About a week ago our Apple Distribution Certificate expired. XCode detected this the next time I tried to send an app to Apple, and offered to generate a new certificate.
This process works correctly and the certificate is generated. However, when we try to use it to send the app to Apple, we receive a message saying that the private key is not in our Keychain. As this is a newly generated certificate, the private key is generated at the same time (I exported it) and I have tried installing it manually into the keychain on both 'login' and 'system' but nothing seems to work.
I have checked Distribution certificate / private key not installed and tried some of their suggestions:
Logging into developer.apple.com and revoking all old distribution certificates
Removing old certificates from Preferences -> Accounts -> Manage Certificates (I've also tried clicking the '+' icon and generating a new distribution certificate - this gets added underneath the earlier one)
Restarting XCode and the apple machine
Deleting older private keys in case they are interfering.
Is there something I'm missing? A lot of the guides seemed to suggest that generating a new certificate would be the way to go, but it just doesn't seem to 'link' with the private key it generates at the same time.
Many thanks.
EDIT: I am not alone in this it seems: https://developer.apple.com/forums/thread/671484
Just in case anyone sees this in the future, I managed to resolve the issue by manually signing the app as I'm sending it to Apple.
After lots of investigation, I realised for some reason that XCode was creating two versions of the new Distribution Certificate, one that has the private key and one without. When attempting to send to Apple, it was defaulting to the version without the private key. I switched the signing to manual (and downloaded a manual provisioning profile) so that I could select the correct Distribution Certificate that has the private key installed.
Trying to submit my app to TestFlight. I am getting stuck with a missing private key error. What's weird is that the private key does exist. I can see it in KeyChain. I've only ever used one Mac for development, so it's not like I need to get it from another machine.
I tried revoking the cert and deleting all the Apple Distribution certs/keys from my Keychain. Then I went through the Distribute App process again. Xcode offered to generate a distribution cert for me. I did that. Does it appear to have created two of them? One looks normal, but the second one is grayed out and says "Not in keychain".
The "missing private key" error says I have one Apple Distribution certificate but its private key is not installed. Contact the creator of this certificate to get a copy of the private key.
I've looked at a bunch of discussion posts and StackOverflow posts about this, but nothing seems to apply to my specific issue. At least, I tried all those techniques and nothing seems to work.
This is the image of Xcode signing certificates
Xcode signing certificates:
App distribution while uploading on App Store:
I had the same problem and after a frustrating afternoon I got round it using manual signing as per a post I found over on the apple forums. When manually signing I chose to use the existing iOS dist cert instead. Not tried with the apple dist cert that auto signing was trying to use.
iOS Distribution: Missing Private Key
Mine too is an app that's only ever been distributed from this Mac. The first hint of trouble was a message saying there was no distribution certificate so I accepted when Xcode offered to create one. After that it was just as you showed in your screenshots .. one greyed out, one looks ok. Private key is listed in Keychain Access but still get the message in Xcode when trying an ad-hoc build on Mojave, Xcode 11.3.1.
Every time trying to submit but some result. Like this
ERROR ITMS-90034: "Missing or invalid signature. The bundle '****.******.****' at bundle path 'Payload/APP_NAME.app' is not signed using an Apple submission certificate."
Everything looks fine, we click submit, it goes to validate, and starts to upload to the app store. Then at the very last second ,the error pops up no matter what we've done to try to fix it.
Tried following steps to.
1) Tried to make just new app and upload ( With this excluded depending from any framework or source and any settings) - some result
2) Tried to remove account from Xcode->Preferences->Account (Remove account) and then add again.
3) Tried revoke certificate make again and then refresh provisioning profile
4) Tried to make app zip and upload from Application Loader
5) Tried to make IPA
6) Make change in Keychain Access for related Certification Authority certificate from "Always Trust" to "Use the system default".
7) remove all certificates and provisioning profiles and add again.
The build is valid
Some Error for every time, when trying to upload for submission.
Error from Application loader.
Error from Organizer.
Has anyone been able to work through this or a similar issue, and can you help?
I have just got the same issue. I have restarted XCode and it works like a charm!
I have not changed anything and it was working an hour ago; therefore, I did not spent any time on keychain. I have simply restarted XCode and it has worked.
If the problem still persists, then I recommend you to Go to Keychain Access, delete all the expired certificates, and add the corresponding valid certificate.
you can try... Make change in Keychain Access for related Certification Authority certificate from "Always Trust" to "Use the system default".
This do the trick for me!
I got the same issue today. My app was sent successfully, but after 10 mins I got an email. with this Error ITMS-90034. As result, I started to check If my profiles are expired and etc. Everything was fine. So maybe after few hours I just sent a new archive, and it was successfully uploaded. I guess it was related to the apple side.
I have resolved this many times:
check AppleWWDRCA certificate if expired or not.
check fields for always trust by double click the distribution certificate in keychain.
I was using another distribution certificate from same name with another expiry date.
update/delete previous distribution installed certificate
It works for me in few days ago. But, Today 2016/2/22, I use the same step to do all of setting not change after one day work still can't upload to App store. I don't know whats going on. Does anyone has solved this problem.
Finally, I find a good solution to solve this issues first download and install the new WWDR intermediate certificate (by double-clicking on the file). deleting the expired certificate from keychain . Then all of problem is solved. Here for reference Xcode 7 error: “Missing iOS Distribution signing identity for …”
I have two certificates with same bundle identifier. One was revoked and one was valid.
I deleted the revoked one and it worked for me.
Reason of Error: Compiler could not figure the correct certificate (unknown).
This issue can be raised because of distribution certificate with private key not present in the keychain or revoked from apple developer account.
We can fix this issue by two ways :
Create distribution certificate on apple developer account. download it and add it in keychain. Make sure this certificate is added in login section with private key.
If distribution certificate is already created on any other machine that time you can take distribution certificate with private key by selecting distribution certificate and private key, export both items to specific destination path. After take that certificate and add it in keychain.
Happy Coding ...
For me the problem was the Signing Certificate at the MyProject -> Signing & Capabilities -> Release page differed from the common name of the Distribution certificate at the Organizer page.
The common name could be found in Keychain Access by a right click at a certificate name and then get info.
Go to Keychain Access, delete all the expired certificates, and add the corresponding valid ones.
i was facing same issue, i was selecting Automatically Signing on xCode and manually distribution certificate at uploading time.
then i tried manually certificate on both places.(Xcode and TF.) Now it's working fine.
the solution is to generate a provision profile again, from the apple developer page.
Make sure you're using the same profile in Signing and Capabilities either the one you're in Product -> Archive.
Checking that worked for me! I use manual signing and didn't realize I had different profiles.
https://developer.apple.com/forums/thread/133781?answerId=423098022#423098022
I recommend to revoke all certificates you have duplicated in developer.apple.com account under certificates, I kept my distribution certificate.
Make sure to revoke all other distribution or development certificates associated to your name.
Go to Xcode and submit it again, with letting Xcode automatically sign it.
This is specific to Trigger.io.
When trying to upload my application through Application Loader, I am getting the error: "Application failed codesign verification. The signature was invalid, contains disallowed entitlements, or it was not signed with an iPhone Distribution Certificate."
I'm very certain, I'm using the correct certificate (i.e. the distribution one, and not the development one). Actually, I'm 100% sure I'm using the right certificate.
That leaves me with signature was invalid or contains disallowed entitlements.
Has anyone encountered this while trying to upload an IPA created through Trigger.io?
I have the latest Xcode & Xcode command line tools on my machine. I am getting this error when I create builds on both Windows and Mac OS.
Any help would be appreciated.
NOTE: While I love Trigger.io, I'm about ready to abandon it due to the hassles I'm running into trying to upload my app.
I think the root cause here was that I was using an incorrect version of XCode (and Application Loader), that had me trashing with provisioning profiles, App Ids, and certificates.
Via the iOS Provisioning Portal, I ensured that the distribution provisioning profile was active, I was using a non-wildcard App ID, and that the distribution certificate was active. Once I cleaned house, and recreated everything, it finally worked.
I do think that I only saw this problem because I was using the wrong version of XCode and Application Loader.
I got this issue when accidentally archiving using an iPhone Developer code signing identity, instead of using iPhone Distribution.
I.e. exactly as the message says, I did not use a distrib cert.
What I am having in Provisioning of the account is
Then I am downloading both of them and drag into Organizer/Library/Provisioning Profile. However, I am always getting these status
What I am missing in the middle..Please advice on this issue.
This issue occurs when your private keys for your iOS development certificates are absent on your machine. This occurs for example if you have installed XCode on a new machine.
Apple provide steps by steps instruction here for this kind of error.
This issue has been resolved already on another post where you will see you have two possible solutions:
The easiest consist to transfer your development profile from your old machine to your new one.
Revoke and generate a new development profile by generating a new Certificate request with Keychain