Skip to main content
M
MakaiMedia
Participating Frequently
August 4, 2012
Question

Openssl: No certificate matches private key

  • August 4, 2012
  • 3 replies
  • 12628 views

This used to work on my last computer, but I created a CSR and uploaded it to Apple and it returned a valid distribution certificate. But when I run Openssl to try and create the p12 file, I keep getting the error:

"no certificate matches private key".

My batch file looks like this:

set OPENSSL_CONF=C:\OpenSSL-Win32\bin\openssl.cfg

set RANDFILE=.rnd

openssl x509 -in ios_distribution.cer -inform DER -out developer_identity.pem -outform PEM

pause

openssl pkcs12 -export -inkey mykey.key -in developer_identity.pem -out myfile.p12

pause

I've tried just about everything, and I'm seriously stuck. Can anyone help?

This topic has been closed for replies.

3 replies

M
MakaiMediaAuthor
Participating Frequently
August 4, 2012

So, the only thing I notice about your video, iBrent, is that you say the certificate signing request has to match the email of the account name.  But in my case, this is for a client's account.  Do I need to make the emailAddress= field the account admin's?  Or can it still be mine?

iBr3nt
iBr3nt
Inspiring
August 4, 2012

Hi,

I put together a series of tutorials on creating the Apple CSR request and certs on Windows a while back. They have step by step instructions including the commands I used. See if that helps, it can be tricky for sure.

http://www.youtube.com/playlist?list=PL57C122F59F8F1A43

iBrent

M
MakaiMediaAuthor
Participating Frequently
August 4, 2012

IBrent, I'll take a look and see if I missed anything.  I did this on another computer but it was a couple years ago and maybe I skipped a step.

Colin Holgate
Colin Holgate
Inspiring
August 4, 2012

You can run into such issues if you still have old certificates kicking around. Go into Keychain Access and look at Certificates and My Certificates. Any that don't have a key next to them are likely to not work, but still cause problems. Of the others, delete any that are not the latest date, and export a P12 from the most recent one, to use in Flash.

Also, make sure that your provisioning files are using that latest certificate.

M
MakaiMediaAuthor
Participating Frequently
August 4, 2012

Thanks, Colin.  This is for Windows, and it's a new computer.  Do you think that still matters?

Colin Holgate
Colin Holgate
Inspiring
August 5, 2012

Yes, I'm sure it matters. Listen to iBrent, he makes sense. At least he did once a couple of years ago, though I think that was a fluke.

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices