I've consulted many sources out there and still can't figure this out.

http://code.google.com/p/apns-php/wiki/CertificateCreation

Basically after I download the Development Push SSL Certificate from the iOS Provisioning Portal > App IDS (with Enable for Apple Push Notification service selected) and I double click the certificate (filename aps_development.cer) to open it, the Keychain opens. I then select "login" and "Certificates" on the left panels. On the right panel I see "Apple Development IOS Push Services:..." and all instructions I've consulted so far have told me to "expand" this option by clicking the arrow next to the name to reveal the private key, but there is no expand option for this certificate. Can anyone help me find this private key? Did I download the wrong certificate?

Thanks

I noticed that the expand icon is actually visible when clicking on 'My Certificates' in the left menu (Keychain).

My problem was that, for some reason the various certs were being added to the 'System' keychain instead of the 'login' one.

By selecting 'login' and then adding them with the little '+' (next to the i) they've been added to the right place.

What I faced, when I was creating CSR file, I was putting Common Name with a space. And the certificates created by this CSR file were not showing expand arrow in the Keychain Access

After I made a new CDR File with a short common name and recreated certificates, it installed well and has a private key.

on the machine you are trying to access this cert, do you have the key with which you signed the Certificate Signing Request (based on which apple created that certificate for you)?

You should ask the person who created that certificate. Thats probably the only way you can get the private key.

I had the exact same problem. Double-clicking the .cer file put the certificate in the Keychain, but did not show any private key (nor was the entry expandable).

I fixed the issue with these steps:

1. Quit keychain access.
2. right-click the .cer file (e.g. aps_production.cer)
3. Select "Open With > Keychain access (default)"

... and voila, now it shows up with the private key. Which is rather odd, since it was opening Keychain access anyways.

Goto the keychain access and follow steps as given below...

I was just double clicking on the certificate. What helped me eventually was to drag the certificate into the relevant section.

More details can be found in this blog: How to Export a Push Notification Certificate in a p12 file?

Delete the certificate that has no private key. Open Login in Keychain, then drag the file from Finder to Login and your certificate now has a private key!

Leaving this here in the hope that it helps somebody with similar symptoms - When you click aps.cer for opening it with Keychain Assistant, it prompts you with a dialog to select a keyring to import the Certificate into. For me, the private key didn't show up in a collapsible for any other keyring than login (i.e. others such as System or System Roots seemed to show only the Certificate).

My problem was that I was not looking under "Certificates" but under "All Items":

Yet another answer to this...

After you create your CSR, before actually uploading it to the Apple site, you can go look within Keychain Access under the logins -> keys and see that you already have new public and private keys with the same name as you entered in your new CSR's CommonName.

So when you upload the CSR to the Apple, then download the certificate, then double-click the certificate, Keychain access is just matching up that downloaded certificate with the public key that was already in your Keychain Access list and it attaches the private key.

So if you are not able to get the private key after all of this, try recreate your CSR.

The strange thing to me is that, I had read that you could use the same CSR each time you recreate your certificate, but for some reason that is not working for me. Perhaps because the old expired certificate that I was replacing was no longer in my Keychain Access list and so therefore there was no public/private key pair that matched the newly generated certificate.

The .cer file does not contain the private key, only the public one. So all of these solutions are relevant only from the computer who issued the original CSR, or from a computer where the original certificate's keypair was imported to Keychain.

If you don't have access to the private key, yiou would have to generate a new certificate. However - you do not have to invalidate the old one from Apple's certificate portal, as you may use multiple APNS certificates for the same app ID.