Skip navigation
MakaiMedia
MakaiMedia
Currently Being Moderated

Openssl: No certificate matches private key

Aug 4, 2012 11:54 AM

Tags: #ios #distribution #p12 #openssl

This used to work on my last computer, but I created a CSR and uploaded it to Apple and it returned a valid distribution certificate. But when I run Openssl to try and create the p12 file, I keep getting the error:

"no certificate matches private key".

My batch file looks like this:

set OPENSSL_CONF=C:\OpenSSL-Win32\bin\openssl.cfg

set RANDFILE=.rnd

openssl x509 -in ios_distribution.cer -inform DER -out developer_identity.pem -outform PEM

pause

openssl pkcs12 -export -inkey mykey.key -in developer_identity.pem -out myfile.p12

pause

I've tried just about everything, and I'm seriously stuck. Can anyone help?

2212 Views   8 Replies   Latest reply: MakaiMedia, Aug 4, 2012 6:37 PM
 
Replies
  • Colin Holgate
    Currently Being Moderated
    1. Colin Holgate,
    Aug 4, 2012 11:58 AM   in reply to MakaiMedia
    Report

    You can run into such issues if you still have old certificates kicking around. Go into Keychain Access and look at Certificates and My Certificates. Any that don't have a key next to them are likely to not work, but still cause problems. Of the others, delete any that are not the latest date, and export a P12 from the most recent one, to use in Flash.

     

    Also, make sure that your provisioning files are using that latest certificate.

     
    |
    Mark as:
  • iBr3nt
    Currently Being Moderated
    2. iBr3nt,
    Aug 4, 2012 3:13 PM   in reply to MakaiMedia
    Report

    Hi,

     

    I put together a series of tutorials on creating the Apple CSR request and certs on Windows a while back. They have step by step instructions including the commands I used. See if that helps, it can be tricky for sure.

     

    http://www.youtube.com/playlist?list=PL57C122F59F8F1A43

     

    iBrent

     
    |
    Mark as:
  • MakaiMedia
    Currently Being Moderated
    3. MakaiMedia,
    Aug 4, 2012 4:08 PM   in reply to Colin Holgate
    Report

    Thanks, Colin.  This is for Windows, and it's a new computer.  Do you think that still matters?

     
    |
    Mark as:
  • MakaiMedia
    Currently Being Moderated
    4. MakaiMedia,
    Aug 4, 2012 4:09 PM   in reply to iBr3nt
    Report

    IBrent, I'll take a look and see if I missed anything.  I did this on another computer but it was a couple years ago and maybe I skipped a step.

     
    |
    Mark as:
  • MakaiMedia
    Currently Being Moderated
    5. MakaiMedia,
    Aug 4, 2012 4:22 PM   in reply to MakaiMedia
    Report

    So, the only thing I notice about your video, iBrent, is that you say the certificate signing request has to match the email of the account name.  But in my case, this is for a client's account.  Do I need to make the emailAddress= field the account admin's?  Or can it still be mine?

     
    |
    Mark as:
  • Colin Holgate
    Currently Being Moderated
    6. Colin Holgate,
    Aug 4, 2012 5:14 PM   in reply to MakaiMedia
    Report

    Yes, I'm sure it matters. Listen to iBrent, he makes sense. At least he did once a couple of years ago, though I think that was a fluke.

     
    |
    Mark as:
  • iBr3nt
    Currently Being Moderated
    7. iBr3nt,
    Aug 4, 2012 6:01 PM   in reply to Colin Holgate
    Report

    Fluke is as fluke does. ;-)

     
    |
    Mark as:
  • MakaiMedia
    Currently Being Moderated
    8. MakaiMedia,
    Aug 4, 2012 6:37 PM   in reply to Colin Holgate
    Report

    So am I on the right track here?

     

    According to this:

     

    https://www.vbulletin.com/forum/content.php/506-Creating-your-iOS-Cert ificates

     

    The email and name have to match the iOS information set in the account.  So in order for that to work, they need to add me as a dev team member on their account, and use my name and email address?

     

    https://developer.apple.com/membercenter/index.action

     

    Adding me from that link?

     

    Thanks for the input, guys.

     
    |
    Mark as:
Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points