Distribution Managed Expiration? - ios

Currently my Distribution Managed expires . Now the question that I have is do I need to revoked it and then create a new one? Im a bit confused because I cannot find that specific Certificate under the create a new certificates. So what do I need to do with it?. I already created a new Distribution certificate. But what know about the Distribution Managed one?. Also is there a way to automatically update or create a new certificate before its expires?
MY App is written in Flutter .

A little bit of information about certificates can be found here. The most important bit:
Development certificates belong to individuals. In your developer
account, the computer name is appended to the development certificate
name (for example, Gita Kumar (Work Mac) where Work Mac is the
computer name) so you can identify them.
...
Distribution certificates
belong to the team but only the Account Holder or Admin role can
create distribution certificates (if you’re enrolled as an individual,
you are the Account Holder).
Certificates can't be renewed (at least manually, afaik), you have to create a new one that is then used for new app updates from now on. Afaik, an expired distribution certificate won't prevent anyone from using your app, it just means that you can't export/release new versions.
Steps to create and import a new distribution certificate (check below for a possible faster way):
Close Xcode
Go to https://developer.apple.com, log in, click on "Account" (top right), then go to "Certificates, IDs & Profiles", which lists all your current certificates.
Click on the blue "+" next to the "Certificates" header.
On the next page pick "Apple Distribution" (for Xcode 11+) - "Next"
Now you have to upload a "Certificate Signing Request" (".certSigningRequest" file), more information and a screenshot can be found here:
Launch Keychain Access located in /Applications/Utilities.
Choose Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority.
In the Certificate Assistant dialog, enter an email address in the User Email Address field.
In the Common Name field, enter a name for the key (for example, Gita Kumar Dev Key).
Leave the CA Email Address field empty.
Choose "Saved to disk,” then click Continue.
Click "Continue" and download the new certificate (".cer" file).
Double-click the file, this automatically opens the Keychain Access app and imports it.
Now you can open Xcode again. To check if the import was successfull, go to Xcode - Preferences - Accounts - Select the Apple ID on the left side, then click "Manage Certiciates" in the bottom right. You should now see a new "Apple Distribution" certificate with a creation date of today.
In the same window there's also a "+" button in the bottom left that gives you a list of new certificates you can create. This might be a faster way but I haven't tested it yet.
For an additional check archive your app as usual, then, while exporting (I use "Ad Hoc"), it should show the name and date of the certificate that was used on the very last page.
On the website you can now click on the expired certificate in the list (if it isn't already gone) and "Revoke" it (red button in top right).

Related

Apple developer certs - what to back up

I'm new to iOS development. I know this has been asked so many times, but I'm still confused. We created a new developer.apple.com organization and I have invited my personal Apple ID as an admin, then registered my personal Apple ID within Xcode. From there I opened Team -> "View Details". To create the signing identities, I simply clicked "Create" next to iOS Development and iOS Distribution. Xcode did all the work and I never created a certificate signing request.
We now have a iOS Development (in my name) and Distribution (in the company name) certificates. I have created an App ID and a provisioning profile for wildcard (development) and explicit app ID (distribution).
Now my question is - what do I need to back up from my Keychain and why? It seems I can just re-download everything I need from developer.apple.com. For fun, after doing all this, I deleted the iPhone Developer / iPhone Distribution certs from my keychain, after backing them up, just to see what would happen. Restarting Xcode -> Accounts -> Team -> "View Details" -> "Download All" seemed to download the same private keys I just deleted from my Keychain, which is good.
That suggests to me it's not really important that I back those up. I've heard some say that you absolutely must back up the CSR, but since I never created one, I'm rather confused. My assumption is that Xcode automatically created a transient CSR which I have no access to. The manual CSR route also creates a public and private key pair in your Keychain, and some say to back those up for sure. Since I didn't create a CSR, I only have a cert and private key. No public key was created / registered by Xcode.
If my machine spontaneously combusts, it seems I don't need to recover anything from a backup. Just install xcode, add my Apple ID, and use Download All to retrieve the certs / private keys. Is there something I am missing? I have Time Machine backups to recover from, but I'm curious which assets I should preserve so the rest of our organization can continue to update the app should I, or my computer, vaporize.
You don't need to back up anything. Instead, if you lose your private key or other unrecoverable bits of your developer profile, you can reset everything and create all-new keys, certificates, etc. for your account and revoke the old ones.
You can back everything up if you want, and it's easy. In Xcode's Account Preferences, export your developer profile to a file and back up that file. The profile is encrypted for safety and includes things you cannot re-download from the Apple Developer Center like your private key. You can use this as a backup, and also to easily set up your developer account(s) on multiple Macs.
To export your profile, open the Accounts tab of Xcode's preferences. Click the ⋯⃝ (three dots in a circle icon) in the bottom left area and choose “Export Apple ID and Code Signing Assets…”.
(In older versions of Xcode, the icon was a gear and the menu item was “Export Developer Accounts…”).
what do I need to back up from my Keychain and why?
Nothing. In a worst case scenario everything can be retrieved / regenerated from the Member Center. Just don't forget your Apple ID and password.

iOS signing certificate issue

Anyone please help me to fix an issue on iOS signing identity issue. When i archive the product, I am getting the error"you have a valid distribution certificate in the member centre. but it is not installed locally"
I downloaded the certificate from the member centre and installed locally. But still I am getting the same issue.
I am able to solve the error by resetting the certificate from Xcode->preference->account->view details->signing identities->iOS distribution, all profiles associated with the certificate become inactive. Again, I need to activate all in the member centre and download from Xcode->preference->account->view details->provisioning profiles->download all.
But the above step causes the problem to other developers as the certificate is been revoked.
How to solve this issue without resetting the certificate from Xcode?
FYI: I am experiencing this issue in Xcode 7.3.
First make sure that you are using a Developer profile that is specific to you. If you have signed into an Apple Developer account (signed in through xcode's GUI) that is being shared by other team members then you will not be able to sign the code on your computer. Generating another p12 private key will cause the current p12 key assigned to that Developer profile to be revoked.
If you are sharing an account, go to Apple's Developer Center and add yourself as a team member. You will get an email to the address you add and then can follow the link to create an account. After you create your account generate a provisioning profile from the menu options and double click on the download once it completes.
Go back to Xcode and select the Xcode drop down menu. Choose Preferences from the list and highlight the profile you were using previously. Once its highlighted remove it by selecting the (-) option. Then click the (+) option and sign in to your new account. This should resolve your issue. Be sure to clean before building just in case.
If you are already using a distinct account that is only for you then you are receiving this error because you have changed machines and did not transfer the p12 key to your new device. You have two options now. First option is to use an external storage device or cloud service to transfer the p12 key to your new laptop. Second option is to generate a new p12 key from Apple's Developer portal. Double click on the download once it completes and it will be automatically added to Xcode.
Now return to Xcode. Choose Preferences from the list and highlight the profile you were using previously. Once its highlighted remove it by selecting the (-) option. Then click the (+) option and sign in to your new account. This should resolve your issue.
If you are still seeing this issue you can take these additional steps to purge old caches that could be causing the issue. Open the Keychain Access program on your Macbook. Find the any old certificates that do not have private keys associated with them. Certificates without private keys (p12) will not have a grey disclosure arrow next to them. Delete these and try again.

Adhoc certificate expired issue

I have receive an Expired status on the Ad Hoc provisioning certificate which i have created few weeks back. Why am i getting this issue unable to know that
Apple requires it’s developers to rebuild and redeploy their apps with a new Provisioning Profile each year. Here are the steps that you would need to follow when your profile is close to it’s expiration date so you keep your app running without interruptions:
1) Go to developer.apple.com and navigate to the Member Center -> Certificates, Identifiers & Profiles
2) Go to Certificates -> Production
3) Here you will see all your production certificates. I’m assuming most of them have or soon will be expired. So go ahead and request a new certificate by clicking on the Add (+) button.
4)On that Add iOS Certificate screen, select In-House and Ad Hoc option and hit Continue.
5)Now before we can continue, let’s open Keychain Access on you computer and generate a Certificate Signing Request by going to Keychain Access -> Certificate Assistant -> Request a Certificate from a Certificate Authority
6)In the window that pops up, enter your email address and common name.
Save the .certSigningRequest file to your disk.
7)Now go back to your browser window and upload the .certSigningRequest file which 8)you just created and click on Generate.
9)Download and open the .cer file which you just generated in Keychain Access. You should now be able to see the newly generated certificate with a new expiration date.
10)Now go back to the browser and navigate to Provisioning Profiles -> Distribution
11)Click on the provisioning profile in question and click on the Edit button.
In the certificates field, select the new certificate which you just created and click Generate.
12)Download and open the new provisioning profile (.mobileprovision) in the Organizer. You should now see the new expiring date (a year from now) on that as well.
13)Delete the old profiles to avoid confusion and rebuild your app with the new one
14)Once you’ve rebuilt the app, just install it again on all devices in question.

ERROR ITMS- 90035 invalid signature

I am trying to upload ipa on apple store but it’s giving me “ERROR ITMS- 90035 invalid signature” error.
I have followed below process.
The first step in setting up a distribution profile is to create a certificate signing request. You can do this on your Mac. Launch the Keychain Access.app that is stored in Applications/Utilities.
Then execute the following steps in yourKeychain Access application:
Select Preferences > Certificates and ensure that Online Certificates Status
Protocol (OSCP) and Certificate Revocation List (CRL) are set to Off.
Select Keychain Access > Certificate Assistant > Request a Certificate From a
Certificate Authority... and ensure that you do not have any of your certificates
highlighted, otherwise the Provisioning Portal will not accept your certificate request.
Enter your valid e-mail address in the User Email Address field. Ensure that the e-mail
address is the same as the one you used when you registered as an iOS Developer.
Enter your name in the Common Name field. Ensure that the name you enter is the
same as the one you used when you registered as an iOS Developer.
A CA Email Address is not required.
Select the Save to disk radio button and tick Let me specify key pair information,
if it is present.
Press Continue.
A dialog appears that allows you to specify where you would like the certificate signing
request to be stored.
Specify a location and select Save.
Press Continue.
The certificate is then generated and written to the file you specified under step 8.
After you have generated a certificate signing request, you need to submit your certificate for approval.
Log into the iOS Provisioning Portal that is accessible from:
https://developer.apple.com/account/ios/certificate/certificateList.action.
This link takes you directly to the Certificates, Identifiers & Profiles section of your iOs developer account. Select the "Production" tab and follow these steps:
Select the Add Certificate button.
Select "App Store and Ad Hoc" as type then press continue
On next screen press "Continue"
On next screen select "Choose File" and select the certificate you created in previous step and then press "Generate"
Remain on the same page as the one you were on when you submitted the certificate signing request, then follow these steps to download and install the certificate:
Download Generated certificate by clicking the "Download" button.
Double click the downloaded certificate to install (alternatively drag to the keychain utility)
It is important that you backup the keys you created. This allows you to develop on multiple Macs or reinstall the keys after unexpected data loss.
You can export your private keys and certificates through the Keychain Access application:
Open the application Keychain Access.app that is stored in Applications/Utilities.
Select Keys.
Highlight the private key associated with the distribution certificate.
Select File > Export Items.
A window opens that allows you to specify where you would like to save your certificate.
Select Personal Information Exchange (.p12) as file format.
Select the file name.
Select Save.
You are prompted for passwords that allow you to access the key in the future
This is the final stage and will create the distribution provisioning profile you need to use when building your iOS standalone.
Start by selecting the "Distribution" tab from "Provisioning Profiles"-
Select New Profile (+)
Select App Store as the Distribution Method.
Enter the Profile name.
Ensure that your Distribution Certificate has been created and is displayed correctly.
Select the appropriate App ID for your applicatoin
Select Generate.
Select the Download button from next to the Distribution Provisioning Profile you created.
This allows you to download the .mobileprovision file.
Double click the .mobileprovision install the Distribution Provisioning Profile on your computer.
This is the process I am using to generate ipa. Then I want to upload this ipa with application loader , But it’s giving me signing code error. Please see attached screenshot .
Please help.
enter image description here
There are several reason for such type of error comes.
First of all you need to refer this Troubleshooting Failed Signature Verification
After above guide, you need to check all steps which write in the images like .
1) Make sure you have signed your application with distribution certificate not adhoc or development certificate.
please check what certificate you have used? follow this link
How to tell what profile/signing certificate was used to sign .ipa?
or this link also helpful for you
Maintaining certificate
2) you need to check your codesigning portion(=>provisioning profile) that all certificate selected correctly or not and also check bundle identifier in plist.
Note:- you need to set it at both place -> project and -> target
and at last last check that in all process you have selected [IOS Device] in place of [Simulator]
to check full process please check Submitting an App to the iOS App Store (Xcode) this video.
I had emojis in some filenames in a React Native app. After removing emojis now everything works.

iOS Provisioning and Certifcates - Will Revoke/Renew effect App Store Apps?

While working on a new version of one of my apps Xcode told me today, that it cannot run the project any more because the development profile has expired.
The organizer shows for all development profiles "Valid signing identity not found" and for all distribution profiles "Profile has expired".
Of course it is not a suprise that profiles expire. In the past all I had to do was a click on "Renew" but this does not work any more. After entering user name and password for my Account Xcode shows the error message "No value was provided for the parameter 'certificateIds'"...
What can I do?
Instead of using the Organizer the directly visited the Provisioning Center webpage. There are two entries within the section "iOS Apps/Certificates/All":
1. "My Name iOS Development Expires: Mar, 17 2012"
2. "My Name Development Expires: Mar, 19 2013"
A click on one of the certificates show option to "Revoke" or "Download" certificate. There is also a "+ Button" to create a new Certificate but the option "iOS App Development Sign development versions of your iOS app." is deactivated.
In the section "Provision Profiles" all development profiles are marked as "Active" and all distribution profile as "Expired". Only "Edit" and "Delete" options are available while a "Renew" option is missing. The "Edit" option shows the profile details and "Generate" button. I would assume that "Generate" creates a new version, but after pressing the button only a progress indicator is shown which comes to no result. After I reload the page the status is unchanged.
So, there are no options to renew the existing certificates and profiles (are there?). Thus I have to create new certificates but - as described - this option is grayed out. I Assume that I have to delete / revoke the existing certificates first. A click on "Revoke" shows a very explicit warning: "Revoking this certificate will invalidate it and any related services or provisioning profiles that use this certificate may be affected."
I am afraid that revoking the certificate might effect my existing app in the App Store - that the app might be removed from sale because the certificate they are based on was deleted.
Of course this is a scenario I would like to avoid. Does anyone know for sure what happens when using the Revoke option for an existing certificate. Does this even effect App Store apps?
Thank you very much!
For App Store apps, you don't need to worry. The signing information on app store binaries is only used for the initial validation to ensure it came from you. Once it has been uploaded the binary will be transformed and resigned with Apple's private key, encrypted with Fairplay, etc.
This means revoking your distribution certification will not affect live apps. You only need to worry if you have an enterprise account.
No, revoking certificates does not affect apps already on sale. For that matter it won't even affect apps submitted for review. (We had renew a certificate while an update was in review. No problems at all)

Resources