Question

我没有任何可用的OSX设备，但是想要启用向iOS设备发送推送通知（对于第三方将要实现的应用程序）。我的计划是使用Parse作为推送通知服务，他们只有instructions that use Keychain可用。

我试过运气，但他们的网络应用程序总是拒绝我的请求，我在网上找到的所有指南都只引用了Keychain应用程序。

我最初尝试的命令是：

openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key

然后我填写了我被提示的所有字段。这是将CSR上传到Apple Push Certificates Portal：

后的结果

enter image description here

“正确格式”链接指向IT management page。

Answer 1

如何在没有钥匙串的情况下创建Apple推送证书？

这取决于您要使用的内容，但您尚未指定要使用的内容（不是 Keychain除外）。

以下说明将为您提供CSR，但Apple必须签署并提供证书（如果我正确阅读Programming Apple Push Notification Services）。

我试过运气，但他们的网络应用程序总是拒绝我的请求，我在网上找到的所有指南都只引用了Keychain应用程序。

原谅我的无知......你有一个iOS开发者帐户吗？

以下是钥匙串生成的CSR的样子。它来自一个旧的（或者当前的）开发者帐户（我更改了转储中的名称和电子邮件地址）：

$ openssl req -text -in CertificateSigningRequest.certSigningRequest 
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: emailAddress=jdoe@example.com, CN=John Doe, C=US
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c4:c7:10:f4:62:74:f3:41:57:b6:1e:c7:23:51:
                    8d:bc:7c:6e:14:52:f3:c9:44:92:46:be:64:10:ec:
                    c8:cf:45:a6:7c:35:09:2d:b7:a0:f9:0b:9c:7a:cb:
                    f9:ba:49:de:cf:fa:0c:d5:5b:cc:cc:02:41:8c:d0:
                    e7:79:57:0a:46:b6:9c:99:b2:ae:3e:0e:a6:35:35:
                    f3:b8:7a:96:0c:25:eb:cf:7e:9a:d3:88:f1:49:ad:
                    80:3d:42:f2:6b:86:a3:1b:5e:34:fa:49:77:ea:f4:
                    e6:3c:af:c5:5d:32:ec:63:fe:c5:e9:ff:0f:f3:42:
                    f6:c0:d9:b5:90:27:ab:57:e2:2d:8b:23:ab:d3:90:
                    3e:40:74:fc:80:a3:ed:70:ec:e2:27:a3:64:fa:f8:
                    f7:28:b2:66:8e:ab:fa:aa:13:a2:53:ba:b4:7e:15:
                    61:a5:79:46:66:c8:d6:3e:0b:37:9a:a7:eb:53:91:
                    3b:fc:d8:52:14:51:99:8e:6e:c6:57:a0:95:d4:4f:
                    f7:1d:fc:66:b2:a2:f1:dd:ff:83:46:2b:09:3e:87:
                    d0:c2:d7:5e:27:0f:ff:78:9f:e8:6a:32:61:54:f0:
                    d1:e8:d1:5c:1c:b5:01:8e:2b:51:04:ac:4a:15:d3:
                    12:3f:71:fb:e3:8d:da:6d:2a:00:9d:06:bd:e8:3e:
                    5b:7d
                Exponent: 65537 (0x10001)
        Attributes:
            a0:00
    Signature Algorithm: sha1WithRSAEncryption
         3e:4e:ce:7a:db:16:23:93:60:02:4b:23:6d:a3:46:fb:62:01:
         18:9e:a6:ce:d7:6e:c9:14:16:47:e8:63:ca:5c:a0:f2:ca:b1:
         61:6d:72:38:ce:1b:17:ee:f8:51:f8:34:a1:53:25:2c:f1:a2:
         ed:44:0c:62:ca:d9:14:82:8b:24:5d:0e:ea:38:2d:01:09:65:
         d8:9e:41:ec:84:fe:ac:f3:cd:d7:df:06:a6:30:fe:12:d8:c6:
         e5:ed:b0:fc:f3:7a:6d:83:b4:d5:f2:77:4f:75:22:27:15:27:
         e1:00:ed:70:e5:e8:5d:2f:2a:18:ad:c0:fb:4e:f8:d5:6d:68:
         1b:0a:44:81:de:5c:1c:07:46:b8:e1:9c:64:c9:9a:14:55:90:
         00:c0:6b:90:ed:bb:c9:92:50:9c:c1:6f:f6:a0:bf:b4:25:b7:
         0c:e4:69:b5:30:29:29:f8:3c:a9:0b:b1:37:71:7c:53:d0:45:
         65:8a:24:34:6f:25:ab:ff:63:cb:8d:a7:62:f9:c8:58:a9:b4:
         f0:8a:c2:5e:fc:74:06:e2:d5:38:05:d5:4e:ef:67:42:f9:f8:
         7f:b5:6c:0e:07:31:15:c3:b5:a3:61:fb:be:7d:9c:3c:b0:b4:
         01:8c:33:e8:86:07:9e:9a:72:af:22:f3:ab:a0:33:1f:f6:5f:
         43:a1:35:8f
-----BEGIN CERTIFICATE REQUEST-----
MIICjjCCAXYCAQAwSTEhMB8GCSqGSIb3DQEJARYSbm9sb2FkZXJAZ21haWwuY29t
MRcwFQYDVQQDDA5KZWZmcmV5IFdhbHRvbjELMAkGA1UEBhMCVVMwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDExxD0YnTzQVe2HscjUY28fG4UUvPJRJJG
vmQQ7MjPRaZ8NQktt6D5C5x6y/m6Sd7P+gzVW8zMAkGM0Od5VwpGtpyZsq4+DqY1
NfO4epYMJevPfprTiPFJrYA9QvJrhqMbXjT6SXfq9OY8r8VdMuxj/sXp/w/zQvbA
2bWQJ6tX4i2LI6vTkD5AdPyAo+1w7OIno2T6+PcosmaOq/qqE6JTurR+FWGleUZm
yNY+Czeap+tTkTv82FIUUZmObsZXoJXUT/cd/GayovHd/4NGKwk+h9DC114nD/94
n+hqMmFU8NHo0VwctQGOK1EErEoV0xI/cfvjjdptKgCdBr3oPlt9AgMBAAGgADAN
BgkqhkiG9w0BAQUFAAOCAQEAPk7OetsWI5NgAksjbaNG+2IBGJ6mztduyRQWR+hj
ylyg8sqxYW1yOM4bF+74Ufg0oVMlLPGi7UQMYsrZFIKLJF0O6jgtAQll2J5B7IT+
rPPN198GpjD+EtjG5e2w/PN6bYO01fJ3T3UiJxUn4QDtcOXoXS8qGK3A+0741W1o
GwpEgd5cHAdGuOGcZMmaFFWQAMBrkO27yZJQnMFv9qC/tCW3DORptTApKfg8qQux
N3F8U9BFZYokNG8lq/9jy42nYvnIWKm08IrCXvx0BuLVOAXVTu9nQvn4f7VsDgcx
FcO1o2H7vn2cPLC0AYwz6IYHnppyryLzq6AzH/ZfQ6E1jw==
-----END CERTIFICATE REQUEST-----

和

$ openssl asn1parse -inform PEM -in CertificateSigningRequest.certSigningRequest 
    0:d=0  hl=4 l= 654 cons: SEQUENCE          
    4:d=1  hl=4 l= 374 cons: SEQUENCE          
    8:d=2  hl=2 l=   1 prim: INTEGER           :00
   11:d=2  hl=2 l=  73 cons: SEQUENCE          
   13:d=3  hl=2 l=  33 cons: SET               
   15:d=4  hl=2 l=  31 cons: SEQUENCE          
   17:d=5  hl=2 l=   9 prim: OBJECT            :emailAddress
   28:d=5  hl=2 l=  18 prim: IA5STRING         :jdoe@example.com
   48:d=3  hl=2 l=  23 cons: SET               
   50:d=4  hl=2 l=  21 cons: SEQUENCE          
   52:d=5  hl=2 l=   3 prim: OBJECT            :commonName
   57:d=5  hl=2 l=  14 prim: UTF8STRING        :John Doe
   73:d=3  hl=2 l=  11 cons: SET               
   75:d=4  hl=2 l=   9 cons: SEQUENCE          
   77:d=5  hl=2 l=   3 prim: OBJECT            :countryName
   82:d=5  hl=2 l=   2 prim: PRINTABLESTRING   :US
   86:d=2  hl=4 l= 290 cons: SEQUENCE          
   90:d=3  hl=2 l=  13 cons: SEQUENCE          
   92:d=4  hl=2 l=   9 prim: OBJECT            :rsaEncryption
  103:d=4  hl=2 l=   0 prim: NULL              
  105:d=3  hl=4 l= 271 prim: BIT STRING        
  380:d=2  hl=2 l=   0 cons: cont [ 0 ]        
  382:d=1  hl=2 l=  13 cons: SEQUENCE          
  384:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
  395:d=2  hl=2 l=   0 prim: NULL              
  397:d=1  hl=4 l= 257 prim: BIT STRING

因此，诀窍可能是正确构建主题，并省略CSR中常见的其他字段。也就是说，主题DN应与上述emailAddress=jdoe@example.com, CN=John Doe, C=US类似。

您可以使用openssl req和-subj参数执行此操作。手册页是req(1)，最简单的方法是使用示例了解-subj开关（如下所示）。

以下内容似乎生成了等效的CSR。

$ openssl req -out ./test.csr -new -newkey rsa:2048 -sha1 -nodes -keyout ./test.key -subj "/emailAddress=jdoe@example.com/CN=John Doe/C=US"
Generating a 2048 bit RSA private key
...............+++
...+++
writing new private key to './test.key'

这是转储：

$ openssl req -text -in test.csr 
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: emailAddress=jdoe@example.com, CN=John Doe, C=US
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:aa:f8:4e:3a:0b:51:dd:3e:cd:ba:f4:be:e9:3a:
                    84:88:b4:ec:11:97:c1:0f:f5:96:49:77:5c:8f:39:
                    81:09:69:29:cd:bc:8e:cd:79:2a:58:bd:d5:f8:10:
                    41:dc:e3:a7:b7:78:a8:cb:1e:d3:8b:0b:4e:e7:26:
                    5b:7d:1d:ee:fc:1d:60:9a:73:cf:6d:95:1a:9a:6f:
                    98:8a:4c:af:a3:3f:95:21:70:ee:7d:81:c6:d0:0c:
                    32:ee:46:cc:d5:02:83:58:82:04:f9:02:6e:56:68:
                    66:93:7c:d5:5f:91:2d:bb:af:e5:e8:71:d7:6e:53:
                    22:3d:66:c2:66:a8:c1:a2:62:4c:10:0d:e7:57:2e:
                    1f:20:f3:ed:15:b6:10:69:c9:61:39:4d:1c:56:a9:
                    b0:f5:ba:8e:48:fb:23:27:1a:e0:40:c2:be:74:80:
                    79:76:15:a4:6e:da:7d:76:4e:ec:88:fc:cd:5d:11:
                    f1:cc:68:5c:c8:2d:98:e8:a9:8d:8c:27:9b:b3:80:
                    87:36:53:d5:67:ab:f1:0a:07:a9:ab:96:c1:43:9f:
                    8d:4d:d6:b1:22:12:6c:43:58:ef:b5:89:3c:40:ea:
                    8c:81:24:68:88:7c:26:a5:2f:55:d3:86:69:ca:3f:
                    78:21:44:d4:6c:8b:66:de:35:0a:ce:6d:7b:a5:17:
                    28:f5
                Exponent: 65537 (0x10001)
        Attributes:
            a0:00
    Signature Algorithm: sha1WithRSAEncryption
         37:52:8c:a8:d4:b2:00:9e:e9:da:10:28:27:17:a3:68:46:1d:
         aa:b0:e9:bb:d8:5e:ae:ef:8f:a7:f4:6b:98:43:28:1f:9b:3b:
         e5:4d:7d:14:3c:bf:58:4f:1a:20:52:ae:90:77:bb:4b:92:a7:
         9c:54:b0:67:a6:75:9d:93:1c:aa:21:f9:8a:74:5d:f3:90:60:
         d4:de:12:03:9b:32:94:d8:49:5e:13:f3:5c:bc:0c:fc:ce:06:
         7e:2e:d8:06:94:af:d2:1d:ab:83:dc:59:3a:83:24:54:02:f9:
         e8:7d:e9:d8:1b:82:1a:99:75:26:70:6e:31:f2:ca:0d:12:f0:
         a2:23:7c:dc:b0:59:fc:80:d4:3f:1f:7a:2f:25:7b:16:9d:7e:
         c5:82:d2:1b:29:df:43:7f:81:4e:00:56:af:44:12:3a:0c:b4:
         8b:f9:ba:15:b9:bd:3a:3e:fa:6e:95:37:47:62:29:1f:c4:12:
         6d:cd:94:55:e7:6f:83:c1:37:8d:65:74:b1:dd:7f:9f:74:d4:
         aa:0e:ff:ed:c5:23:d6:83:e8:dc:d7:10:44:57:2b:4b:6f:ec:
         8d:75:da:e3:55:dd:62:e9:46:ed:f8:ae:5d:f4:19:a3:52:c2:
         cc:9d:9e:14:4b:b1:76:10:90:c1:4b:f6:ce:c0:92:b5:e6:a2:
         bc:d8:36:b9
-----BEGIN CERTIFICATE REQUEST-----
MIICjjCCAXYCAQAwSTEhMB8GCSqGSIb3DQEJARYSbm9sb2FkZXJAZ21haWwuY29t
MRcwFQYDVQQDDA5KZWZmcmV5IFdhbHRvbjELMAkGA1UEBhMCVVMwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCq+E46C1HdPs269L7pOoSItOwRl8EP9ZZJ
d1yPOYEJaSnNvI7NeSpYvdX4EEHc46e3eKjLHtOLC07nJlt9He78HWCac89tlRqa
b5iKTK+jP5UhcO59gcbQDDLuRszVAoNYggT5Am5WaGaTfNVfkS27r+XocdduUyI9
ZsJmqMGiYkwQDedXLh8g8+0VthBpyWE5TRxWqbD1uo5I+yMnGuBAwr50gHl2FaRu
2n12TuyI/M1dEfHMaFzILZjoqY2MJ5uzgIc2U9Vnq/EKB6mrlsFDn41N1rEiEmxD
WO+1iTxA6oyBJGiIfCalL1XThmnKP3ghRNRsi2beNQrObXulFyj1AgMBAAGgADAN
BgkqhkiG9w0BAQUFAAOCAQEAN1KMqNSyAJ7p2hAoJxejaEYdqrDpu9heru+Pp/Rr
mEMoH5s75U19FDy/WE8aIFKukHe7S5KnnFSwZ6Z1nZMcqiH5inRd85Bg1N4SA5sy
lNhJXhPzXLwM/M4Gfi7YBpSv0h2rg9xZOoMkVAL56H3p2BuCGpl1JnBuMfLKDRLw
oiN83LBZ/IDUPx96LyV7Fp1+xYLSGynfQ3+BTgBWr0QSOgy0i/m6Fbm9Oj76bpU3
R2IpH8QSbc2UVedvg8E3jWV0sd1/n3TUqg7/7cUj1oPo3NcQRFcrS2/sjXXa41Xd
YulG7fiuXfQZo1LCzJ2eFEuxdhCQwUv2zsCSteaivNg2uQ==
-----END CERTIFICATE REQUEST-----

Answer 2

由于第三方打算实施iOS应用程序，他们应该有一个iOS开发者帐户和Mac，所以他们应该很容易创建这个证书作为设置iOS应用程序的一部分（他们需要无论如何都要这样做。）

Answer 3

再次遇到KeyChain问题后，我终于抽出时间再试一次。

@ jww的方法对我来说似乎很好，不知道它为什么不起作用，但这就是我们现在正在使用它并且它运作良好：

# Generate a private key
openssl genrsa -out aps-production.key 2048
# Generate a signing request
openssl req -new -sha1 -key aps-production.key -subj '/emailAddress=my@email.address CN=My Certificate Name C=DE' -out aps-production.csr

确保在主题中使用正确的C=XX国家/地区代码。

另请注意，在MinGW / MYSYS上（与Windows上的Git Bash一起使用），you'll have to escape the subject differently。

如何在没有钥匙串的情况下创建Apple推送证书？

3 个答案: