Exit
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
Locked
0

Openssl: No certificate matches private key

Community Beginner ,
Aug 04, 2012 Aug 04, 2012

This used to work on my last computer, but I created a CSR and uploaded it to Apple and it returned a valid distribution certificate. But when I run Openssl to try and create the p12 file, I keep getting the error:

"no certificate matches private key".

My batch file looks like this:

set OPENSSL_CONF=C:\OpenSSL-Win32\bin\openssl.cfg

set RANDFILE=.rnd

openssl x509 -in ios_distribution.cer -inform DER -out developer_identity.pem -outform PEM

pause

openssl pkcs12 -export -inkey mykey.key -in developer_identity.pem -out myfile.p12

pause

I've tried just about everything, and I'm seriously stuck. Can anyone help?

TOPICS
Development
12.4K
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Aug 04, 2012 Aug 04, 2012

You can run into such issues if you still have old certificates kicking around. Go into Keychain Access and look at Certificates and My Certificates. Any that don't have a key next to them are likely to not work, but still cause problems. Of the others, delete any that are not the latest date, and export a P12 from the most recent one, to use in Flash.

Also, make sure that your provisioning files are using that latest certificate.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Aug 04, 2012 Aug 04, 2012

Thanks, Colin.  This is for Windows, and it's a new computer.  Do you think that still matters?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Aug 04, 2012 Aug 04, 2012

Yes, I'm sure it matters. Listen to iBrent, he makes sense. At least he did once a couple of years ago, though I think that was a fluke.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Engaged ,
Aug 04, 2012 Aug 04, 2012

Fluke is as fluke does. 😉

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Aug 04, 2012 Aug 04, 2012
LATEST

So am I on the right track here?

According to this:

https://www.vbulletin.com/forum/content.php/506-Creating-your-iOS-Certificates

The email and name have to match the iOS information set in the account.  So in order for that to work, they need to add me as a dev team member on their account, and use my name and email address?

https://developer.apple.com/membercenter/index.action

Adding me from that link?

Thanks for the input, guys.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Engaged ,
Aug 04, 2012 Aug 04, 2012

Hi,

I put together a series of tutorials on creating the Apple CSR request and certs on Windows a while back. They have step by step instructions including the commands I used. See if that helps, it can be tricky for sure.

http://www.youtube.com/playlist?list=PL57C122F59F8F1A43

iBrent

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Aug 04, 2012 Aug 04, 2012

IBrent, I'll take a look and see if I missed anything.  I did this on another computer but it was a couple years ago and maybe I skipped a step.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Aug 04, 2012 Aug 04, 2012

So, the only thing I notice about your video, iBrent, is that you say the certificate signing request has to match the email of the account name.  But in my case, this is for a client's account.  Do I need to make the emailAddress= field the account admin's?  Or can it still be mine?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines