问题
For aesthetic reasons, I would like to use the same private key that I used to create my distribution certificate a while ago, to create a new development certificate (my old one expired). But the "How to create a development certificate:" on the iOS provisioning portal require that you use Keychain Access create a new key. When I try to do Keychain Access > Certificate Assistant > Request a Certificate From a Certificate Authority With "(my key name)" the Certificate Assistant doesn't actually create a CSR file.
Does anyone know if this can be done, and if so, how?
回答1:
First, I had to export my private key from the keychain as a p12 file. I tried scripting this, but was unsuccessful.
- Open keychain and select your private key
- Right-click and select "Export "
- Use a p12 file type.
Run the following openssl command to convert your password-protected p12 file to a pem. openssl will prompt for a password.
openssl pkcs12 -in your-newly-exported-p12-file.p12 -out your-newly-exported-p12-file-as-a-pem.pem -nodes
Run the following command on your pem file to generate the csr.
openssl req -new -key your-newly-exported-p12-file-as-a-pem.pem -out your-csr-to-submit-to-apple.csr
回答2:
To generate a CSR from an existing Private Key in Keychain Access, just right-click (two-finger click) on the Private Key you want to use and choose REQUEST A CERTIFICATE FROM A CERTIFICATE AUTHORITY WITH "(My Key Name)"
Then enter the User Email Address and CA Email Address (I just use the same email address for both) and then choose Saved To Disk.
回答3:
Are you comfortable with OpenSSL and the command-line? There's a discussion on a mailing list about creating the CSR manually. FWIW, I wasn't able to create a CSR using a selected key in Keychain Access/Certificate Assistant either.
回答4:
I went through this hell today. I wanted to automate the export of a key to create the CSR via commandline. I found a tool written in c
that promised what I wanted: keychain_access. I compiled and played around with it but wasn't able to export my distribution key. I created the tool again from scratch with the newest apple security API's and keychain item attribute printing, but still wasn't able to find the key by label. I was able to list it with no label search. In an desperate attempt I renamed to key in the keychain access tool and renamed it back to the old name. After that my tool finally picket up the key by label. And also the right click REQUEST A CERTIFICATE FROM A CERTIFICATE AUTHORITY WITH "(My Key Name)"
started to work again as well. It seems that the name was saved in a different encoding or something. Not event apples own keychain access tool was able to find the key!
来源:https://stackoverflow.com/questions/4551793/how-can-i-use-an-existing-private-key-to-a-new-ios-development-certificate