Wednesday, February 02, 2011

Renew Apple developer certificates with OpenSSL

I like to reuse the same private keys when generating a signing request to renew my Apple developer certificates.  Unfortunately you can't do this with Keychain Access, as it won't save the signing request file after you step through the wizard.  OpenSSL is your friend.

Open Keychain Access, RMB on the key your wish to use and click Export "[Key Name]".  Save it as a .p12 file with a strong password.  In my case it was StuartCarnie.p12.

Open a terminal session and convert the .p12 to a PEM with the following command

openssl pkcs12 -in StuartCarnie.p12 -out StuartCarnie.pem

You will be prompted  for your .p12 password, and also a password to encrypt your .pem.

Now generate the signing request with the following command.

openssl req -new -key StuartCarnie.pem -out StuartCarnie.csr

You'll be prompted for a few questions to place in the signing request, such as the country, etc.  At the very least, enter the Common Name (your name) and Email Address.  One you've completed this step, the .csr file can be submitted to Apple.


LunaticRaving said...

Actually, you can save the signing request file after completing the wizard. This is the method I've used for all of my Apple developer certificates.

Stuart said...

Indeed you can @LunaticRaving, but I'd rather not use the GUI :)