Can't find private key for Apple Development Push Services

Question

I've consulted many sources out there and still can't figure this out.

http://code.google.com/p/apns-php/wiki/CertificateCreation

Basically after I download the Development Push SSL Certificate from the iOS Provisioning Portal > App IDS (with Enable for Apple Push Notification service selected) and I double click the certificate (filename aps_development.cer) to open it, the Keychain opens. I then select "login" and "Certificates" on the left panels. On the right panel I see "Apple Development IOS Push Services:..." and all instructions I've consulted so far have told me to "expand" this option by clicking the arrow next to the name to reveal the private key, but there is no expand option for this certificate. Can anyone help me find this private key? Did I download the wrong certificate?

Thanks

score 46 · Answer 1 · answered May 02 '13 at 16:01

46

I noticed that the expand icon is actually visible when clicking on 'My Certificates' in the left menu (Keychain).

answered May 02 '13 at 16:01

wspruijt

1,037
11
15

14

This is actually insane UX. – Andrew Plummer Aug 29 '16 at 00:41
I wasted my time by deleting and recreating certificates many times. Thanks, it helped. – Chanchal Raj Apr 17 '22 at 05:55
I'm running MacOS Ventura, the Keychain app looks a little bit different here. You can now find the 'My Certificates' button right above the list. – Jan Erik Schlorf Dec 03 '22 at 16:07

score 42 · Answer 2 · answered Mar 06 '15 at 03:35

42

My problem was that, for some reason the various certs were being added to the 'System' keychain instead of the 'login' one.

By selecting 'login' and then adding them with the little '+' (next to the i) they've been added to the right place.

answered Mar 06 '15 at 03:35

nbsp

2,291
1
15
12

6

I just dragged the icon from the System keychain to the login one to solve this same problem. Too simple! – Andrew Duncan Apr 08 '16 at 21:58
Did the work for me. For some (like me), who are not able to find the "+" key, its at the bottom left section. – Shobhit C Mar 30 '17 at 09:48
fixed it for me... – ied3vil Jul 26 '23 at 13:28

score 36 · Answer 3 · answered Sep 03 '15 at 05:39

36

What I faced, when I was creating CSR file, I was putting Common Name with a space. And the certificates created by this CSR file were not showing expand arrow in the Keychain Access

After I made a new CDR File with a short common name and recreated certificates, it installed well and has a private key.

answered Sep 03 '15 at 05:39

Vaibhav Saran

12,848
3
65
75

1

For me, this actually addressed my problem. Thanks! – Sung Kim Mar 06 '16 at 10:14
This addressed my problem too – jfredsilva Mar 10 '16 at 14:40
I had the same issue but my common name was empty so it didn't work. Adding name helped! – Firze Dec 28 '16 at 14:34
Good one, Thanks ! – Sharique Abdullah Apr 08 '17 at 14:08
1

I spend all night because of this issue. – May 16 '17 at 19:50
2

I wonder how many working hours this bug causes. Thanks - that helped! – Jakob Jul 26 '17 at 12:05
I believe this has fixed my no-dropdown-arrow situation as well. Crazy. – Josh Rosen Sep 14 '17 at 19:49
I didn't get the point. Was the problem with space or with name length? If it was length - then what is the limit? – vahotm Oct 24 '17 at 13:01
Space was the issue. – Vaibhav Saran Oct 30 '17 at 08:54
Good one, Worked for me. Thanks! – ajeet sharma Jan 09 '18 at 09:24
This fixed mine, Thanks! – Swappy Dwappy Sep 08 '20 at 15:11
thanks you saved my life, how come apple accept us to add name with space when this cause an issue!!! – ANeme Nov 13 '20 at 13:20

score 18 · Answer 4 · answered Jan 30 '13 at 21:40

18

on the machine you are trying to access this cert, do you have the key with which you signed the Certificate Signing Request (based on which apple created that certificate for you)?

You should ask the person who created that certificate. Thats probably the only way you can get the private key.

answered Jan 30 '13 at 21:40

Nitin Alabur

5,812
1
34
52

When I signed the CSR, I got a certificate "iPhone Developer:[name]" with a private key "iOS Developer:[name]" along with it. Is this the private key that I should use for my apns-dev-key? – Ken Yu Jan 30 '13 at 22:36
1

It worked when I removed the existing Development Push SSL Certificate and created a new one with my own certificate generated from CSR, but there has to be a way around this for other team members to be able to access the private key when they download the certificate, right? – Ken Yu Jan 30 '13 at 22:58
2

Yes. and that way, is to export (right click on the certificate in keychain and export) the cert-key pair (or just the key) to your team members. That way, when your team members double click the certificate-key pair, both these will be loaded onto the keychain – Nitin Alabur Jan 30 '13 at 23:29
@KenYu where did you get 'your own certificate generated from CSR' from? I am just able to get a CertificateSigningRequest. – kev Apr 05 '14 at 23:21
you upload the CSR in the dev portal. after that, you can download the signed certificate from the portal – Nitin Alabur Mar 16 '16 at 16:02
I had same issue and your response helped me. I was trying to generate push certificates on a new macbook. But when I switched back to my old mac, it worked. My old mac will probably die soon, what certs/keys, etc should i export off my old mac on the new one and keep a back up? – Amit Garg Mar 08 '17 at 22:29
Any cert/key pair related to apps in production / appstore, also the ones used for APNS, and the private keys related to your apps. – Nitin Alabur Mar 09 '17 at 20:47

score 14 · Answer 5 · answered Feb 27 '15 at 02:36

I had the exact same problem. Double-clicking the .cer file put the certificate in the Keychain, but did not show any private key (nor was the entry expandable).

I fixed the issue with these steps:

Quit keychain access.
right-click the .cer file (e.g. aps_production.cer)
Select "Open With > Keychain access (default)"

... and voila, now it shows up with the private key. Which is rather odd, since it was opening Keychain access anyways.

score 14 · Answer 6 · edited Jul 26 '16 at 12:01

14

Goto the keychain access and follow steps as given below...

enter image description here

edited Jul 26 '16 at 12:01

Balaji Ramakrishnan

1,909
11
22

answered Mar 04 '15 at 07:05

user619237

1,776
3
17
19

score 12 · Answer 7 · answered Jun 20 '16 at 08:49

12

Delete the certificate that has no private key. Open Login in Keychain, then drag the file from Finder to Login and your certificate now has a private key!

answered Jun 20 '16 at 08:49

RomeoF

299
3
12

score 11 · Answer 8 · answered Jan 07 '17 at 11:37

11

My problem was that I was not looking under "Certificates" but under "All Items":

answered Jan 07 '17 at 11:37

Sam

5,375
2
45
54

This is the correct answer. For some reason, 'All Items' does not show the pair as a pair, only the certificate! – John Rogers May 08 '19 at 04:12
This answer helped, all others didn't (macOS 10.14.5). – heyfrank Oct 23 '19 at 15:51
I spent the whole morning wondering why I don't get the tiny triangle. Thanks! – Josef Habr Aug 18 '20 at 14:12

score 8 · Answer 9 · answered Jun 15 '16 at 07:15

8

I was just double clicking on the certificate. What helped me eventually was to drag the certificate into the relevant section.

More details can be found in this blog: How to Export a Push Notification Certificate in a p12 file?

answered Jun 15 '16 at 07:15

Luda

7,282
12
79
139

BTW, do we actually generate a pair of keys and a certificate for each app? I found it so messy I have trouble locating which app with which key and certificate. – huggie Sep 02 '16 at 08:48

score 2 · Answer 10 · answered Jan 04 '16 at 12:08

2

Leaving this here in the hope that it helps somebody with similar symptoms - When you click aps.cer for opening it with Keychain Assistant, it prompts you with a dialog to select a keyring to import the Certificate into. For me, the private key didn't show up in a collapsible for any other keyring than login (i.e. others such as System or System Roots seemed to show only the Certificate).

answered Jan 04 '16 at 12:08

Angad

2,803
3
32
45

My god, THANK YOU. Why is this a thing. This should not be a thing. – Anchor Dec 20 '16 at 04:03

score 1 · Answer 11 · answered May 16 '17 at 15:51

Yet another answer to this...

After you create your CSR, before actually uploading it to the Apple site, you can go look within Keychain Access under the logins -> keys and see that you already have new public and private keys with the same name as you entered in your new CSR's CommonName.

So when you upload the CSR to the Apple, then download the certificate, then double-click the certificate, Keychain access is just matching up that downloaded certificate with the public key that was already in your Keychain Access list and it attaches the private key.

So if you are not able to get the private key after all of this, try recreate your CSR.

The strange thing to me is that, I had read that you could use the same CSR each time you recreate your certificate, but for some reason that is not working for me. Perhaps because the old expired certificate that I was replacing was no longer in my Keychain Access list and so therefore there was no public/private key pair that matched the newly generated certificate.

Thanks a lot for the explanation, mate! This saving me tons of headache. I was trying to create new certificate using given CSR file from my old machine, but apparently I cannot export the CER file result to P12 because apparently it missing the public & private key. So I follow your suggestion to recreate the CSR in my new machine and making sure the CommonName is correct. Voila! It works! — Riandy Rahman Nugraha, Jun 04 '23 at 22:19

Vaiden · Answer 12 · 2023-06-05T08:41:04.253

The .cer file does not contain the private key, only the public one. So all of these solutions are relevant only from the computer who issued the original CSR, or from a computer where the original certificate's keypair was imported to Keychain.

If you don't have access to the private key, you would have to generate a new certificate. However - you do not have to invalidate the old one from Apple's certificate portal, as you may use multiple APNS certificates for the same app ID.

score 0 · Answer 13 · answered Sep 26 '19 at 06:03

0

Delete the certificate that has no private key. Open Login in Keychain

Drag this two certificate in keychain

Woo you. have private key In your keychain.

answered Sep 26 '19 at 06:03

Hardik Bar

1,660
18
27

1

I don't think you can import CSR in the keychain... – Josef Habr Aug 18 '20 at 14:13

score 0 · Answer 14 · answered Jul 02 '21 at 13:20

I tried various answers on this question with no luck. I think what helped me was following the bottom of the Add Certificate page instruction:

So I double-clicked AppleWWDRCA and AppleWWDRCAG3. Then installed the generated certificated and "My certificates" section started to show certificates with private keys.

score 0 · Answer 15 · answered Aug 19 '21 at 11:55

0

The reason is CSR file that was used to create this push certificate is not from your machine. You can ask person whoever created this certificate for private key.

answered Aug 19 '21 at 11:55

nikBhosale

531
1
5
27

score 0 · Answer 16 · answered Aug 03 '22 at 19:30

0

Nothing above helped because Apple Software is crap. What I needed to do to make it work was to close and restart Keychain Access. That was all. What a poor programming Apple.

answered Aug 03 '22 at 19:30

aqm

142
2
17

Can't find private key for Apple Development Push Services

16 Answers16

Linked