I am trying to upload a signed ipa file to the app store but I keep receiving an error message saying:
ITMS-90035: Invalid Signature - A sealed resource is missing or invalid. The file at path [Inuttut.app/Inuttut] is not properly signed. Make sure you have signed your application with a distribution certificate, not an ad hoc certificate or a development certificate.
I'm building the app with Cordova/Ionic 3. I have a valid Distribution signing certificate and provisioning profile for the app. I have triple checked that the bundle id is correct, and I have also set the Xcode build to use the legacy build.
One thing that has me wondering is that when I'm in Xcode and select "Automatically manage signing" it sets my signing certificate to iPhone Developer instead of iPhone Distribution. Signing the app this way and uploading it produces the same error as unchecking "Automatically manage signing" and manually selecting the iPhone Distribution certificate.
I found the problem. Frustratingly, it had nothing to do with my distribution certificate or anything like that, so kudos to Apple for the wild goose chase. It was simply because I have some assets which have non-ASCII characters in the filename. This is exactly the kind of linguistic bias that makes developing software for non European languages difficult. In any case, I recommend looking for any files like that - hopefully my pain and suffering over the past few days will help somebody else.
P.S contacting Apple directly was a fruitless and infuriating experience, so don't bother.
I have the same problem, and fix by suggestion in your answer. But I want to provide some more detail to make it more clear
For me this problem was fixed by changing Product Name from our local unicode name to ascii english name
Keep in mind that Product Name differs from Display Name which is displayed below app icon as your app name. So don't worry about changing Product Name requires change your app name, just choose an ascii name and error gone
Related
I am attempting to complete my app build in Phone Gap to create an IPA file for App Store submission. However, I am constantly running into:
"Error:certificate doesn't match profile the default keychain doesn't have an identity matching"
...and I am clueless on how to fix this or what the problem is really indicating. This is my first app build, I created my certificate and mobileprovisioning file in Apple Developers account. I have successfully generated a p12 file from my distribution certificate.
I have been searching the web for days and Phone Gap's forums and even the link of "fix this error here, which takes me to a page that offers no real help, or that which I can make sense of. The information is simply not explicit enough to me to let me know what I need to fix. I've followed the tutorials and examples of certificate generation to a T, but I am stuck with this error time after time.
I simply do not know what the error is stating. I do not know what is the "profile" nor what is meant by "...The default keychain doesn't have an identity matching"
Please can someone let me know what exactly this is telling me so I can begin to know how to fix it?
Thanks
iOS certificates are notoriously difficult. What is most likely happening here is that there is a mismatch between the type of certificate (p12) and the provisioning profile - development or distribution. Meaning, you must use a development cert with a development provisioning profile, and same with distribution.
Steps (start from the beginning to ensure that there's not a mismatch):
Ensure that XCode and MacOS are updated to the latest version.
Extract the distribution certificate from Apple Keychain. Expand the iPhone Developer certificate entry, then select both items - the certificate and the private key together. You can do this by selecting the certificate first, then holding the command key and clicking on the private key. Next, right-click and choose the "export two items" option. You'll be prompted to save the export as a p12 file.
Back over in Apple Dev site, create a new iOS provisioning profile. Choose "Distribution, App Store" as the type.
Upload both to PhoneGap Build and rebuild.
I always get an email from apple about an Invalid Signature when I try to upload my archive. I tried using automatic signing first, changed it to manual then. Deleted all old certificates, cleaned the project, recreated certificates + profiles from developer portal. Still no success.
I did the code signing settings on the target level as well as the project level. I also have no special character in the Product Name.
I also checked the output of the codesign/security commands like it's described in this answer
Does anyone have an idea what else to try? I also contacted the apple support yesterday and I am waiting for an answer.
The email content:
Dear developer,
We have discovered one or more issues with your recent delivery for "Bier brauen Bier Rezepte". To process your delivery, the following issues must be corrected:
Invalid Signature - A sealed resource is missing or invalid. The file at path [Bier brauen Bier Rezepte.app/Bier brauen Bier Rezepte] is not properly signed. Make sure you have signed your application with a distribution certificate, not an ad hoc certificate or a development certificate. Verify that the code signing settings in Xcode are correct at the target level (which override any values at the project level). Additionally, make sure the bundle you are uploading was built using a Release target in Xcode, not a Simulator target. If you are certain your code signing settings are correct, choose "Clean All" in Xcode, delete the "build" directory in the Finder, and rebuild your release target. For more information, please consult https://developer.apple.com/library/ios/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html
Once these issues have been corrected, you can then redeliver the corrected binary.
I will add my 2 cents here, I had the same problem a few days ago, and the reason was that I had in my assets a file with an accentuated character "é" in one of my assets files causing the binary check to fail.
Once removed the invalid signature error was gone, and the binary was validated by apple.
More info: Avoid special characters in Executable names
After a lot of debugging I just created a new ionic project via cli and copied my src folder into it. So some configuration was messed up. Can't tell which one.
Try to verify your app and display names again (it should be same) and make "Signing" again.
I found this info in this blogpost.
We currently have an Enterprise account with a Distribution Certificate installed with a Distribution Provisioning profile (which contains a wildcard app ID for all of our apps). They are installed on our machines correctly, and each target points to the correct profile. We've been trying to get applications to install correctly, but it only likes devices that have been included in the registered device list in our provisioning portal. These devices happened to be included through Xcode. I understand that with an enterprise license, the requirements of having the device in the portal via UDID is not necessary, and it should allow for distribution to devices within the company. We have about 10 targets with different bundle identifier suffixes, but conform with our distribution wildcard profile. We have included an entitlements.plist file that has the following key/values:
get-task-allow: NO
application-identifier: $(AppIdentifierPrefix)$(CFBundleIdentifier)
keychain-access-groups:
Item 0: $(AppIdentifierPrefix)$(CFBundleIdentifier)
Everything compiles correctly and code-signing works, but trying to distribute the app through the air to other devices returns a 'Unable to Download' error. We run CI and we have a script that compiles and code-signs everything, and then generates a webpage with all the apps so users can test them out. The distribution provisioning profile is set to 'In House' and is signed with the certificate we're using.
Any suggestions?
Figured it out. Seems like everything was set correctly, we just had an old, lingering distribution profile that was used in our script. That profile would embed with the apps and hence wouldn't work.
We have just configured a setup very similar to what you are describing. We wanted to use a wildcard provisioning profile for OTA distribution of several apps with different app ids, without the need to specify device UUID's in the provisioning profile.
While we quickly got it working for an iPad app, I spent to great a part of my life, wondering why I couldn't make it work for an iPhone build. I was faced with the same annoying "Unable to download" error, and no clue of any kind in the device logs as to what might be wrong.
It turned out, that the problem was with my .plist file, which contained a wrong reference to a 512px icon. A 512px icon which isn't even used, but having a non-existing URL in the .plist was enough to break the whole OTA installation process. I simply ended up removing the "full-size-image" section from my .plist, and now it works like a charm!
What is the difference between these two screenshots?
and
update: When I uploaded my app on the appstore I got invalid binary. I am trying to find a solution.
Well, in the first one you're telling it that the default behavior is to not code sign, but the behavior on "Any iOS SDK" is to go ahead and code sign after all. In the second you're telling it to always code sign. However, since "Any iOS SDK" covers every compilation you're ever going to do on an iOS project, the former is effectively equivalent to the latter in practice.
You are asking the wrong question.
The Debug and Release Targets are not meant for App store submission. You want to create a Distribution Target, which is usually a clone of your Release Target, except with the Code Signing Identity changed to being your Distribution certificate and Distribution provision file instead of your Developer certificate and provision. You might also want to make sure to Validate your Distribution build before trying to upload it.
For submission to the App Store via iTunes Connect, you need to sign your app with a Distribution Certificate, not a Developer Certificate.
Follow Apple's step by step guide. It walks you through the whole process even with screenshots.
I am trying to update my application , but after uploading the binary , Itunes connect sends me this email :
Dear Developer, Thank you for your
recent binary submission for "MY APP"
to the App Store. Unfortunately we
discovered an issue with your binary
that you will need to correct in order
for your application to proceed to the
review stage. The specific issue is
outlined below: Invalid Signature -
Make sure you have signed your
application with a distribution
certificate, not an ad hoc certificate
or a development certificate. Verify
that the code signing settings in
Xcode are correct at the target level
(which override any values at the
project level). Additionally, make
sure the bundle you are uploading was
built using a Release target in Xcode,
not a Simulator target. If you are
certain your code signing settings are
correct, choose "Clean All" in Xcode,
delete the "build" directory in the
Finder, and rebuild your release
target. Once you have corrected the
issue, please return to the
application's version details page in
the iTunes Connect Manage Your
Applications module and click on the
Ready to Submit Binary button. This
will take you through the binary
submission flow and return your
application version status to Waiting
for Upload. You can then use
Application Loader to upload your new
binary. If any other issues are found
with your submission you will be
contacted. Thanks, The iTunes
Connect Team
I am sure that my binary signed application with a distribution certificate NOT AD HOC !!!
what is your suggestion to solve this problem ! I NEVER HAD THIS PROBLEM !!!!!
I download the app distribution CER again but nothing change ! I have 6 apps on app store and never faced with this
Note that this QA is incredibly old. Apple have largely ameliorated this problem. Enjoy.
99 times out of 100, here is the problem:
Select "TARGETS", not "PROJECT"
Click on the name of your project at the Top Left of the main XCode6 window. (ie, just above where it probably says "Classes".)
Look at the large area which opens. Carefully look at the WHITE COLUMN ONTHE LEFT.
Choose "TARGETS" ... rather than "PROJECT"
Then, correctly set your certificate to the 3rd party Mac Developer cert.
I had the same message appear from Apple, and selecting "targets" not "projects" when setting code signing identity did NOT resolve my issue.
Turns out, as the last step of submitting the app to the store (via XCode4's Organizer panel - Archives tab), I was presented with a dialog sheet that showed the distribution certificate it was going to be submitted with, which was DEFAULTING TO A DIFFERENT DISTRIBUTION CERTIFICATE I had in my keychain - and NOT the valid certificate that I'd signed the app with!
Once I manually selected the correct distribution certificate in this last step of app submission, it went through fine. (I also opened up my Keychain Access app and deleted the offending distribution profile, that I didn't have any use for anymore).
A main point I'd like to offer is that Archive Validation (or submission thru App Loader) is supposed to identify the signature problem before sending the application to iTunes Connect. This is a first indication that the problem is related to a developer tools error.
Having witnessed this problem with multiple developers strengthens that hunch. In my experience the "Invalid Signature" diagnosis is not caught during client side validation as a result of a bug in older versions of Xcode. Devs simply update their OS X to 10.7.x, plus Xcode 4.2.1 and with no change to the project or code the app is ingested into iTunes Connect without issue.
Keep it in mind for others experiencing this problem...it's especially common on Snow Leopard with Xcode 4.0.2, 3.2.6 or less.
Apple's new publication touches on this point, see iTunes Connect Store - Binary Rejection emails - Invalid Signature.
I had exactly the same problem, checked everything but couldn't find any issues.
Problem ended up being because my project was stored on a FAT32 USB stick! Copied it to my Mac and everything worked perfectly after that.
Hope this helps!
I got the same problem and spent many evenings solving it!
For my app the problem was a question mark in the executable name. In the apple developer docs is noted you can't use special character in executable name but not which ones are allowed.
I changed the executable name in build settings and the upload works!
I have been battling this issue for almost a week! For me, it turned out that the Error email from Apple was completely wrong and misleading. (I knew that all of my certificates and code signing settings were in fact correct.) It turned out, that my app was getting rejected because there was an exclamation point (!) in the name. Apparently, only alphanumeric characters (A-Z, 0-9) and dashes are allowed for the product name. (Characters like ?#$% are not allowed.)
The Fix:
1.) Click on the blue project icon on the left panel in Xcode.
2.) Click on the build settings tab.
3.) Select the current target from the menu. (It's right next to the blue project icon.
4.) Scroll down until you see the "Packaging" Category.
5.) Find where it says "Product Name" and change it to a name that does not contain any special characters.
I hope this helps! Sorry I had to red-out my company info!