154

I was having a problem with codesigning my apps, so I deleted all the keys from the keychain. Then I went to Certificate Assistant => Request a certificate from a Certificate Authority (to create CSR for a new certificate).

So enter my email address and here's what I get:

The specified item could not be found in the keychain.

What am I doing wrong?

P.S. When I'm trying to Create a Certificate Authority, I get the same error.

Sergey
  • 47,222
  • 25
  • 87
  • 129
  • 1
    I am getting the same error. Please can you elaborate your answer or somebody who knows how to do it – Iducool Aug 22 '13 at 12:48
  • 12
    Restarting the KeyChain Access worked for me :) – Mohit Padalia Sep 27 '13 at 05:08
  • 1
    For those re-using a private key for a second signing purpose (e.g. `installer` + `application`), please see @toland-hon's manual steps below which use OpenSSL on command line to workaround the buggy `Keychain Access` application. The steps below that direct users to the `Certificate` section of `Keychain Access` still do NOT work when reusing a private key for a secondary purpose. Manual CSR via `openssl` is a viable workaround. – tresf Oct 26 '18 at 16:01

18 Answers18

405

I solved it. Ensure you are in the "Certificates" section and you select "Apple Worldwide Developer Relations Certification Authority" before requesting a certificate.

BlitzKraig
  • 418
  • 1
  • 6
  • 17
Francesco
  • 4,794
  • 1
  • 19
  • 27
  • 12
    You are a hero. I was pulling out my hair when all of the other answers weren't solving the issue. – BFeher Jul 21 '15 at 07:48
  • 41
    Oh my god Apple WTF? Thank you John! – MattD Nov 30 '15 at 22:41
  • 5
    I didn't consider this answer because I thought it was crazy. but it actually works. there are some loose parts of apple ecosystem that are just insane :) – alex Apr 18 '16 at 13:39
  • 3
    This solved it for me. Having my old private key selected didn't work, neither did not having a key selected. How obscure... – zai chang Oct 26 '16 at 00:13
  • What!!? I've never noticed this until now. I don't remember doing this in the past.. but it works now! – Van Du Tran Apr 05 '18 at 02:22
  • I do not see where you must choose this option, could anybody provide a bit more of detail? – Carles Estevadeordal Apr 05 '18 at 15:24
  • @CarlesEstevadeordal open keychain, then look at the very bottom right part of the window. You'll notice the "Category" section, then select "Certificates". Once done you'll see a list of certificates on the right, select the one as specified above. – Francesco Apr 11 '18 at 09:44
  • Yeah! Works in 2019 :D Apple, common guys! – atereshkov Feb 18 '19 at 09:55
  • Yes, going on left hand menu to category "My Certificates" is the trick. – Brooks Hanes May 07 '19 at 16:18
  • How do you know which key it's using though? **Edit:** You can force the key, answer is lower, requires command line: https://stackoverflow.com/a/45067811/3196753 – tresf May 08 '20 at 19:00
55

Go to the "Certificates" section and select "Apple Worldwide Developer Relations Certification Authority" before requesting a certificate.

enter image description here

atereshkov
  • 4,311
  • 1
  • 38
  • 49
50

Keychain Access will not let you Request a Certificate from a Certificate Authority With "identity"... unless you have both the private key and public key for identity in your keychain. I ran into this when I only had the private key and not the corresponding public key.

You can create the public key from the private key and import it into your keychain using the procedure described in I lost my public key. Can I recover it from a private key?

Once I imported the public key I was able to use the Request a Certificate from a Certificate Authority With "identity"... command without triggering the The specified item could not be found in the keychain error.

Community
  • 1
  • 1
Gene Goykhman
  • 1,981
  • 2
  • 16
  • 15
22

You are (perhaps accidentally) asking Keychain Access to generate a Certificate Signing Request using an existing key. If a key is selected when you go into the Keychain Access - Certificate Assistant menu, the options presented will be for that selected key.

Choose a non-key item in your keychain (like a saved password) and go to Keychain Access - Certificate Assistant again to generate the CSR normally.

Phil Calvin
  • 5,077
  • 2
  • 41
  • 35
  • It seems like OS X now defaults to the first item being selected now. If you just choose a different keychain (i.e System) when you generate this it should fix the issue. – James Parker Jan 20 '16 at 14:25
  • Holy crap, I would have never guested that. Talk about bad UI design... – d512 Mar 07 '18 at 04:35
  • You are the hero. This should be the correct answer. – peja Jan 22 '22 at 00:42
12

Even I was getting this issue. I solved this by selecting All Items instead of the Keys in the Categories pane and then trying to create the Certificate.

Try this, it will surely work.

naddy19
  • 304
  • 2
  • 12
12

My goal was to create a CSR (certificate signing request) using my existing private key to submit to Apple to generate a new iPhone Distribution certificate. I made sure Certificates was the selected Category on the left. I tried right clicking my private key and clicking on Request a Certificate From a Certificate Authority With Imported Private Key and would get the following error when I try to save it.

The specified item could not be found in the keychain.

I also got the same error when I went through the file menu: Keychain Access > Certificate Assistant

What I've gathered from other internet sources is that Keychain Access DOES NOT allow you to create a new CSR if you imported the private key, only if you created the key locally from the tool.

What I ended up doing instead was exporting the private key and using openssl to generate the new CSR, which Apple accepted, and now references the new Imported Private Key.

Exporting the private key

  1. Right click on private key
  2. Export
  3. Make sure p12 file format is selected
  4. Save
  5. Enter a password (optional)
  6. Allow access to export key
  7. Open Terminal and go to exported directory
  8. Extract key from p12 container

Be careful as the .pem private key is no longer password protected)

$ openssl pkcs12 -in Certificates.p12 -out Certificates.pem -nodes
Enter Import Password: ********************
MAC verified OK

Creating new CSR with exported private key

$ openssl req -out Certificates.csr -key Certificates.pem -new
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:.
State or Province Name (full name) [Some-State]:.
Locality Name (eg, city) []:.
Organization Name (eg, company) [Internet Widgits Pty Ltd]:.
Organizational Unit Name (eg, section) []:.
Common Name (e.g. server FQDN or YOUR name) []:John Doe Dev Key
Email Address []:thon@example.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

A couple things to note:

  • Enter . when you want the field to be blank, or the default will include whatever's in the brackets [].
  • Common Name (CN) should be your private key name (e.g., John Doe Dev Key)
  • Email Address should be your email address (e.g. thon@example.com)
  • Everything else should be blank

Verify your CSR

$ openssl req -noout -text -in Certificates.csr
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: CN=John Doe Dev Key/emailAddress=thon@example.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    …
                Exponent: 65537 (0x10001)
        Attributes:
            a0:00
    Signature Algorithm: sha1WithRSAEncryption
        …

What you should care about is on the Subject line and verify that's correct.

Now all you need to do is submit it to Apple, wait for the certificate to be generated, and then install it. After you import your newly generated certificate, you will see that it'll reference the old certificate that you exported above.

Toland Hon
  • 4,549
  • 2
  • 32
  • 36
  • Same issue. Wanted to keep the same private key (i.e. originally used for `developerID_installer.cer` but want to re-use it for `developerID_application.cer`). Apple's instructions are bad because they force you to use the buggy `Keychain Access` or worse, XCode. I stumbled upon this above solution rather inadvertently. Upvoting yours because it's exactly what I ended up doing. – tresf Oct 26 '18 at 15:59
8

This was happening to me I noticed that the menu option for creating the certificate request had changed from

Request a Certificate from a Certificate Authority...

to

Request a Certificate from a Certificate Authority with "My Name"...

Check this menu option

I'm on a domain at work so I logged out, logged in and out as another user, then logged in again. After that the menu appeared as expected and this error went away

Damo
  • 12,840
  • 3
  • 51
  • 62
  • 4
    This is a feature of Keychain Access. If you have a key selected when you go to this menu, it will offer to use the key to create the Certificate Signing Request. (In this case, the options are the same as when right-clicking a key.) Logging out will deselect the key. – Phil Calvin Feb 12 '14 at 23:52
  • You don't have to logout and then login. just quit the keychain and open it again now not select any of entry in list and go to menu to request – M.Shuaib Imran Jun 12 '14 at 08:19
6

i have same problem. i can create CSR then not create it and same error are getting.

then i can search and found may solution but not solve.

some time i can solve it.

my keychain access through frist time crate CSR.so my keychain access is lock.

open > keychain access > top of keychain access display " Click to unlock the system keychain "

Click that and unlock system keychain then create CSR file then Not Getting this error.

sanjay damor
  • 156
  • 1
  • 8
4

After revoking every certificate I had, I figured out the problem was with my yubikey. It was getting in the way of signing the app. After I removed it, problem solved.

This forum thread helped me out: https://forums.developer.apple.com/thread/106938

Adriana Pineda
  • 9,219
  • 1
  • 12
  • 14
  • Thank you! This was my issue as well. This may not be the issue for most people, but anyone with a Yubikey should try pulling it out and rebuilding. – Philihp Busby Feb 20 '19 at 00:52
3

Choosing the private key in keychain will occur the problem. "the specified item could not be found in the keychain" While you choose the public key solve it. "Your certificate request has been created on disk."

Zgpeace
  • 3,927
  • 33
  • 31
1

Okay the name that shows displays the item you highlighted in the Keychain mainwindow (if you select a different item here you also see the menu item change with it). If you go the the category section on the left and select my certificates for instance and go back to the certificate assistent menu item it looks/acts like you're used to. Hope this helps!

Cedrick
  • 566
  • 3
  • 13
1

Below link resolved the issue for me. https://forums.developer.apple.com/thread/72863

In my case it was the yubikey which was connected to my Mac all the time. After removing it, issue got resolved automatically.

user1913523
  • 69
  • 6
0

If you have selected any private key in keychain while generating new CSR then it will prompt you with reference to that key. Just make sure you have selected any non private key item for generating new CSR which will be useful for creating fresh one.

For e.g keep selected in keychain tool "Public Key" or any existing certificate which don't have private key aligned to it. Now follow "Request Certificate from certificate Authority" flow.

Ameer
  • 705
  • 8
  • 18
0

For me the problem are one certificate that was messed up.

There was no need for me to delete all my certs.

Identifying the bad certificate:

  1. From you Keychains select Login From Category select Certificates
  2. Find any Apple Certificate that has the blue +
  3. Double click on the certificate.
  4. Expand the Trust If it's messed up then the "When using this certificate" is set to "Always Trust" along with the blue +

Fixing the bad certificate:

  1. Just set it to "Use System Defaults" and close it.
  2. You'll get a pop up. Type in your password to update settings.
  3. Close KeyChain.
  4. Go back to your project, clean and run.
  5. Problem should have gone away. If that didn't work then go back to Keychain and just double check and see if there are any other Apple certificates that are set to Always Trust and repeat the process.
Romulo BM
  • 671
  • 8
  • 16
0

For me, I was trying to resign the IPA file generated from expo build so I ran

codesign -f -s "iPhone Distribution: Company Certificate" --resource-rules Payload/MyApp.app/ResourceRules.plist  Payload/MyApp.app

Then it showed

error: The specified item could not be found in the keychain.

So I went to the keychain I added (uploaded) the certificate then replaced "iPhone Distribution: Company Certificate" with the name of the certificate in the keychain access. check the attached image enter image description here

Amr
  • 433
  • 5
  • 12
0

In my case I was right-clicking on the key in the Certificates list. This was wrong. Make sure to select Apple Worldwide Developer Relations Certificate in the list and from top menu, choose Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority.

source: https://developer.apple.com/help/account/create-certificates/create-a-certificate-signing-request

Ghonche Yqr
  • 305
  • 1
  • 10
-2

I had same problem in my mac, i just goto system preferences, MySQL, Choose MySQL Version, Initialize Database, Enter Password, Ok. Then its work

Haja Kutbudeen
  • 1
  • 5
-19

Solved it! Had to change "User certificate" to "Code signing".

Sergey
  • 47,222
  • 25
  • 87
  • 129