Provisioning profile includes newer version of signing certificate - ios

We have already published an iOS App in the AppStore. When we try to update the App, We identified that the Signing Certificate and Provisional Profile are expired. One of my team mate recreated a PROD certificate and gave me the .p12 file. I updated the expired Provisional Profile in Apple Developer center with the new Signing certificate and configured the .p12 file in AppCenter with the newly updated Provisional Profile. But AppCenter throws an exception "Provisioning profile "XXXX" includes newer version of signing certificate "XXXX"
Not Sure how to solve the issue. Any Help is appreciated.
Tried SO search, can't find anything relevant.

I just had a similar error when I was building an iOS app with App Center.
My problem was that when I exported the P12 I didn't export the keys correctly, either didn't include the key or I selected the wrong key. Similar to the photo below:
In order to fix this issue, you need to do the following:
Go to your Keychain Access
Select login keychain
Select My Certificates tab
If you haven't imported your .cer certificate into your keychain yet, then you need to import it. You can do that by dragging your .cer file into the keychain and entering the password. What I also did is remove the imported certificate and re-imported it.
Now that it's imported, you need to export the certificate as P12 format, in order to do that you need to select the certificate and it's key (important) just like in the image below
Last, you need to right click the selected certificates -> click Export 2 items -> Select save location -> Enter Password -> That's all.
You should be able to use the P12 certificate and creating builds.

Related

Why is my iOS Distribution Certificate 'Not in Keychain'?

So I created a distribution certificate and provisioning profile etc, and when I went to Xcode and checked my account preferences and chose Manage Certificates, it originally had no problem. Now, when trying to upload my app to the store, it is grey and says, 'Not in Keychain'. Just to add, when I clicked download on the Apple dev site for the distribution certificate, I did not get the popup that asks you to 'add' to keychain even after clicking on my download. Is that what's wrong? How do I get that popup? How can I fix this? thanks.
Apple will not store your private key on the developer platform. You will always have to keep the private key in your keychain or some other safe place. If you see the message "Not in keychain" in the "Manage Certificates..." dialog of Xcode's Accounts preferences, it means that there is no copy of the certificate including the private key in your keychain. Do you have another account from where you can retrieve it? Then export from the keychain there and import it here where you need it.
1,从Appledevelop 主要账户下载cer证书文件,运行安装
2,在钥匙串中找到证书导出.p12文件
3,下载需要的. mobileprovision 文件
4,放到目标Mac上运行这里两个
5,文件要在钥匙串 '登录目录下'
(* 选择钥匙串登录再运行.p12文件)
Download the CER certificate file from the appledevelop main account and run the installation
Find the certificate export. P12 file in the keychain
Download the required. Mobileprovision file
Put them on the target Mac and run these two
The file should be in the "login directory" of the keychain
(* select the keyChain string to log in and then run the. P12 file)

Private key missing when installing certificate on Keychain Access

I need a private key p12 file in order to generate a PEM file for push notifications.
I found in many places the steps to create the file, but I always have the same problem on the final step:
Open Keychain Access on my Mac. Within the Keychain Access drop down menu, select Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority. This generates the CSR.
Login into my developer account. Create an unique Apple ID for my application, with push notifications selected (Certificates, Identifiers and Profiles > iOS Apps > Certificates > App IDs).
Open settings for the newly created appliction's id. Go to "Push notifications" and create an "Production SSL certificate". Upload the CSR when it ask for it.
When it finishes download the .cer file.
Double click on the certificate file to install it on the "Keychain Access" app.
Select the private key item under the installed certificate and right click to export it into a p12 file.
Here it´s an screen shot of what i see.
But I can not find any private key item under the certificate item.
Please I really need someone to help me.
Thanks for your patience.
I just got a similar problem looking for apns certificate so here is the solution if someone else need it : APNs certificate missing private key when generating with custom keychain
Just drag and drop the certificate currently in the "System" keychain into the "login" keychain and you will get your certificate with its associated key in the "login" keychain.

Redownloading iOS development certificates

I was getting a 'Valid signing identity not found' warning on my provisioning profile in xcode, so I kind of got lost and ended up deleting my certificates.
The certificates are still on the portal, but when I download the .cer file it still presents the same valid signing error. When i check in Keychain access, the certificate is there, but its in 'Certificates' and has no drop down menu with the key icon and name
Im very confused.
Within Keychain access - is my certificate supposed to appear in 'My Certificates' or 'Certificates'
From my position, how would I go about re-installing this certificate? From this tutorial his certificate is in 'My Certificates' not 'Certificates' and has a dropdown with his name. Why dont I have this? Is this what I should have? I've read multiple guides on how to install these certificates but nothing seems to be working.
Login to Apple Developer Portal, regenerate the certificate if needed and donwload it again (you can use the certificate signing request you've used in the past (.csr file uploaded in order to generate the certificate)).
Any provisioning profiles with that certificate should be regenerated and downloaded again.
If you are using Xcode 5, you can try going to the Xcode Menu > Preferences > Accounts > View Details and then click on the "+" button.

missing private key in the distribution certificate on keychain

I have the following problem which I could not find a solution for anywhere. Basically, we have a company developer account (not enterprise) and so in order to submit our app, I requested from our team lead to send me the distribution certificate and create and send me a distribution provisioning profile.
With the developer profile, everything works good, but when I installed the cert and the provisioning profile, I did not see the distribution profile on Xcode, and nor do I have a private key under the dist cert in the keychain.
Does anyone know how to solve this? I read in diff places that I will need to revoke the certificate and create a new one, but I can't really do that since we have a bunch of apps in the company and I can't revoke it for everyone.
Ahh this is a common issue, The solution is simple:
Who ever created the developer credentials originally needs to go to the keychain on their computer and right click on the key(s) for private and public and export the key to a file.
Then you just download that file on your computer and open it, and it will be added to your keychain.
You need to have both the private key (.pem file) and the certificate for your provisioning profiles.
As long as you still have access to the mac which was used to generate the original distribution certificate it's very simple.
Just use that mac's Keychain Access application to export both the certificate and the private key. Select both using shift or command and right click to export to a .p12 file.
Attached a screenshot to make it very clear.
On your mac, import that .p12 file and you are good to go (just make sure you have a valid provisioning profile).
To add on to others' answers, if you don't have access to that private key anymore it's fairly simple to get back up and running:
revoke your active certificate in the provisioning portal
create new developer certificate (keychain access/.../request for csr...etc.)
download and install a new certificate
create a new provisioning profile for existing app id (on provisioning portal)
download and install new provisioning profile and in the build, settings set the appropriate code signing identities
Delete the existing one from KeyChain, get and add the .p12 file to your mac from where the certificate was created.
To get .p12 from source Mac, go to KeyChain, expand the certificate, select both and export 2 items. This will save .p12 file in your location:
For person who are afraid on re-creating AppStore distribution certificate Apple documentation says:
Important: Re-creating your development or distribution certificates
doesn’t affect apps that you’ve submitted to the App Store nor does it
affect your ability to update them.
But it affects apps for Apple Developer Enterprise ecosystem.
I lost hours and hours to resolve this issue, but it's fixed by just restarting MAC...
In my case, I've lost all private keys in my keychain, new ones were imported correctly, but doesn't show the private key as well. The only thing that helped was generating new CertificateSigningRequest
After you changed a Mac which are not the origin one who created the disitribution certificate, you will missing the private key.Just delete the origin certificate and recreate a new one, that works for me~
When I try to upload iOS build to test flight then error was appear.
"Missing privacy key".
Just 2 step for fix this error.
Remove old certificate from developer.apple.com
Create new certificate from Xcode or developer.apple.com
My problem has been solved (I am using Xcode 9.4.1).
Please check, Xcode created new certificate.
If you are creating your own Distribution cert, not using someone else's then this could help.
Spent quite a bit of time on this today, issues from not being able to create a SigningRequest to generating a distribution cert and not having it attached to my private key in KeyChain Access. These steps helped solve this for me.
If you are still having issues, revoke your current cert and start fresh.
Creating a new signing request
The Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority is actually contextually aware of what you currently have selected when you launch it. Just to be sure that you aren't accidentally skewing your Request with some random selection, go to your Login Items and select the Apple Worldwide Developer item. Then launch the above Request and create the CertificateSigningRequest.certSigningRequest file.
Go to Apple Dev portal, add new distribution certificate, upload your CertificateSigningRequest.certSigningRequest file and download the newly created distribution certificate.
To import the distribution cert into your keychain, instead of just double clicking it, I recommend opening your keychain, go to "login/Certificates" area and drag and drop the cert here.
I had an issue where my cert would auto-install into the System area, instead of the login area where my private key existed and this caused my key not to be linked to the new cert.
At the Menu > Visual Studio (mac) > Preferences > Publishing > Apple Developer Accounts > [Select your apple id] > View Details > Create Certificate
To delete unused/invalid certificates, go to website: https://developer.apple.com/account/resources/certificates/list
delete any unwanted certificate there
Next is to create App ID (identifiers), go to website:
https://developer.apple.com/account/resources/identifiers/list
Next, go to website to create provisioning profiles:
https://developer.apple.com/account/resources/profiles/add
use the certificate to bind with your app id.
Next is to download the profiles:
At your mac > At the Menu > Visual Studio (mac) > Preferences > Publishing > Apple Developer Accounts > [Select your apple id] > View Details > Download All Profiles
I got into this situation ("Missing private key.") after Xcode failed to create new distribution certificate - an unknown error occurred.
Then, I struggled to obtain the private key or to generate new certificate. From the certificate manager in Xcode I got strange errors like "The passphrase you entered is wrong". But it did not even ask me for any passphrase.
What helped me was:
Revoke all not-working distribution certificates at developer.apple.com
Restart my Mac
After that, Xcode was able to create new distribution certificate and no private key was missing.
Lesson learned: Restart your Mac as much as your Windows ;)
I accessed that certificate on apple's developer website and after downloaded it I opened it. Likewise, at open I got a little window asking if I wanted to add the certificate to keychain. Just tapped "add" and the "missing private key" error was gone.
My problem was that for whatever reason, the login keychain was missing in the Keychain Access. Xcode created a new certificate and added it to the login keychain but could not use it. Restarting the computer solved my problem.
Just to shed some light on this.
After I deleted my p12 certificate from Keychain. I re-downloaded my own certificate from Apple developer portal.
I was only able to download the certificate. But to sign you need the private key as well. So you either:
export both private key and certificate from Keychain to get it.
Upload a Certificate Signing Request and generate new certificates
That certificate by itself has no value for signing purposes. My guess is that the private key is created by keychain the moment you 'request a certificate from a certificate authority' but isn't shown to you until you add its matching certificate.
Check whether you are using Login or not to add the certificates, if you are checking in System at top left hand side then we wont be able to see it.
So drag and drop the .cer into login then check you are able to get the private key or not.
I'm the creator of the key, but the key was attached to an expired Certificate.
To solve it I went to -> Xcode/Preferences/Accounts/"Account you use to archive"/Manage Certificates..
Then click on the dropdown menu with the "+" sign on the bottom left corner, and choose the type of certificate you need updated (mine was Apple Distribution).
This updated my new certificate with its key attached.
Contact with the creator of iOS Distribution key and tell to export certificate and private key, then just download and double click it to access in your keychain.
I assume you have switched device and trying to create a new certificate for your new device,
First revive the development certificate form the developers portal,
Go to xcode > preferences > accounts > select your apple id with the dev portal access > manage certificates > click on the team account > click on the little + button > click on apple distribution
Go to the apple developer portal , you can see a distribution certificate is created ,
Go to profiles create a new profile with the new certificate.
Download > install
done
An old XCode version will also cause this. I was on XCode10 (old for 2022). Updated to latest version, which resolved the issue.
I could resolve this problem by updating macOS and XCode.

Profile doesn't match any valid certificate/private-key pair in the default keychain

I am developing an application for a company, they gave me the admin role so I can edit provisioning files. I am getting "Valid signing identity not found for distribution file" and "Profile doesn't match any valid certificate/private-key pair in the default keychain" error on XCode, normally I would revoke the distribution profile by creating a key chain from my mac, but the company have other applications and I can not risk revoking it because clicking revoke gives the following warning.
"Revoking this certificate may invalidate one or more Provisioning Profiles in the Program Portal. Provisioning Profiles already installed on devices will continue to run until the provisioning profile expires."
Is there a way to add a new key pair without revoking the distribution certificate, would revoking the current certificate effect other applications or are there any other solutions to this problem?
You need the private key associated with the distribution certificate.
Request the person who created the distribution certificate for the company for the private key associated with the distribution certificate. Get him to export the private key from his keychain! Ask him to remember to select both the distribution certificate and private key together before right clicking and exporting it as .p12 Select both the distribution certificate and private key together before right clicking and exporting it as .p12
Once you open the .p12 it should pair up with the distribution certificate (the .cer file you should already have in your keychain). Your provisioning profile should work fine then!
Let me know if it works!
I came across the same issue and for some bizarre reason the method clearwater82 suggested didn't work.
But I found out this documentation on apple developer site. Might be helpful for someone else. It's just two simple steps.
FIRST STEP : Exporting Your Code Signing Assets to Your File System
SECOND STEP : Importing Your Code Signing Assets from Your File System
Hope this helps someone!

Resources