Request for Keychain or Private Key Details for Certificate Generation

[DeepakAphro121]

I am reaching out regarding an issue I encountered while generating a certificate from Codemagic Admin using the App Store API key. I noticed that the process does not provide details on which keychain was used, nor does it supply the private.key when OpenSSL is used.

For my current project, it is essential to have access to the specific keychain used and the private.key for security and maintenance purposes. Could you please guide me on how to obtain this information or if there is a specific setting that needs to be enabled to include these details in the certificate generation output?

Additionally, I have taken a subscription to Codemagic, and I would appreciate any assistance you can provide to resolve this issue promptly.

[himesh-cm]

Hey @DeepakAphro121, referencing your other issue here as well: https://github.com/orgs/codemagic-ci-cd/discussions/2557.

If there is an internal requirement to use a specific keychain and private key, how do you intend to use the API endpoints alongside the aforementioned requirement? Could you combine both of your requirements and share more about the use case? Are you managing multiple white-label apps?

Please note that you should contact our team through the chat widget in the UI for a quicker response, as your team is on a paid plan.

[DeepakAphro121]

Hi @himesh-cm,

Thank you for your previous response.

I would like to further clarify my requirement regarding the certificate generation process. When I generate a certificate using Codemagic's "Generate certificate" option, the certificate is successfully created. However, for security and management purposes, I need access to the Certificate Signing Request (CSR) file that is typically used to register each certificate with the keychain.

Current Process:

I generate a certificate using Codemagic's "Generate certificate" option.
The certificate is created, but the associated CSR file is not provided.
Requirement:

I need the CSR file generated along with the certificate. This is crucial for securing the certificate and ensuring compliance with our internal security protocols.
Is there a way to configure Codemagic to provide the CSR file along with the generated certificate? If not, could you guide me on how to obtain the CSR file used during the certificate generation process?

Your assistance with this matter is highly appreciated.

Best regards,
Deepak Kumar

[himesh-cm]

Hey @DeepakAphro121,

Thank you for providing detailed information. If you want to have more control over the CSR, please generate them locally and then upload them to the Codemagic dashboard.

You can use the following link to generate the CSR: https://developer.apple.com/help/account/create-certificates/create-a-certificate-signing-request/

Once you have generated the above credentials, create a Distribution certificate on the Apple Developer portal and upload it to Codemagic. You will also need to update the provisioning profiles to use the new certificate and upload them to Codemagic.

Currently, we do not offer endpoints to manage profiles and certificates. Let me know if you encounter any issues.

[DeepakAphro121]

Hi @himesh-cm,

We are building a no-code app builder (SAAS) allowing ecommerce clients to build their apps using pre-built templates and integrations on the web-admin. We have been able to generate APKs and AAB files for Android using Bitbucket pipelines. We are trying to build iOS builds using codemagic. 

We couldn't find some endpoints in codemagic to do it via API calls:-

• upload certificate (in case our user have one)
• Generating certificate (in case user doesn't have one)
• Provisioning profile (upload and generate)
• Upload app store api key
• Upload Environment variables

Since we are trying to achieve this for our SAAS product, it would be nice if we can have the APIs for this instead of manually doing so. If we have to manage certificates and provisioning profiles for users manually, our use case will fail. Please suggest a solution so this can be achieved via APIs/ dynamically from our server to codemagic's. 

below are some screenshots of my no-code platform how it work

[himesh-cm]

Hey @DeepakAphro121, Please connect us via the contact form > General Inquiry here and let's discuss the same over Google meet.

[DeepakAphro121]

Hi @himesh-cm,

Thank you for your prompt response.

I will reach out via the contact form for a General Inquiry as suggested and arrange a Google Meet to discuss this further.

Thank you for your assistance.

Best regards,
Deepak Kumar

[DeepakAphro121]

Hi @himesh-cm,

I have reached out via the contact form for a General Inquiry as suggested, but unfortunately, I have not received any response yet. We are eager to discuss our requirements and potential solutions over a Google Meet as soon as possible.

Could you please assist in expediting this process and organize the Google Meet? Please send the meeting link to my email:

As we have taken your subscription, I would appreciate a prompt response as this is an urgent matter affecting our work.

Thank you for your assistance.

Best regards,
DeepakAphro121

[himesh-cm]

Please check your email @DeepakAphro121

[himesh-cm]

The thread is continued via email

[irajeshverma2020]

Hi @himesh-cm

Was there any update for this thread?

I was also looking at a similar problem. Want to be able to create/upload/manage certificates via api or any other way programitcally. Have a similar use-case
Looking for some answers, if that's possible somehow.