错误1：WARNING: no real random source present!

解决：请关掉全局断点

错误2：The specified item could not be found in the keychain.（在钥匙串中找不到指定的项。）

一：Exporting the private key

1、Right click on private key

2、Export

3、Make sure p12 file format is selected

4、Save

5、Enter a password (optional)

6、Allow access to export key

7、Open Terminal and go to exported directory

8、Extract key from p12 container

Be careful as the .pem private key is no longer password protected)

$ openssl pkcs12 -in Certificates.p12 -out Certificates.pem -nodesEnter Import Password: ********************MAC verified OK

二：Creating new CSR with exported private key

$ openssl req -out Certificates.csr -key Certificates.pem -newYou are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [AU]:.State or Province Name (full name) [Some-State]:.Locality Name (eg, city) []:.Organization Name (eg, company) [Internet Widgits Pty Ltd]:.Organizational Unit Name (eg, section) []:.Common Name (e.g. server FQDN or YOUR name) []:John Doe Dev KeyEmail Address []:thon@example.comPlease enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:An optional company name []:

My goal was to create a CSR (certificate signing request) using my existing private key to submit to Apple to generate a new iPhone Distribution certificate. I made sure Certificates was the selectedCategoryon the left. I tried right clicking my private key and clicking onRequest a Certificate From a Certificate Authority With Imported Private Keyand would get the following error when I try to save it.

The specified item could not be found in the keychain.

I also got the same error when I went through the file menu:Keychain Access>Certificate Assistant

What I've gathered from other internet sources is that Keychain

Access DOES NOT allow you to create a new CSR if you imported the

private key, only if you created the key locally from the tool.

What I ended up doing instead was exporting the private key and using

openssl to generate the new CSR, which Apple accepted, and now

references the new Imported Private Key.

Exporting the private key

Right click on private key

Export

Make sure p12 file format is selected

Save

Enter a password (optional)

Allow access to export key

Open Terminal and go to exported directory

Extract key from p12 container

Be careful as the .pem private key is no longer password protected)

$ openssl pkcs12 -in Certificates.p12 -out Certificates.pem -nodesEnter Import Password: ********************MAC verified OK

三、Creating new CSR with exported private key

$ openssl req -out Certificates.csr -key Certificates.pem -newYou are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [AU]:.State or Province Name (full name) [Some-State]:.Locality Name (eg, city) []:.Organization Name (eg, company) [Internet Widgits Pty Ltd]:.Organizational Unit Name (eg, section) []:.Common Name (e.g. server FQDN or YOUR name) []:John Doe Dev KeyEmail Address []:thon@example.comPlease enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:An optional company name []:

A couple things to note:

Enter . when you want the field to be blank, or the default will include whatever's in the brackets [].

Common Name (CN) should be your private key name (e.g., John Doe Dev Key)

Email Address should be your email address (e.g. thon@example.com)

Everything else should be blank

四、Verify your CSR

$ openssl req -noout -text -in Certificates.csrCertificate Request:    Data:        Version: 0 (0x0)        Subject: CN=John Doe Dev Key/emailAddress=thon@example.com

        Subject Public Key Info:            Public Key Algorithm: rsaEncryption

            RSA Public Key: (2048 bit)                Modulus (2048 bit):                    …                Exponent: 65537 (0x10001)        Attributes:            a0:00    Signature Algorithm: sha1WithRSAEncryption

        …

What you should care about is on theSubjectline and verify that's correct.

Now all you need to do is submit it to Apple, wait for the

certificate to be generated, and then install it. After you import your

newly generated certificate, you will see that it'll reference the old

certificate that you exported above.