i have exactly this problem and it's driving me crazy!
i have an exisitng p12 file that works (for a differnt entity),
this is signed using SHA-1 with RSA encryption. the keychain assitiant signs using SHA256 by default.
So i though aha that's the problem, i then used the certool command line tool to crate a new cert signed using SHA-1 and exported that.
Still no dice, yet the cert pairs seem indentical in every way except the actuall name and organisation being different.
Iv'e tried the same on java under windows too. same result.
Sorry to hear you've been having problems with this - the next release of the signing toolkit should hopefully make things easier.
For now, please try these two things:
- Download the latest version of the signing toolkit (which includes UCF.jar) from here: http://www.adobe.com/devnet/creativesuite/sdk/eula_cs6-signing-toolkit.html
- Generate a P12 file using the keytool (e.g./usr/bin/keytool):
- keytool -genkey -alias ALIAS -keystore FILENAME.p12 -storepass PASSWORD -validity 3650 -keyalg RSA -keysize 2048 -storetype pkcs12
Please let me know how you get on.