14

Apple, faithful to its extremely proprietary spirit, requires certificates used for iOS developer program to be generated with a mac. (as a .certSigningRequest file)

Obviously, they somehow use a standard for these keys, so my question is: What does a .certSigningRequest look like? Could someone share a censured version of their file? (while keeping same length)

Then, I am sure we can figure out a way to generate the same thing with openssl, and eventually edit the csr file to make it match the format required by apple.

BenMorel
  • 34,448
  • 50
  • 182
  • 322
FlorianB
  • 2,188
  • 18
  • 30

1 Answers1

24

Ah, in fact it is strictly the same format than the files generated with openssl. I just use to generate always 4096 and I did not expect apple to use 2048 only.

So to generate a set of keys for ios developer:

openssl genrsa -out ios-dev.key 2048
openssl req -new -key ios-dev.key -out ios-dev.csr
FlorianB
  • 2,188
  • 18
  • 30
  • It is completely different than the commands [here](https://gist.github.com/boodle/77436b2d9facb8e938ad), which one should I trust? – Dimitri Kopriwa Aug 25 '20 at 13:44
  • It looks like it's essentially the same command as in step 2 of the GitHub gist, just split into key generation and then CSR generation. – jamix Feb 23 '22 at 10:52