Error when trying to obtain a certificate: The specified item could not be found in the keychain

I solved it. Ensure you are in the "Certificates" section and you select "Apple Worldwide Developer Relations Certification Authority" before requesting a certificate.

Keychain Access will not let you Request a Certificate from a Certificate Authority With "identity"... unless you have both the private key and public key for identity in your keychain. I ran into this when I only had the private key and not the corresponding public key.

You can create the public key from the private key and import it into your keychain using the procedure described in I lost my public key. Can I recover it from a private key?

Once I imported the public key I was able to use the Request a Certificate from a Certificate Authority With "identity"... command without triggering the The specified item could not be found in the keychain error.

Go to the "Certificates" section and select "Apple Worldwide Developer Relations Certification Authority" before requesting a certificate.

You are (perhaps accidentally) asking Keychain Access to generate a Certificate Signing Request using an existing key. If a key is selected when you go into the Keychain Access - Certificate Assistant menu, the options presented will be for that selected key.

Choose a non-key item in your keychain (like a saved password) and go to Keychain Access - Certificate Assistant again to generate the CSR normally.

Even I was getting this issue. I solved this by selecting All Items instead of the Keys in the Categories pane and then trying to create the Certificate.

Try this, it will surely work.

This was happening to me I noticed that the menu option for creating the certificate request had changed from

Request a Certificate from a Certificate Authority...

to

Request a Certificate from a Certificate Authority with "My Name"...

I'm on a domain at work so I logged out, logged in and out as another user, then logged in again. After that the menu appeared as expected and this error went away

My goal was to create a CSR (certificate signing request) using my existing private key to submit to Apple to generate a new iPhone Distribution certificate. I made sure Certificates was the selected Category on the left. I tried right clicking my private key and clicking on Request a Certificate From a Certificate Authority With Imported Private Key and would get the following error when I try to save it.

The specified item could not be found in the keychain.

I also got the same error when I went through the file menu: Keychain Access > Certificate Assistant

What I've gathered from other internet sources is that Keychain Access DOES NOT allow you to create a new CSR if you imported the private key, only if you created the key locally from the tool.

What I ended up doing instead was exporting the private key and using openssl to generate the new CSR, which Apple accepted, and now references the new Imported Private Key.

Exporting the private key

1. Right click on private key
2. Export
3. Make sure p12 file format is selected
4. Save
5. Enter a password (optional)
6. Allow access to export key
7. Open Terminal and go to exported directory
8. Extract key from p12 container

Be careful as the .pem private key is no longer password protected)

$ openssl pkcs12 -in Certificates.p12 -out Certificates.pem -nodes
Enter Import Password: ********************
MAC verified OK

Creating new CSR with exported private key

$ openssl req -out Certificates.csr -key Certificates.pem -new
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:.
State or Province Name (full name) [Some-State]:.
Locality Name (eg, city) []:.
Organization Name (eg, company) [Internet Widgits Pty Ltd]:.
Organizational Unit Name (eg, section) []:.
Common Name (e.g. server FQDN or YOUR name) []:John Doe Dev Key
Email Address []:[email protected]

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

A couple things to note:

• Enter . when you want the field to be blank, or the default will include whatever's in the brackets [].
• Common Name (CN) should be your private key name (e.g., John Doe Dev Key)
• Email Address should be your email address (e.g. [email protected])
• Everything else should be blank

Verify your CSR

$ openssl req -noout -text -in Certificates.csr
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: CN=John Doe Dev Key/[email protected]
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    …
                Exponent: 65537 (0x10001)
        Attributes:
            a0:00
    Signature Algorithm: sha1WithRSAEncryption
        …

What you should care about is on the Subject line and verify that's correct.

Now all you need to do is submit it to Apple, wait for the certificate to be generated, and then install it. After you import your newly generated certificate, you will see that it'll reference the old certificate that you exported above.

i have same problem. i can create CSR then not create it and same error are getting.

then i can search and found may solution but not solve.

some time i can solve it.

my keychain access through frist time crate CSR.so my keychain access is lock.

open > keychain access > top of keychain access display " Click to unlock the system keychain "

Click that and unlock system keychain then create CSR file then Not Getting this error.

Choosing the private key in keychain will occur the problem. "the specified item could not be found in the keychain" While you choose the public key solve it. "Your certificate request has been created on disk."

After revoking every certificate I had, I figured out the problem was with my yubikey. It was getting in the way of signing the app. After I removed it, problem solved.

This forum thread helped me out: https://forums.developer.apple.com/thread/106938

Okay the name that shows displays the item you highlighted in the Keychain mainwindow (if you select a different item here you also see the menu item change with it). If you go the the category section on the left and select my certificates for instance and go back to the certificate assistent menu item it looks/acts like you're used to. Hope this helps!

If you have selected any private key in keychain while generating new CSR then it will prompt you with reference to that key. Just make sure you have selected any non private key item for generating new CSR which will be useful for creating fresh one.

For e.g keep selected in keychain tool "Public Key" or any existing certificate which don't have private key aligned to it. Now follow "Request Certificate from certificate Authority" flow.

Below link resolved the issue for me. https://forums.developer.apple.com/thread/72863

In my case it was the yubikey which was connected to my Mac all the time. After removing it, issue got resolved automatically.

For me the problem are one certificate that was messed up.

There was no need for me to delete all my certs.

Identifying the bad certificate:

1. From you Keychains select Login From Category select Certificates
2. Find any Apple Certificate that has the blue +
3. Double click on the certificate.
4. Expand the Trust If it's messed up then the "When using this certificate" is set to "Always Trust" along with the blue +

Fixing the bad certificate:

1. Just set it to "Use System Defaults" and close it.
2. You'll get a pop up. Type in your password to update settings.
3. Close KeyChain.
4. Go back to your project, clean and run.
5. Problem should have gone away. If that didn't work then go back to Keychain and just double check and see if there are any other Apple certificates that are set to Always Trust and repeat the process.

I had same problem in my mac, i just goto system preferences, MySQL, Choose MySQL Version, Initialize Database, Enter Password, Ok. Then its work

Solved it! Had to change "User certificate" to "Code signing".