CSR algorithm/size incorrect. Expected: RSA(2048)

My development and production APNS certificates are due to expire in January so I've just started the renewal process.


I open keychain access and ask Certificate Assistant > Request a certificate from a certificate authority.


I filled out the fields as normal (my email, descriptive text, save to disk) and it generated the .certSigningRequest file but when I upload that I get:


An unspecified error occurred.

CSR algorithm/size incorrect. Expected: RSA(2048)


Now I can't see any settings for what CSR algorithm or size in the certificate assistant dialog.


This is keychain access Version 9.0 (55171.20.2) running on El Capitan.


Any ideas why this is failing and what I should do to fix it?

Post not yet marked as solved Up vote post of chrissearle Down vote post of chrissearle
14k views
Posted by
chrissearle
Reply
Add a Comment

Replies

I have the same problem. Did you find a solution?

Posted by
jehnes
Post not yet marked as solved Up vote reply of jehnes Down vote reply of jehnes
Add a Comment

I'm having the same proboem right now, also with El Capitan and a fresh itunes connect account.

Posted by
curridabat
Up vote reply of curridabat Down vote reply of curridabat
Add a Comment

I'm having the same problem. Have not yet been able to google myself an answer.

It's not as if one is given any options to change the CSR algorithm...

Anybody found a way around it yet?


/A

Posted by
Logastellus
Up vote reply of Logastellus Down vote reply of Logastellus
Add a Comment

I'm having the same problem.

Posted by
DenHaven
Up vote reply of DenHaven Down vote reply of DenHaven
Add a Comment

Same here...

Posted by
Peopletrust
Up vote reply of Peopletrust Down vote reply of Peopletrust
Add a Comment

Can anybody explain how fix this issue? I'm creating certificate for the first time and can't go next step because of this.

Posted by
Dimus
Up vote reply of Dimus Down vote reply of Dimus
Add a Comment

+1 on this. I get an option with request a certificate from a certificate authority with "imessage encryption key"... And the request is invalidated with the same error. My account is also about to expire but I guess there are few months remaining.

Posted by
airportX
Up vote reply of airportX Down vote reply of airportX
Add a Comment

I figured out the problem. It seems like you need to make sure that you have selected "iCloud" in the list of keychains. This is usually present at the top left of your keychain access window. Once you have iCloud selected there, click on the Keychain Access -> Certificate Assistant -> Request a certificate from a certificate authority and follow the usual steps. This worked like a charm.

Posted by
airportX
Up vote reply of airportX Down vote reply of airportX
Add a Comment

Just got this error also


Fixed it by clicking Keychain Access -> Certificate Assistant -> Open..

My Request a certificate from a certificate authority had "IMessenger" addded at the end


Hope this helps

Posted by
fireScout
Post not yet marked as solved Up vote reply of fireScout Down vote reply of fireScout

  • Thanks fireScout. That works for me. This step is missing in the developer.apple.com 'help'.

    ak00
Add a Comment

As the error message indicates, the Certificate Signing Request for the Merchant Identity Certificate requires the RSA-2048 algorithm. As an alternative, you can use openSSL to generate the CSR via the following steps:

  1. Execute the following openSSL command to create a private key:

openssl genrsa -out privateKey.key 2048

  1. Execute the following openSSL command to generate a certificate signing request (CSR) from the private key:

openssl req -new -key privateKey.key -out certificateSigningRequest.csr

  1. Login to the Apple Developer Portal and upload the CSR file. You can then download the newly generated certificate.
Posted by
RB3207
Up vote reply of RB3207 Down vote reply of RB3207

  • @RB3207 Thanks for the input here, it worked but now my merchant ID cert won't upload to Shopify. Shopify states "An error occurred while trying to save the certificate." Did you run into this issue?

    meta_merritt
Add a Comment

I have changed file extension from certSigningRequest.certSigningRequest ◁ to ▶︎ certSigningRequest.csr and Its working fine for me.

Posted by
Luna Aplicativos
Up vote reply of Luna Aplicativos Down vote reply of Luna Aplicativos
Add a Comment

Remove/create again Merchant ID.

Posted by
olegfromvolgograd
Up vote reply of olegfromvolgograd Down vote reply of olegfromvolgograd
Add a Comment

OK, this issue confounded me. I reached out to Apple and they sent me here. The suggestions didn't work. But I found my particular issue.

First, I followed the directions given by Apple. https://developer.apple.com/help/account/create-certificates/create-a-certificate-signing-request

When I went into Keychain Access > Certificate Assistant... many of the options ended with "With <key>"... literally those words. This would generate a faulty certificate. The issue was that I had "login" selected under Default Keychains in the app, but had no key selected. Apple should update their instructions to tell you select "System" instead. Then when you go into the Keychain Access > Certificate Assistant... none of the options will be for a key (or an unselected one) and that process will work.

Apple, you may send me my support assistance check.

Posted by
jkichline
Post not yet marked as solved Up vote reply of jkichline Down vote reply of jkichline
Add a Comment