Export Certificate from Keychain in .p12 file format

Question

Created Jan ’22

Replies 3

Boosts 1

Views 19k

Participants 2

Hello everyone,

we are currently setting up Apple Pay for one of our Merchants. I am working with a Payment Service Provider in cooperation with a Business Processing partner.

We setup the Payment Processing Certificate and a Merchant ID Certificate and imported it to our Keychain. However when trying to export it one file format is greyed out. Bildschirmfoto 2022-01-26 um 12.35.31.png

How can we export the Certificate from our Keychain in Personal Information Exchange (.p12) format?

greetings

Answered by DTS Engineer in 703112022

The .p12 option is greyed out because you’ve selected a certificate, not a digital identity. This difference is something I cover in detail in Certificate Signing Requests Explained.

As to how you fix that, I can’t provide detailed help with that — because I’m not familiar with the Apple Pay merchant identity workflow — but the basic idea is that you have to track down the private key associated with the certificate and add it to the same keychain. That’ll then form a digital identity (shown under My Certificates in Keychain Access) and you’ll be able to export that as a .p12.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Boost

Answer 1

DTS Engineer OP

Apple

Jan ’22

Accepted Answer

The .p12 option is greyed out because you’ve selected a certificate, not a digital identity. This difference is something I cover in detail in Certificate Signing Requests Explained.

As to how you fix that, I can’t provide detailed help with that — because I’m not familiar with the Apple Pay merchant identity workflow — but the basic idea is that you have to track down the private key associated with the certificate and add it to the same keychain. That’ll then form a digital identity (shown under My Certificates in Keychain Access) and you’ll be able to export that as a .p12.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

3

Answer 2

RocketBP47 OP

Jan ’22

thank you for your input, eskimo. We dont create the certificate signing requests ourselves.

From our partners Dashboard we get two files: the first pair of the Payment Processing Certificate and the Merchant Identity Certificate. These files are then uploaded to our Apple Developer Account and then give us the final certificates to download: apple_pay.cer and merchant_id.cer

Both of these files are added to the Keychain but we are still unable to export it in .p12

Shouldnt the private key already be included in the csr?

0

Answer 3

DTS Engineer OP

Apple

Feb ’22

Shouldnt the private key already be included in the csr?

No. To quote my doc:

It prompts you to save a .certSigningRequest file (CSR). This contains a copy of the public key.

CSRs never contain a private key; that runs counter to the whole design of PKI.

It sounds like you need to engage with your partner to find out where the private key ended up.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0