .cer file from the "system" to "login" option then press "My Certificates" then export it .p12 is ok..

29
votes

Apple do not store the private key you used to create your certificates. You need to already have a copy of it on your machine.

It sounds as if perhaps either somebody else requested the push certificate you're trying to download, or you requested it on another machine. If you can't find the private key you will need to create a new certificate request and upload it via the developer portal.

19
votes

In order to export as p12 you either need to generate the cert from your machine or have the key that was used to generate it on your machine.

To ensure this will work:

  1. Log in to Apple's Dev Center

  2. Go to the Provisioning Portal or Certificates, Identifiers & Profiles

  3. Go to Certificates and create a Apple Push Notification service SSL From here on you will be guided through the certificate generation process.

  4. After you download the generated cert, install it in your keychain (double click the cert file or drag and drop into the keychain window.

  5. Then select "Certificates" from the left panel. Right click the cert you want to export and the p12 option will be there.

Note: it won't be there unless you generated the cert from your machine

12
votes

In addition to verifying that the certificate was issued from certificate request from the Keychain Access -> Certificate Assistant on the same computer, ensure that the received .cer file is installed into the correct keychain.

The best way to do this is select the appropriate keychain under the left Keychains, most likely 'login', ensure 'My Certificates' is selected under Category, then drag and drop the .cer file into the main file list area.

10
votes

For me, instead of right-clicking on the main certificate row within Keychain Access and selecting Export, I had to click the drop-down arrow next to the certificate that I was trying to export and then right-click the entry below that and then select Export. Then you are actually selecting the private key part instead of the public key part.

4
votes

Make you are selecting a private key and not a public key because you probably have both types on the list.

2
votes

In my case, the certificate did not appear until I searched by its name! I even took a video as proof. "Login" and "My Certificates" were both selected, I went through the full flow to regenerate it from scratch twice and every time the certificate was not there for me to export the .p12 file. Once I entered its name in the search bar it appeared! :flip_table_emoji:

Apple, fix your bugs! 2 hours of my life that will never come back.

0
votes

You can use the Onesignal provisionator tool to create a push SSL certificate. It's free and does all the confusing bit for you.

It will revoke your current one as you generate it, so it's important to be quick when uploading it to the relevant place if you are live.

This worked with me for OneSignal push notifications, but I see no reason why it wouldn't work for other push notifications.

0
votes

Tried a lot of the suggestions above and this was the solution (@Greg) that worked for me:

The keychain you have selected on the left hand side in Keychain Access when generating the Certificate signingrequest must be the same keychain you import the signed certificate back into. Otherwise it treats it as someone else's and keychain access won't show the private key in the drop down.