I am trying to prepare an iOS app for distribution on test flight (and eventually on the app store).
The Apple developer account admin has sent me the .cer file and the .p12 private key (which they just created). I have added both to my keychain.
Inside of xcode organizer, I select the app and hit validate. I then subsequently select "Automatically manage signing" and hit next.
I am then presented with 4 errors.
This request is forbidden for security reasons. You do not currently
have access to the membership resource.
No signing certificate iOS distribution found. No "iOS distribution"
signing certificate with ID blah with a private key was found.
Team "my team" does not have permission to create iOS app store
provision profiles. Select a different team and try again.
No profiles for [my bundle id] were found. XCode couldn't find any iOS
app store provision profiles matching [my bundle id]
I was under the impression (from what I have read) that having both the distribution cert and the private key in my keychain would be sufficient to distribute the app.
Related
I have iOS distribution certificate(p12 and private key files) from another developer.
How can I sign my app with this cetificate? I install it my keychain and now I can select right signing identity in xcode build settings tab, but can't select provision profile and development team.
What am I missing?
I have a certificate that was sent to me (Cert A). I am trying to export a .ipa from the organizer in xcode 8. I have set the application for manual signing and xcode recognizes Cert A. However, when I go to export, it gives me an error saying "No matching provisioning profiles found." This is after I select "Use local signing assets." The profile I am attempting to sign with was sent to me so it's not associated with my personal developer account (Cert B). When I try to export using Cert B, it works fine. So my question, in multiple parts, is how do I export using the provisioning profile (Cert A)? Do I need the team log in and add to accounts preferences? Is there another way for me to export the .ipa that would allow for the Cert A to sign the application? The Bundle ID is correct as well.
When signed with a certificate which is not included in the provisioning profile, still app is able to install successfully on device,how ?
I have two wild card signing Identities
A
B
I created provisioning profile with Signing identity A
Now from command line i resigned it with B using the same provisioning profile.
App getting installed successfully, how ?
You need to understand that in order to run an app on an iOS device, you just need a valid provisioning profile.
You have two wildcard provisioning profiles, so technically both could work. However, you state that your provisioning profile was created with Signing identity A. First, confirm that your provisioning profile has only the Cert for identity A selected. Technically, a provisioning profile can be valid with multiple certificates.
If you confirm that your profile is not associated with the cert for signing identity, meaning the profile should not be valid if you signed the app with identity B, the other likely reason is that you already installed the app (or some other app) using the profile and signing identity A. If that is the case, there is a valid provisioning profile on the device that says your app should be allowed to run. I posted some more details about scenarios where the provisioning profile packaged with the app may be invalid / expired / etc. but the app will still run on the device in this post.
If you are expecting to use the code signing / provisioning profile to keep an app from successful install, you should have a dedicated, explicit bundle Id in your provisioning profile, along with a certificate specifically for that app ID. Then you can expire the profile and revoke the cert when you need to prevent the app from running on devices.
Edit: To check if this is due to an existing provisioning profiles, open Xcode, go to Window->Devices Right click on the device in question and select "Provisioning Profiles", like this:
If you want to try it out, you can remove all the provisioning profiles from the device and try to re-install. If you really only have a provisioning profile that is configured to accept the signing identity A, and you sign the binary with signing identity B, it should not work.
I made an app and am trying to upload it to iTunes Connect. I have a certificate installed, development certificate and distribution certificate...see picture..
...But, somehow, when I am trying to archive the app in Xcode to binary, it reports an error:
All my certificates are valid, but it's still complaining about distribution certificates,
What am I missing?
You don't appear to have a distribution profile (only a developer profile -- in organizer). You appear to have a distribution certificate, but no profile. You must create a distribution profile for your app. You can do this in the portal.
Did you generate the certificate on your own Mac? The certificate must match a private key in the keychain. If not, revoke the existing certificate and create a new one. You will have to perform the signing from Apple again.
I'm a contract developer, and have an app to be distributed via the client's Enterprise account.
I've worked with other clients on Enterprise accounts, but for some reason, the "iPhone Distribution" certificate that I've added to my keychain for this client does not appear in Xcode Organizer.
When I import a mobileprovision for the app, Xcode complains there's no valid key pair.
The client has added me to their account; can only the developer who created the Enterprise Distribution certificate import it to a keychain? If I create a new distribution cert (not profile), does that invalidate the existing cert (used by other apps I have not worked on?)
You will need the person who created the certificate to export it from their keychain. The certificate you download from the provisioning portal is a public key and does not contain the private key.
From Apple Tech Note about Code Signing
Note: In the case of missing Private Keys for your certificates,
Automatic Device Provisioning can restore your certificate to the
keychain, but not the missing private keys.
Transferring Your Identities Once you have a healthy working code
signing configuration set up it is recommended that you follow the
steps in section Transfer Your Developer Profile to Another Computer
of the Xcode 4 User Guide to create a backup of them. The backup can
be used to restore your working code signing configuration from
hardware failure, or to enable code signing on additional Macs,
partitions, or OS X user accounts of your choice. The backup
(.developerprofile file) once created contains all of the following
items:
all iPhone Developer certificates in your keychain all iPhone
Distribution certificates in your keychain all Provisioning Profiles
in the Xcode Organizer > Devices tab > Provisioning Profiles section
under "Library" Note: While creating the backup of your identities you
will be asked to enter a brand new password. Be sure to remember as
you'll be asked to enter that password later to use the backup for its
intended purposes.
Tech Note TN2250