19

Closely related to How to generate CSR when IIS is not installed.

I also do not have this installed. I am developing a mobile application for iOS, and i am trying to obtain a provisioning file so i can test my app locally. In the process of acquiring this, i am asked for a .csr file, and it instructs me on how to build this on my Mac. Except i don't have a mac, i have a PC, and my company exclusively uses PCs. I need this certificate, without having access to a Mac.

i have seen and used this CSR generator, but it gives me the key and request in long strings of characters, and i need a .csr file to upload to Apple.

Pasting it in notepad and changing the extension to .csr didn't work either :/

Does anyone have any insights on this?

Community
  • 1
  • 1
jlehenbauer
  • 599
  • 2
  • 11
  • 33
  • Most likely you get base64-encoded CSR. So you should decode it to get binary data. It's strange (from a common sense point of view, not strange for Apple though) that base64-encoded CSRs are not supported. – Eugene Mayevski 'Callback Aug 01 '11 at 17:30
  • Search google for "how to base64 decode data on Windows"? – Eugene Mayevski 'Callback Aug 02 '11 at 07:27
  • i don't think the encoding is the problem, the problem is it didn't give me a file, it just gave me the text strings. – jlehenbauer Aug 02 '11 at 12:19
  • it doesn't matter if it was file or a text string. The fact is that this text string is most likely base64-encoded certificate request in PKCS#10 format. – Eugene Mayevski 'Callback Aug 02 '11 at 13:21
  • the problem is that i have a text string, but i need to upload a .certSigningRequest to Apple. Don't worry about it though, i just borrowed a Mac to bring to work today and got it done :) – jlehenbauer Aug 02 '11 at 13:23
  • Came here for using IIS which seems to require a password-protected PFX private key for the website for a next step. I know the question isn't about IIS and @EwyynTomato has a create answer for generating the CSR, but for the PFX if anyone needs it you can use instructions on [this page](https://langui.sh/2009/01/24/generating-a-pkcs12-pfx-via-openssl/): `openssl pkcs12 --export -in my.cer -inkey my.key -out mycert.pfx` – Jason Goemaat Aug 06 '16 at 00:47

3 Answers3

39

You can install OpenSSL for windows and generate CSR file with this command:

openssl req -nodes -newkey rsa:2048 -keyout private_key.key -out cer_sign_request.csr

You'll be asked for a few questions which are optional (press ENTER).

This will generate a private key (such in keychain access) and a certification signing request as csr file.

EwyynTomato
  • 4,009
  • 1
  • 31
  • 39
  • 6
    Be aware that apple only supports RSA keys with a length of 2048. All others are rejected in the developer portal. – Markus Müller Oct 20 '17 at 14:07
  • Thanks for that note, Apple's info seemed to confirm that 2048 is the right length, and it worked for me now, so edited the answer. – antont Sep 08 '20 at 11:05
2

For those who want an easy to use graphical interface, Digicert has a "Digicert Utility" that is pretty solid. You can use it to create a CSR. It doesnt give you back a private key, so you need to import your self signed or CA certificate to complete the installation of the certificate. Once installed, you can export it as a pfx or crt/key bundle.

Rex Linder
  • 631
  • 6
  • 16
0
set OPENSSL_CONF=c:\OpenSSL\openssl.cnf

if saved in c:\openssl

You can download this example fileopenssl-dem-server-cert-thvs.cnf 

rename openssl

ren cert-thvs.cnf openssl.cnf
jrbedard
  • 3,662
  • 5
  • 30
  • 34
Janus Rokkjær
  • 1