How to obtain Certificate Signing Request

Question

How do I obtain a Certificate Signing Request? All I'm trying to do is get my app running on my ipod touch. This was easy as I could just go to the IOS development portal and just download one, no muss no fuss. But now they want me to create a CSR to create a provisioning profile and I don't know how. I've been derping around in Keychain Access and the online documents for the better part of two hours and I'm still completely lost.

I'm not even sure why I need one now when I didn't before. I had a provisioning profile before I recently switched from Snow Leopard to Mountain Lion, but now it won't take it. Yes, I'm still on the same computer.

Answer 1

Since you installed a new OS you probably don't have any more of your private and public keys that you used to sign your app in to XCode before. You need to regenerate those keys on your machine by revoking your previous certificate and asking for a new one on the iOS development portal. As part of the process you will be asked to generate a Certificate Signing Request which is where you seem to have a problem.

You will find all you need there which consists of (from the official doc):

1.Open Keychain Access on your Mac (located in Applications/Utilities).

2.Open Preferences and click Certificates. Make sure both Online Certificate Status Protocol and Certificate Revocation List are set to Off.

3.Choose Keychain Access > Certificate Assistant > Request a Certificate From a Certificate Authority.

Note: If you have a private key selected when you do this, the CSR won’t be accepted. Make sure no private key is selected. Enter your user email address and common name. Use the same address and name as you used to register in the iOS Developer Program. No CA Email Address is required.

4.Select the options “Saved to disk” and “Let me specify key pair information” and click Continue.

5.Specify a filename and click Save. (make sure to replace .certSigningRequest with .csr)

For the Key Size choose 2048 bits and for Algorithm choose RSA. Click Continue and the Certificate Assistant creates a CSR and saves the file to your specified location.

Answer 2

To manually generate a Certificate, you need a Certificate Signing Request (CSR) file from your Mac. To create a CSR file, follow the instructions below to create one using Keychain Access.

Create a CSR file. In the Applications folder on your Mac, open the Utilities folder and launch Keychain Access.

Within the Keychain Access drop down menu, select Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority.

In the Certificate Information window, enter the following information: In the User Email Address field, enter your email address. In the Common Name field, create a name for your private key (e.g., John Doe Dev Key). The CA Email Address field should be left empty. In the "Request is" group, select the "Saved to disk" option. Click Continue within Keychain Access to complete the CSR generating process.

Answer 3

Generate Certificate Signing Request(CSR) on Mac

Certificate Signing Request(CSR)(.crs, .certSigningRequest) - a block of encoded text which is forwarded to a Certificate Authority(CA) when you apply for a certificate.

It contains:

Data
    Version
    Subject
        emailAddress
        Common Name (CN)
        Country (C)
        ...
    Subject Public Key Info
        Public Key Algorithm //rsaEncryption(RSA), id-ecPublicKey(ECC)

        //if rsaEncryption
        RSA Public-Key //length
        Modulus
        Exponent

        //if id-ecPublicKey
        Public-Key
        pub
        ASN1 OID
        NIST CURVE
    Attributes
Signature Algorithm //Algorithm: sha256WithRSAEncryption, ecdsa-with-SHA256, and sign

Generate private/public key pair and CSR

Keychain Access -> Certificate Assistance -> Request a Certificate From a Certificate Authority...

Fill fields:

• User Email Address - email
• Common Name is a name of private/public keys which you will find in Keychain Access after generation
• Saved to disk save .certSigningRequest file locally
• Let me specify key pair information where you have to specify algorithm and key size of key pair manually(RSA by default)

After that set a location where .certSigningRequest will be saved

Review CSR

you can open CSR in text editor

-----BEGIN CERTIFICATE REQUEST-----
MIICgjCCAWoCAQAwPTEcMBoGCSqGSIb3DQEJARYNZm9vQGdtYWlsLmNvbTEQMA4G
A1UEAwwHZm9vLmNvbTELMAkGA1UEBhMCVUEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDdvrCxPATE2XiByL8NUixnw8QVVJ1AlWk9NdfdiTcDLdyJkexy
sx1jzQl5fBL+kyvv4wTrS4iez1wFoEwYNkYCkuBoph9g32WhCqDVHdWe0XR94oR4
1gGDUJnqPetBf+lZcCIzU3Hr2uV4zS1owxC9+ua/k7xFMA8kl0l5yS8Y6ogXa8gM
oRDyhlYnX8Rl1TZ26ASMBdcvoLhIf8kUUyhwojyIvOrCAm9kKMG+rbbyu6P9hzfK
rJt+KN8v3jaJW7RDk3MtNiFZmBrFg+56dDBcLg0lqCCgHZWlHRTYdyF9AuZSJrFm
geBZ/I77lln2C/vvrbqb2syPhrh+M0L88Q+NAgMBAAGgADANBgkqhkiG9w0BAQsF
AAOCAQEAtcoAEJL0jjEYcNax92KgG4jKIEkH9E2mcZGhG9WTg7oF+sTLzAmOYwOI
moLb+rYMCSHbm8SjvY8Ci20iIQXmwnfb5JfEB5cNW/p+C9BGl7tEdvWqFlfzC4xp
5VmUJXufXSuAHVjq2HMDLgR7XFbcySKiv1h/K5QmVe6e7oDTX0L7+vNKRYNJarGc
hlekEx7cmSLp4hDRupTTm4vqhb5Gy0PQBYTPfs+kU7UyxJpsxPxgoQdY4v0JfoMA
MwZe+u6eh3Ir/Z5OMO5uydB1tUttQJ77Wea9PDx24trUXyTL6Ukxdoc3wFnipbo/
aJo9cDZxx6rBmzogY8oGaLUeEoZn/g==
-----END CERTIFICATE REQUEST-----

you can decode CSR using:

openssl req -text -in "<path_to_csr>"

Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: [email protected], CN=foo.com, C=UA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:be:b0:b1:3c:04:c4:d9:78:81:c8:bf:0d:52:
                    2c:67:c3:c4:15:54:9d:40:95:69:3d:35:d7:dd:89:
                    37:03:2d:dc:89:91:ec:72:b3:1d:63:cd:09:79:7c:
                    12:fe:93:2b:ef:e3:04:eb:4b:88:9e:cf:5c:05:a0:
                    4c:18:36:46:02:92:e0:68:a6:1f:60:df:65:a1:0a:
                    a0:d5:1d:d5:9e:d1:74:7d:e2:84:78:d6:01:83:50:
                    99:ea:3d:eb:41:7f:e9:59:70:22:33:53:71:eb:da:
                    e5:78:cd:2d:68:c3:10:bd:fa:e6:bf:93:bc:45:30:
                    0f:24:97:49:79:c9:2f:18:ea:88:17:6b:c8:0c:a1:
                    10:f2:86:56:27:5f:c4:65:d5:36:76:e8:04:8c:05:
                    d7:2f:a0:b8:48:7f:c9:14:53:28:70:a2:3c:88:bc:
                    ea:c2:02:6f:64:28:c1:be:ad:b6:f2:bb:a3:fd:87:
                    37:ca:ac:9b:7e:28:df:2f:de:36:89:5b:b4:43:93:
                    73:2d:36:21:59:98:1a:c5:83:ee:7a:74:30:5c:2e:
                    0d:25:a8:20:a0:1d:95:a5:1d:14:d8:77:21:7d:02:
                    e6:52:26:b1:66:81:e0:59:fc:8e:fb:96:59:f6:0b:
                    fb:ef:ad:ba:9b:da:cc:8f:86:b8:7e:33:42:fc:f1:
                    0f:8d
                Exponent: 65537 (0x10001)
        Attributes:
            a0:00
    Signature Algorithm: sha256WithRSAEncryption
         b5:ca:00:10:92:f4:8e:31:18:70:d6:b1:f7:62:a0:1b:88:ca:
         20:49:07:f4:4d:a6:71:91:a1:1b:d5:93:83:ba:05:fa:c4:cb:
         cc:09:8e:63:03:88:9a:82:db:fa:b6:0c:09:21:db:9b:c4:a3:
         bd:8f:02:8b:6d:22:21:05:e6:c2:77:db:e4:97:c4:07:97:0d:
         5b:fa:7e:0b:d0:46:97:bb:44:76:f5:aa:16:57:f3:0b:8c:69:
         e5:59:94:25:7b:9f:5d:2b:80:1d:58:ea:d8:73:03:2e:04:7b:
         5c:56:dc:c9:22:a2:bf:58:7f:2b:94:26:55:ee:9e:ee:80:d3:
         5f:42:fb:fa:f3:4a:45:83:49:6a:b1:9c:86:57:a4:13:1e:dc:
         99:22:e9:e2:10:d1:ba:94:d3:9b:8b:ea:85:be:46:cb:43:d0:
         05:84:cf:7e:cf:a4:53:b5:32:c4:9a:6c:c4:fc:60:a1:07:58:
         e2:fd:09:7e:83:00:33:06:5e:fa:ee:9e:87:72:2b:fd:9e:4e:
         30:ee:6e:c9:d0:75:b5:4b:6d:40:9e:fb:59:e6:bd:3c:3c:76:
         e2:da:d4:5f:24:cb:e9:49:31:76:87:37:c0:59:e2:a5:ba:3f:
         68:9a:3d:70:36:71:c7:aa:c1:9b:3a:20:63:ca:06:68:b5:1e:
         12:86:67:fe

print public key in CSR

openssl req -noout -pubkey -in "<path_to_csr>"

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3b6wsTwExNl4gci/DVIs
Z8PEFVSdQJVpPTXX3Yk3Ay3ciZHscrMdY80JeXwS/pMr7+ME60uIns9cBaBMGDZG
ApLgaKYfYN9loQqg1R3VntF0feKEeNYBg1CZ6j3rQX/pWXAiM1Nx69rleM0taMMQ
vfrmv5O8RTAPJJdJeckvGOqIF2vIDKEQ8oZWJ1/EZdU2dugEjAXXL6C4SH/JFFMo
cKI8iLzqwgJvZCjBvq228ruj/Yc3yqybfijfL942iVu0Q5NzLTYhWZgaxYPuenQw
XC4NJaggoB2VpR0U2HchfQLmUiaxZoHgWfyO+5ZZ9gv77626m9rMj4a4fjNC/PEP
jQIDAQAB
-----END PUBLIC KEY-----

Verify CSR

openssl req -text -noout -verify -in "<path_to_csr>"

verify OK
Certificate Request:
...

Review private/public key pair

After creating Request a Certificate From a Certificate Authority you can find private/public key pair in Keychain Access. You are able to export it and review. For example public key will be exported as a .pem certificate which you can read by text editor

Answer 4

Follow these steps to create CSR (Code Signing Identity):

1. On your Mac, go to the folder 'Applications' ► 'Utilities' and open 'Keychain Access.'

   

2. Go to 'Keychain Access' ► Certificate Assistant ► Request a Certificate from a Certificate Authority. 

   

3. Fill out the information in the Certificate Information window as specified below and click "Continue."
   • In the User Email Address field, enter the email address to identify with this certificate
   • In the Common Name field, enter your name
   • In the Request group, click the "Saved to disk" option 

   

4. Save the file to your hard drive.

   

Use this CSR (.certSigningRequest) file to create project/application certificates and profiles, in Apple developer account.