Cannot find app private key for iOS app

Question

I need a private key (.p12 file) for my iOS app in order to enable push notifications through Amazon SNS. I can't find a private key for my app in Keychain Access. I only see Developer and Distribution Keys for myself and my company. I could have deleted it as I deleted two things related to the app from Keychain Access in order to use updated versions. I may have deleted the wrong thing. Can I regenerate the keys in Xcode? If not, how do I create a new app to get new keys?

UPDATE: I found this tutorial that describes in detail what I am trying to do. http://www.adventuresofanentrepreneur.net/creating-a-mobile-appsgames-company/setting-up-aws-sns-to-send-push-notifications-to-ios-devices Steps 4.1-4.5 are the steps I cannot perform. This is because there is no key for my app in my keychain only certificates. I tried creating a wholly new app and following the process again and I have no key for that app either.

UPDATE 2: I found the following instructions that make me think there is something wrong with my Mac as it doesn't generate a key when I install the APNs certificate I download from Developer Center. http://kklolk.blogspot.co.uk/2013/11/amazon-sns-with-apple-apn.html

If I download the APN certificate and install it on my keychain, I see the certificate on the keychain but not the key. I have keys on my keychain for non-APN developer and distribution but these fail the openssl test against the Apple push servers listed in the tutorial

CONNECTED(00000003)
depth=1 C = US, O = "Entrust, Inc.", OU = www.entrust.net/rpa is incorporated by reference, OU = "(c) 2009 Entrust, Inc.", CN = Entrust Certification Authority - L1C
verify error:num=20:unable to get local issuer certificate
verify return:0
140735234900832:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:1256:SSL alert number 46
140735234900832:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---

I can use my non-APN .p12 files in the Amazon SNS New App page on AWS but they give the error - The credentials you entered are invalid. Please enter valid credentials and try again. I also tried combing the APNs certificate generated for the app with the keys from the developer and distributor keys, which gave the error - There was a transient failure registering the app with Amazon SNS. Please try again (Request ID: Unknown).

The problem certainly looks to be that my computer is not correctly generating keys from the certificates for APNs Development and Production.

Answer 1

I found an answer here:

Can't find private key for Apple Development Push Services

For me, I already had the certificate, but I didn't know how to find its private key. If you click "My Certificates" under categories, then a dropdown arrow appears next to your certificate. Click this and you should get your private key.

Answer 2

I had the same issue myself. What I found was that you need to make sure that the certificate that you are using to generate the .p12 file from in keychain access is one you created using your CertificateSigningRequest file.

I went back to the Apple Developer Member Center and created another Certificate for development purposes using my CertificateSigningRequest file. When I downloaded this and opened it up in keychain access the private key was now included. Exporting that private key pair as .p12 file allowed me to successfully register the application in AWS SNS. Note if using a Development certificate to export your private key you will need to create your application in SNS using the APNS Sandbox selection. If you are using a Production Certificate you need to use the normal APNS selection.

Answer 3

I have a tentative answer for this. When creating a certificate in Keychain Access, first select an iOS Developer or iOS Distribution, then go to the menu Keychain Access > Certificate Assistant > Request a Certificate from Certificate Autority With "iOS D...".

The above is during step 1 of http://docs.aws.amazon.com/sns/latest/dg/mobile-push-apns.html#verify-cert-private-key-apns

Before I was simply going straight to the menu where I noticed it then said Request a Certificate from Certificate Authority With "". Selecting an iOS developer key first results in their being a key associated with the certificate cer when imported. This let me generate the p12, which AWS accepted. However, messaging to iOS devices still isn't working so it isn't a full success yet.