错误1:WARNING: no real random source present!
解决:请关掉全局断点
错误2:The specified item could not be found in the keychain.(在钥匙串中找不到指定的项。)
一:Exporting the private key
1、Right click on private key
2、Export
3、Make sure p12 file format is selected
4、Save
5、Enter a password (optional)
6、Allow access to export key
7、Open Terminal and go to exported directory
8、Extract key from p12 container
Be careful as the .pem private key is no longer password protected)
$ openssl pkcs12 -in Certificates.p12 -out Certificates.pem -nodesEnter Import Password: ********************MAC verified OK
二:Creating new CSR with exported private key
$ openssl req -out Certificates.csr -key Certificates.pem -newYou are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [AU]:.State or Province Name (full name) [Some-State]:.Locality Name (eg, city) []:.Organization Name (eg, company) [Internet Widgits Pty Ltd]:.Organizational Unit Name (eg, section) []:.Common Name (e.g. server FQDN or YOUR name) []:John Doe Dev KeyEmail Address []:[email protected] enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:An optional company name []:
My goal was to create a CSR (certificate signing request) using my existing private key to submit to Apple to generate a new iPhone Distribution certificate. I made sure Certificates was the selectedCategoryon the left. I tried right clicking my private key and clicking onRequest a Certificate From a Certificate Authority With Imported Private Keyand would get the following error when I try to save it.
The specified item could not be found in the keychain.
I also got the same error when I went through the file menu:Keychain Access>Certificate Assistant
What I've gathered from other internet sources is that Keychain
Access DOES NOT allow you to create a new CSR if you imported the
private key, only if you created the key locally from the tool.
What I ended up doing instead was exporting the private key and using
openssl to generate the new CSR, which Apple accepted, and now
references the new Imported Private Key.
Exporting the private key
Right click on private key
Export
Make sure p12 file format is selected
Save
Enter a password (optional)
Allow access to export key
Open Terminal and go to exported directory
Extract key from p12 container
Be careful as the .pem private key is no longer password protected)
$ openssl pkcs12 -in Certificates.p12 -out Certificates.pem -nodesEnter Import Password: ********************MAC verified OK
三、Creating new CSR with exported private key
$ openssl req -out Certificates.csr -key Certificates.pem -newYou are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [AU]:.State or Province Name (full name) [Some-State]:.Locality Name (eg, city) []:.Organization Name (eg, company) [Internet Widgits Pty Ltd]:.Organizational Unit Name (eg, section) []:.Common Name (e.g. server FQDN or YOUR name) []:John Doe Dev KeyEmail Address []:[email protected] enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:An optional company name []:
A couple things to note:
Enter . when you want the field to be blank, or the default will include whatever's in the brackets [].
Common Name (CN) should be your private key name (e.g., John Doe Dev Key)
Email Address should be your email address (e.g. [email protected])
Everything else should be blank
四、Verify your CSR
$ openssl req -noout -text -in Certificates.csrCertificate Request: Data: Version: 0 (0x0) Subject: CN=John Doe Dev Key/[email protected]
Subject Public Key Info: Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit) Modulus (2048 bit): … Exponent: 65537 (0x10001) Attributes: a0:00 Signature Algorithm: sha1WithRSAEncryption
…
What you should care about is on theSubjectline and verify that's correct.
Now all you need to do is submit it to Apple, wait for the
certificate to be generated, and then install it. After you import your
newly generated certificate, you will see that it'll reference the old
certificate that you exported above.