iOS Build Environment Help Center

How to Generate a 256 bit Certificate Signing Request

append delete bun

• Windows version : 10
• Builder version 3.62
• iOS SDK version 16.11

I'm trying to generate an Apple Pay Payment Processing Certificate, but it's asking me for a certificate signing request. I uploaded the one I made from the keychain tool but it's telling me:

Incorrect CSR Key Pair
Expected a Key Pair with ECC Algorithm and key size of 256 bits. Create a new CSR and try again.

Is there a way to generate a new CSR that's 256 bits?

P.S. Thank you - this asset has been a saviour to my development cycle and the documentation is great especially since I'm very technically unskilled at this stuff.
Apologies if this has been asked before, but I had searched and couldn't find the question.

:: @bun added on 07 Apr ’24 · 07:57

• Windows version : 10
• Builder version 3.62
• iOS SDK version 17.4

I'm trying to generate an Apple Pay Payment Processing Certificate, but it's asking me for a certificate signing request. I uploaded the one I made from the keychain tool but it's telling me:

Incorrect CSR Key Pair
Expected a Key Pair with ECC Algorithm and key size of 256 bits. Create a new CSR and try again.

Is there a way to generate a new CSR that's 256 bits?

P.S. Thank you - this asset has been a saviour to my development cycle and the documentation is great especially since I'm very technically unskilled at this stuff.
Apologies if this has been asked before, but I had searched and couldn't find the question.

Reply RSS

Replies

append delete #1. Pierre-Marie Baty

Hello

At the moment tke Keychain tool UI can't generate certificate signing requests with the ECC algorithm, it only supports RSA. I have to update it. Meanwhile you can generate such a certificate signing request "by hand" with the OpenSSL binary that comes with the toolchain.

Note that for this you need an ECC private key too, which means you'll have two private keys (associated with two sets of certificates): one with the RSA algorithm for code signing your iOS apps, and one with the ECC algorithm for your Apple Pay needs.

The syntax would be: 

% step 1. Create ECC private key with 256 bits size
"%IOSUNITYBUILDER_PATH%\Toolchain\openssl.exe" ecparam -out my_apple_pay.key -name prime256v1 -genkey
%
% step 2. Create a Certificate Signing Request to obtain a certificate for use with this private key
"%IOSUNITYBUILDER_PATH%\Toolchain\openssl.exe" req –new –sha256 –key <your keyname> -nodes –out <your CSR filename>
%

The only data you need to supply when creating your CSR is: emailAddress (your Apple ID email address), CN (Common Name), C (Country, in two-letters abbreviation)

Let me know if you need more instructions. I take note to improve the keychain tool UI so that it can generate those types of private keys and CSRs.

:: @Pierre-Marie Baty added on 08 Apr ’24 · 10:23

Note: in step 1, "my_apple_pay.key" is the name of the file where your private key will be stored. Use it in place of the <your keyname> placeholder in step 2.

Reply

(Leave this as-is, it’s a trap!)

There is no need to “register”, just enter the same name + password of your choice every time.

Pro tip: Use markup to add links, quotes and more.

Moderators: Pierre-Marie Baty