How can I use an existing private key to a new iOS development certificate?

Question

For aesthetic reasons, I would like to use the same private key that I used to create my distribution certificate a while ago, to create a new development certificate (my ol

Answer 1

I went through this hell today. I wanted to automate the export of a key to create the CSR via commandline. I found a tool written in c that promised what I wanted: keychain_access. I compiled and played around with it but wasn't able to export my distribution key. I created the tool again from scratch with the newest apple security API's and keychain item attribute printing, but still wasn't able to find the key by label. I was able to list it with no label search. In an desperate attempt I renamed to key in the keychain access tool and renamed it back to the old name. After that my tool finally picket up the key by label. And also the right click REQUEST A CERTIFICATE FROM A CERTIFICATE AUTHORITY WITH "(My Key Name)" started to work again as well. It seems that the name was saved in a different encoding or something. Not event apples own keychain access tool was able to find the key!

Answer 2

To generate a CSR from an existing Private Key in Keychain Access, just right-click (two-finger click) on the Private Key you want to use and choose REQUEST A CERTIFICATE FROM A CERTIFICATE AUTHORITY WITH "(My Key Name)"

Then enter the User Email Address and CA Email Address (I just use the same email address for both) and then choose Saved To Disk.

Answer 3

First, I had to export my private key from the keychain as a p12 file. I tried scripting this, but was unsuccessful.

1. Open keychain and select your private key
2. Right-click and select "Export "
3. Use a p12 file type.

Run the following openssl command to convert your password-protected p12 file to a pem. openssl will prompt for a password.

openssl pkcs12 -in your-newly-exported-p12-file.p12 -out your-newly-exported-p12-file-as-a-pem.pem -nodes

Run the following command on your pem file to generate the csr.

openssl req -new -key your-newly-exported-p12-file-as-a-pem.pem -out your-csr-to-submit-to-apple.csr

Answer 4

Are you comfortable with OpenSSL and the command-line? There's a discussion on a mailing list about creating the CSR manually. FWIW, I wasn't able to create a CSR using a selected key in Keychain Access/Certificate Assistant either.