Convert .cer to .p12

Question

I'm working on a project for a client. I have two .cer files (developer and distribution) both are loaded into Keystore Access on Mac OS X. However I'm unable to export as a .p12 file.

Alternatively I tried OpenSSL but still no luck...

openssl pkcs12 -export -in followMe_ios_development.cer -out followMe_ios_development.p12 -clcerts -nokeys

How can I export this .cer file as a .p12 so I can compile this app for iOS?

Perhaps this could help you. https://code.google.com/archive/p/apns-sharp/wikis/HowToCreatePKCS12Certificate.wiki — seto nugroho, Aug 23 '16 at 02:26
Possible duplicate of [aps\_developer\_identity.cer to p12 without having to export from Key Chain?](http://stackoverflow.com/questions/1453286/aps-developer-identity-cer-to-p12-without-having-to-export-from-key-chain) — Felipe Plets, Sep 01 '16 at 23:29

score 107 · Answer 1 · edited Mar 01 '20 at 14:55

107

What works for me dealing with Push Notification certifies has been:

Open the certificate: open my_filename.cer and click "View Certificates" to see the certificate's name
Go to Applications -> Utilities -> Keychain Access
Ensure you have selected the "login" keychain, not the "system" one (thanks to @Matt Flettcher )
Go to "Certificates"
Look for the desired certificate
Ensure that you can expand it and see under it the original ".certSigningRequest" used to generate the certificate
At this moment you should be able to export it as ".p12"

edited Mar 01 '20 at 14:55

duhaime

25,611
17
169
224

answered Jun 22 '17 at 10:25

BuguiBu

1,507
1
13
18

4

worked, this is the easier way. On the left click on "my certificates" – Stefano Giacone Aug 31 '17 at 19:58
2

where is certSigningRequest? i cant find it when desired certificate selected – ikel Apr 17 '19 at 07:01
1

@ikel ensure that you can expand the row of the corresponding certificate, then whem you expand it by clicking in the left pointign triangle it should appear as a child with a key icon. – BuguiBu Apr 17 '19 at 07:19
2

I also had to make sure I was using the "login" keychain, not the "system" one which had automatically opened when i clicked the .cer file – Matt Fletcher Jan 09 '20 at 12:05
1

I could not open the certificate, however, I had to drag and drop it into the My certificates before I could see it, however, I could not see the certSigningRequest when I expanded it. – simo Jun 27 '21 at 08:18

score 85 · Accepted Answer · edited Aug 23 '17 at 10:51

85

try this: given you have files as follow:

aps.cer, downloaded from Apple.

app.key, your own private key generated by openssl.

1st, convert the .cer file into .pem format:

openssl x509 -in aps.cer -inform DER -out aps.pem -outform PEM

2nd, use the .pem file and your private .key to generate .p12 file:

openssl pkcs12 -export -out aps.p12 -inkey app.key -in aps.pem

this should prompt to ask a password for this .p12 file.

CF:

aps_developer_identity.cer to p12 without having to export from Key Chain?

Creating a .p12 file

edited Aug 23 '17 at 10:51

Raghavendra

1,419
4
19
28

answered Feb 13 '17 at 03:36

LaBUBU

876
8
6

44

how do i get a app.key file? – ragar90 Aug 29 '18 at 22:17
1

@ragar90 : this link might help you understand what is / how to generate a .key file, https://serverfault.com/questions/224122/what-is-crt-and-key-files-and-how-to-generate-them – whoami - fakeFaceTrueSoul Jul 09 '19 at 18:49
1

If I dont have the certificate key file, how can I generate one? – Cedric Arnould Sep 16 '19 at 22:57
The command line would be a great tool if it was tooled properly. There's absolutely no helper functions such as autocomplete of file names, switches as you type etc. In keychain as the other answer suggests you can do this way faster with less hassle. – The Muffin Man Dec 11 '20 at 19:15
How do I get the export password after I run the second command, if I try putting in a random password I get an error `unable to write 'random state'` so I guess there's an existing password for the export but I don't know how to get it – Rex Omiv Dec 31 '22 at 11:05

score 18 · Answer 3 · answered Mar 15 '20 at 19:38

18

I had the same problem. .p12 Export was not available, only .p7b

I solved it very easily:

You don´t select your certificate via the "certificates" directory on the lower left, but via the "My Certificates" directory.

Like this, an arrow should show up left of your certificate. Click it, and you will see your private Key.

Right-Click on your private Key and select the "export Key" option. Now you can create a .p12 Certificate File, just as the doctor ordered.

Good Luck!

answered Mar 15 '20 at 19:38

Stefan Ihmig

189
1
2

No luck. I guess that my private key... is gone! – Gwyneth Llewelyn Apr 14 '20 at 16:56
It works well! very easy way! Thanks! – Fred Jan 21 '22 at 08:04

score 2 · Answer 4 · answered Jun 16 '20 at 14:29

2

You should select both cert and private key. Then you will able to export certs with p12 extension.

answered Jun 16 '20 at 14:29

matteo2191

39
3

score 1 · Answer 5 · answered Mar 04 '21 at 18:02

In my case the abilty to export in p12 format depends on certificate type. For "Apple Distribution" certificate type it is disabled, right like in your case.

When I created new certificate with type "IOS Distribution (App Store and Ad Hoc)" and processed it right like previous one, the p12 format became available in export dialog.

score 0 · Answer 6 · answered May 23 '18 at 21:59

In my case I'm trying to create a pfx/PKCS12 file and have tried the given commands and ran through couple of issues out of which one was : Unable to load certificate even I'm doing right. So then tried with the below one command instead of few others:

openssl pkcs12 -export -out requiredPFXfile.pfx -inkey yourPrivateKey.key -in yourcertificate.cer

Please find link for more details :- https://www.ssl.com/how-to/create-a-pfx-p12-certificate-file-using-openssl/

I'm newbie to SSL & certs stuff & can't judge on other answers,appreciate everyone's work here!!

Convert .cer to .p12

6 Answers6