aps_developer_identity.cer 到 p12 而不必从 Key Chain 导出? [英] aps_developer_identity.cer to p12 without having to export from Key Chain?

问题描述

我卸载了从 iPhone 开发者门户导出的aps_developer_identity.cer"证书.它们都是使用相同的证书签名请求和(因此)相同的私钥创建的.如果我只从 Apple Key Chain 导出私钥，那么是否可以使用私钥和aps_developer_identity.cer"并使用 openssl 创建合并的 p12/pkcs#12 证书，我可以在我的(Windows)服务器上使用它.

I have a shed load of 'aps_developer_identity.cer' certificates exported from iPhone Developer portal. They were all created using the same Certificate Signing Request and (thus) the same private key. If I export just the private key from the Apple Key Chain is it then possible to take the private key and the 'aps_developer_identity.cer' and use openssl to create merged p12/pkcs#12 certificate that I can use on my (Windows) server.

为了清楚起见，我知道如何通过将私钥和证书一起导出来从 Key Chain 中获取合并的 p12，但如果可以的话，我想删除所有额外的鼠标点击和输入.

Just to be clear, I know how to get a merged p12 from the Key Chain by exporting both the private key and certificate together, but I want to remove all the extra mouse clicking and typing if I can.

推荐答案

我设法解决了这个问题，它只需要包含在一个 shell 脚本中就可以了.我假设您已经下载并重命名了您的apple_developer_identity.cer"证书，这里我使用test.cer"，并且您还从钥匙串中导出了您的开发人员密钥，在下面名为private_dev_key.p12"的示例中.

I managed to work this out, it just needs wrapping up in a shell script and it is good to go. I am assuming you have downloaded and renamed your 'apple_developer_identity.cer' certificate, here I use 'test.cer', and that you have also exported your developer key from your keychain, in the example below named 'private_dev_key.p12'.

#convert *.cer (der format) to pem
openssl x509 -in test.cer -inform DER -out test.pem -outform PEM

#convert p12 private key to pem (requires the input of a minimum 4 char password)
openssl pkcs12 -nocerts -out private_dev_key.pem -in private_dev_key.p12

# if you want remove password from the private key
openssl rsa -out private_key_noenc.pem -in private_key.pem

#take the certificate and the key (with or without password) and create a PKCS#12 format file
openssl pkcs12 -export -in test.pem -inkey private_key_noenc.pem -certfile _CertificateSigningRequest.certSigningRequest  -name "test" -out test.p12

注意:如果您认为通过点击几下鼠标和输入文件名就可以完成的事情有点冗长，那么请考虑您有 20 个要启用的应用程序的情况通知.每个App都有一个开发和生产证书，有效期分别为4个月和12个月.这是一项非常无聊且容易出错的工作......

NOTE: If you think this all a bit long winded to achieve what can be done with a few mouse clicks and the typing of the name of a file, then consider the case where you have 20 Apps that you want to enable for notifications. Each App has a development and production certificate, which expire in 4 and 12 months respectively. That is a very boring and error prone job...

这篇关于aps_developer_identity.cer 到 p12 而不必从 Key Chain 导出?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！