I am working on pass file creation app. Created a pass file, attached it to mail, opened it in iphone 4s with ios6 installed. Pass opened properly but add to passbook option is not being shown. Any clue on what needs to be done?
I am successfully able to add the attached pass to pass book app. Something wrong with signing command. Used following one and it just worked fine.( was missing WWDR.pem previously).
openssl smime -binary -sign -certfile WWDR.pem -signer passcertificate.pem -inkey passkey.pem -in manifest.json -out signature -outform DER -passin pass:12345
Related
I am trying to use OpenSSL in the terminal. I have installed OpenSSL using brew install openssl. I want to convert a .pem file to another format that my hosting provider will accept.
I have tried several different formulations of the code and plying the certificate from different places but none seem to work and all give me various error messages including permission denied.
This is what I tried last...
openssl pkcs12 -in /Users/myname/fullchain.pem -inkey /Users/myname/privkey.pem -out /Users/myname/fullchain.pfx -cacerts
This is my output
4552226412:error:0DFFF0A8:asn1 encoding routines:CRYPTO_internal:wrong tag:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.250.1/libressl-2.6/crypto/asn1/tasn_dec.c:1125:
4552226412:error:0DFFF03A:asn1 encoding routines:CRYPTO_internal:nested asn1 error:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.250.1/libressl-2.6/crypto/asn1/tasn_dec.c:306:Type=PKCS12
What might this mean and what code should I be using?
Edit: I am getting output files but they are of course empty.
That error message is usually when the certificate format you pass to the command is not what it is expecting. The following command should solve it for you.
openssl pkcs12 -export -out /Users/myname/fullchain.pfx -inkey /Users/myname/privkey.pem -in /Users/myname/fullchain.pem
It should prompt you to enter an export password to encrypt the .pfx files content if it has succeeded.
I know there are other similar Q/A about this but they are somewhat confusing and do not help solving my question.
I got a certificate from sslforfree: zip output contains 3 files:
ca_bundle.crt
certificate.crt
private.key
As I need to provide my maintainer with a .pfx certificate, I installed OpenSSL and tried to follow some hints on this and other forums.
The command line should be:
openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt
OR
openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt -in intermediate.crt -in rootca.crt
It's not clear to me:
what does "domain.name" refers to, for even if I typed my domain's
name in creating the certificate, none of the 3 received files
contains a visible reference to it.
should I use ca_bundle.crt or certificate.crt in creating the .pfx ?
Could someone please give me a plain command line example, given above received files' names?
It came out that trying to use "ca_bundle.crt" resulted in a command line verbose error output, so I switched to "certificate.crt" and it worked just fine. Again, I have no idea what the "ca-bundle.crt" file is for, but it looked totally useless for my present needs.
Given input files the command line used was:
openssl pkcs12 -export -out xyzdomain.com.pfx -inkey private.key -in certificate.crt
and the exported .pfx was subsequently successfully installed.
The command which you have found is exactly correct I will just reframe you the code as per your file names
1) ca_bundle.crt
2) certificate.crt
3) private.key
openssl pkcs12 -export -out filename.pfx -inkey private.key -in certificate.crt -in ca_bundle.crt
As you have ca_bundle.crt you don't need to insert -in intermediate.crt -in rootca.crt commands in OpenSSL since it contains both intermediate and root
Else you can check out the alternate way here
In the second command OpenSSL pkcs12 -export -out xyzdomain.com.pfx -inkey private.key -in certificate.crt, you have not used the intermediate and root so you will get an error of intermediate missing on any SSL checker
If you get error while importing ca-bundle.crt, you need to ask your vendor to provide the correct bundle certificate file
I am trying to upload my adobe air app to Google Play. I have opted in for Google Play App Signing and cannot opt out now. They provide me with .der certificate which I wish to convert to p12 in order to use it in my adobe AIR app. I know this can be done through openSSL but I did not get any perfect tutorial to do so. Can anyone point me to the right steps to make this conversion?
DER file is X.509 certificate. So it includes your certificate.
You can try below steps to convert .DER file into p12 file. These steps worked for me.
Option 1:
If you are using MAC, you can drag and drop .DER file into Keychain Access.
After it is imported to Keychain.
Export that certificate into p12 file by selecting that certificate from Keychain. Right click on certificate, You will get option to export.
If you don't get p12 option, export it into .cer and convert it into p12 using below command
openssl pkcs12 -info -in keyStore.p12
Option 2:
Use below commands to convert DER into P12. I already tried and tested them.
Get private key or generate private key if you don’t have.
You can generate private key using below command. If private key is not generate for DER format, then convert your DER file into PEM file using openssl command(openssl x509 -inform der -in certificatename.der -out certificatename.pem).
openssl rsa -in certificate.der -out privatekey.key -outform DER
Export DER into p12
openssl pkcs12 -export -out certificate.p12 -inkey privateKey.key -in certificate.der. -certfile certificate.der
For More details on ssl commands you can also look at them on below link https://knowledge.digicert.com/solution/SO26449.html
Hope that helps
I'm sure that this has been asked you several times, but solutions to that cases didn't work for me. So I need your help.
Consider x.root.cer is CA's certificate, x.app.cer is Application's certificate signed by CA's certificate, and x.app.private.pem is Application's private key.
I'm using following command in order to create pfx file (want to include both private key and certificate of application).
openssl pkcs12 -export -in x.app.cer -inkey x.app.private.pem -out x.app.pfx -certfile x.root.cer
Even though I know (can see) that 3 files are there, I'm getting the following error:
unable to load certificates
Can you please help me about this error?
Well, finally I suceeded with this command
openssl pkcs12 -export -in x.app.cer -inkey x.app.private.pem -out x.app.pfx
That means I shouldn't use -certfile parameter.
I am having some serious problems with regards to being able to create a p12 file to place on my windows server.
I have used two different websites to be able to help me work out what i need to do:
http://www.raywenderlich.com/32960/apple-push-notification-services-in-ios-6-tutorial-part-1
The second website i used was a comment from within the website was the following:
http://arashnorouzi.wordpress.com/2011/06/19/sending-apple-push-notifications-in-asp-net-and-c-–-part-4-apns-sharp-c-wrapper-class/
First of all i create a Certificate signing request.
I then upload this to my app ID which alows me to generate a ape_dev certificate.
I then go to my key chain and navigate to the "keys" i export the .p12 certificate that i just created.
I now have three different files
My p12 file, my development certificate and my certificate signing request.
I then open terminal and i type the following:
$ openssl x509 -in aps_development.cer -inform der -out PushChatCert.pem
This then creates a new pem certificate.
The thing i type is the following
$ openssl pkcs12 -nocerts -out PushChatKey.pem -in PushChatKey.p12
It prompts for the password which i enter, i use the same password as the one when i created the certificates.
After i have done this I'm left with 2 new files both of which are PEM files.
I need to combine both of these PEM files into one p12 file for it to be able to work on my windows server.
I have tried combining it using the following line
openssl pkcs12 -export \
-in aps_developer_identity.pem \
-out aps_developer_identity.p12 \
-inkey APSCertificates.pem
This in fact works and gives me a p12 file.
I then switched back to he raywenderlich website and i typed the following:
$ openssl s_client -connect gateway.sandbox.push.apple.com:2195
-cert PushChatCert.pem -key PushChatKey.pem
It loads but i recieve the following error:
error:num=20:unable to get local issuer certificate
Please does any one know what im doing wrong im so fed up of going round in circles.
When i upload the certificate to the server and put the ad-hoc version off the application on the device im still not receiving any notifications that i am sending
Thanks in advance.
See if this answer helps Creating .pem file for APNS?
In short: openssl pkcs12 -in apns-dev-cert.p12 -out apns-dev-cert.pem -nodes -clcerts
When you first generated your CSR, you did it with a private key. This can be opaque depending on how you did it. What I do is generate the key with openssl and then make the CSR using that key. That key is then the 'in key' when you make the p12.
Here are my steps
The first step is to generate a Certificate Signing Request. This is the same as it would be for any SSL cert. You will need a private key for this.
openssl genrsa -out aps_development.key -passout pass:foobar 2048
Then you can make the CSR using that key you just created
openssl req -new -key aps_development.key -out CertificateSigningRequest.certSigningRequest -subj "/emailAddress=yourAddress#example.com, CN=John Doe, C=US"
From here you will go to developer.apple.com and revoke the current APN cert and make a new one. It will ask for your CSR and when its done it will give you a .cer file.
Convert the .cer file into a DER formatted .pem file (assuming aps_development.cer is the file you got in the download from the Apple developer site).
openssl x509 -in aps_development.cer -inform DER -outform PEM -out aps_development.pem
Convert the .pem to a .p12. You'll note that you are supplying the key file you made at the beginning of step 1. You will need the password you supplied there.
openssl pkcs12 -export -in aps_development.pem -inkey aps_development.key -out aps_development.p12