Error when trying to obtain a certificate: The specified item could not be found in the keychain

Question

I was having a problem with codesigning my apps, so I deleted all the keys from the keychain. Then I went to Certificate Assistant => Request a certificate from a Certif

Answer 1

Keychain Access will not let you Request a Certificate from a Certificate Authority With "identity"... unless you have both the private key and public key for identity in your keychain. I ran into this when I only had the private key and not the corresponding public key.

You can create the public key from the private key and import it into your keychain using the procedure described in I lost my public key. Can I recover it from a private key?

Once I imported the public key I was able to use the Request a Certificate from a Certificate Authority With "identity"... command without triggering the The specified item could not be found in the keychain error.

Answer 2

i have same problem. i can create CSR then not create it and same error are getting.

then i can search and found may solution but not solve.

some time i can solve it.

my keychain access through frist time crate CSR.so my keychain access is lock.

open > keychain access > top of keychain access display " Click to unlock the system keychain "

Click that and unlock system keychain then create CSR file then Not Getting this error.

Answer 3

If you have selected any private key in keychain while generating new CSR then it will prompt you with reference to that key. Just make sure you have selected any non private key item for generating new CSR which will be useful for creating fresh one.

For e.g keep selected in keychain tool "Public Key" or any existing certificate which don't have private key aligned to it. Now follow "Request Certificate from certificate Authority" flow.

Answer 4

Go to the "Certificates" section and select "Apple Worldwide Developer Relations Certification Authority" before requesting a certificate.

Answer 5

Even I was getting this issue. I solved this by selecting All Items instead of the Keys in the Categories pane and then trying to create the Certificate.

Try this, it will surely work.

Answer 6

My goal was to create a CSR (certificate signing request) using my existing private key to submit to Apple to generate a new iPhone Distribution certificate. I made sure Certificates was the selected Category on the left. I tried right clicking my private key and clicking on Request a Certificate From a Certificate Authority With Imported Private Key and would get the following error when I try to save it.

The specified item could not be found in the keychain.

I also got the same error when I went through the file menu: Keychain Access > Certificate Assistant

What I've gathered from other internet sources is that Keychain Access DOES NOT allow you to create a new CSR if you imported the private key, only if you created the key locally from the tool.

What I ended up doing instead was exporting the private key and using openssl to generate the new CSR, which Apple accepted, and now references the new Imported Private Key.

Exporting the private key

1. Right click on private key
2. Export
3. Make sure p12 file format is selected
4. Save
5. Enter a password (optional)
6. Allow access to export key
7. Open Terminal and go to exported directory
8. Extract key from p12 container

Be careful as the .pem private key is no longer password protected)

$ openssl pkcs12 -in Certificates.p12 -out Certificates.pem -nodes
Enter Import Password: ********************
MAC verified OK

Creating new CSR with exported private key

$ openssl req -out Certificates.csr -key Certificates.pem -new
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:.
State or Province Name (full name) [Some-State]:.
Locality Name (eg, city) []:.
Organization Name (eg, company) [Internet Widgits Pty Ltd]:.
Organizational Unit Name (eg, section) []:.
Common Name (e.g. server FQDN or YOUR name) []:John Doe Dev Key
Email Address []:thon@example.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

A couple things to note:

• Enter . when you want the field to be blank, or the default will include whatever's in the brackets [].
• Common Name (CN) should be your private key name (e.g., John Doe Dev Key)
• Email Address should be your email address (e.g. thon@example.com)
• Everything else should be blank

Verify your CSR

$ openssl req -noout -text -in Certificates.csr
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: CN=John Doe Dev Key/emailAddress=thon@example.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    …
                Exponent: 65537 (0x10001)
        Attributes:
            a0:00
    Signature Algorithm: sha1WithRSAEncryption
        …

What you should care about is on the Subject line and verify that's correct.

Now all you need to do is submit it to Apple, wait for the certificate to be generated, and then install it. After you import your newly generated certificate, you will see that it'll reference the old certificate that you exported above.