How to create P12 certificate for iOS distribution

We have an iOS app whose push notification cert has expired and we’re trying to create a new one. I’ve created new certs in the Provisioning portal (ios_developer.cer, ios_distribution.cer) and downloaded them. I was following instructions here on Stack Overflow to convert it to PEM and then to P12 files, but I’m stuck. When I then attempt to convert the PEM to P12, it wants a private key of some sort, and I don’t know where to get it.

I’ve also tried loading these into Keychain Access. I had read that you could export them as P12 from there, but when I do the Import, they don’t appear anywhere.

  • CFNetwork SSLHandshake failed iOS 9
  • How to let AVPlayer retrieve playlist secured by SSL?
  • How to compare SSL certificates using AFNetworking
  • SSL iOS9 SSLHandshake failed. I checked with openssl & my server works with tls 1.2V
  • FireBase error -9806, SSL error -1200
  • How does one set SSL ciphers when using CFSocket/CFStream in Cocoa?
  • 5 Solutions Collect From Internet About “How to create P12 certificate for iOS distribution”

    Your private key is generated when you created the signing request in Keychain Access. After the cert is generated and downloaded, double-clicking it will add it to Keychain Access where it will be matched up with the private key. You can then select the cert, and open the arrow to also select the private key and export them together as a .p12 file from Keychain Access.

    .p12 files are used to publish app on the Apple App Store

    A. Create a (.certSigningRequest) CSR file

    1. Open Keychain Access from Utilities
    2. From Keychain Access toolbar select Keychain Access -> Preference
    3. In the pop up window select Certificates tab
    4. Set both “Online Certificate Status Protocol” and “Certificate Revocation List” to “Off”
    5. Close this window
    6. Now from toolbar, open Keychain Access > Certificate Assistant > Request a Certificate From a Certificate Authority
    7. Enter email address and common name that you used to register in the iOS Developer Program
    8. Keep CA Email blank and select “Saved to disk” and “Let me specify key pair information”
    9. Click Continue
    10. Choose a filename & destination on your hard drive
    11. Click Save
    12. In the next window, set “Key Size” value to “2048 bits”
    13. Set “Algorithm” to “RSA”
    14. Click Continue

    This will create and save your certSigningRequest file (CSR) to your hard drive. A public and private key will also be created in Keychain Access with the Common Name entered.

    B. Create “.cer” file in iOS developer account

    1. Login to apple developer account Click “Certificates, Identifiers & Profiles”
    2. Click “Provisioning Profiles”
    3. In the “Certificates” section click “Production”
    4. Click the “Add” (+) button at the top-right of the main panel
    5. Now, choose “App Store and Ad Hoc”
    6. Click Continue
    7. Click “Choose File” & find CSR file you’ve made from your hard drive
    8. Click Generate
    9. Click Download to get the file

    C. Install .cer and generate .p12 certificate

    1. Find .cer file you’ve downloaded and double-click
    2. Set Login drop-down to “login” and Click Add
    3. Open up KeyChain Access and you’ll find profile created in Step A
    4. You can expand “private key” profile (shows certificate you added)
    5. Select only these two items (not the public key)
    6. Right click and click “Export 2 items…” from popup
    7. Now make sure file format is “.p12” and choose filename and destination on your hard drive
    8. Click Save. Now, you’ll be prompted to set a password but keep these both blank
    9. Click OK. Now, you have a .p12 file on your hard drive

    OK, problem solved! it seems that when i double click on the certificate, it automatically installs it in the SYSTEM keychain – i don’t know why. So instead, i simply drag and drop the certificate into the LOGIN keychain and then all is good. Thanks to this article -> Adding certificates to keychain and generating .p12 file format – alon rosenfeld 10 months ago

    you will not get the expand option unless you filter by choosing (Certificates) from key chain left bottom corner

    For anyone still having this issue, the solution for me was to NOT select both and “Export 2 items” (the key and the certificate) – rather just export the certificate which ALREADY includes the key. As of 2016 i think this is the way to do it because previous uploads that worked with the export 2 items no longer work.