aps_developer_identity.cer到P12，而不必从钥匙扣出口？ [英] aps_developer_identity.cer to p12 without having to export from Key Chain?

问题描述

我从iPhone开发者门户网站导出aps_developer_identity.cer证书的的棚负载的。他们用同样的证书签名请求和（因此）相同的私钥创建的所有。如果我出口刚刚从苹果钥匙扣私钥是它，然后可能采取的私钥和aps_developer_identity.cer'并使用OpenSSL创建合并P12 / PKCS＃12证书，我可以我的（Windows）中的服务器上使用

I have a shed load of 'aps_developer_identity.cer' certificates exported from iPhone Developer portal. They were all created using the same Certificate Signing Request and (thus) the same private key. If I export just the private key from the Apple Key Chain is it then possible to take the private key and the 'aps_developer_identity.cer' and use openssl to create merged p12/pkcs#12 certificate that I can use on my (Windows) server.

只是要清楚，我知道如何导出两个私钥和证书一起获得了钥匙链合并P12，但我想，如果我可以去除所有多余的鼠标点击和打字。

Just to be clear, I know how to get a merged p12 from the Key Chain by exporting both the private key and certificate together, but I want to remove all the extra mouse clicking and typing if I can.

推荐答案

我设法工作了这一点，它只是需要一个shell脚本结束了，这是好去。
我假设你已经下载并更名为你的'apple_developer_identity.cer证书，这里我用'test.cer'，而且你也远销从您的钥匙串的开发人员密钥，在下面的例子中名为'private_dev_key.p12。

I managed to work this out, it just needs wrapping up in a shell script and it is good to go. I am assuming you have downloaded and renamed your 'apple_developer_identity.cer' certificate, here I use 'test.cer', and that you have also exported your developer key from your keychain, in the example below named 'private_dev_key.p12'.

#convert *.cer (der format) to pem
openssl x509 -in test.cer -inform DER -out test.pem -outform PEM

#convert p12 private key to pem (requires the input of a minimum 4 char password)
openssl pkcs12 -nocerts -out private_dev_key.pem -in private_dev_key.p12

# if you want remove password from the private key
openssl rsa -out private_key_noenc.pem -in private_key.pem

#take the certificate and the key (with or without password) and create a PKCS#12 format file
openssl pkcs12 -export -in test.pem -inkey private_key_noenc.pem -certfile _CertificateSigningRequest.certSigningRequest  -name "test" -out test.p12

请注意：如果你觉得这一切都有点长篇大论达到什么可以用点击几下鼠标和文件名的打字来完成，然后再考虑，你必须要启用20应用程序的情况下，通知。每个应用程序有一个研发和生产证书，这在4和12个月分别到期。这是一个非常枯燥的，而且容易出错的工作...

NOTE: If you think this all a bit long winded to achieve what can be done with a few mouse clicks and the typing of the name of a file, then consider the case where you have 20 Apps that you want to enable for notifications. Each App has a development and production certificate, which expire in 4 and 12 months respectively. That is a very boring and error prone job...

这篇关于aps_developer_identity.cer到P12，而不必从钥匙扣出口？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！