Right now I'm developing apps on a brand new macbook. I have downloaded the certSigninRequest
Now I have added both the ios distribution certificate and the private key which is (certSigninRequest)
But whenever I try to export my app it keeps saying missing private key. I have added to my Keychain already
For your case, the appropriate way to use the Distribution Certificate to be legal on other machine(s) is to export it from the current machine that uses the certificate.
To do this:
Navigate the the keychain access.
Go to the targeted certificate, expand it and select both the certificate and the private key:
Right click and select "Export 2 items...".
Obviously, you should fill the required info, such as the name of the exported file and a password.
The output of the above steps would be a .p12 file, which should be installed on the other machine(s). Note that revoking the original certificate will also makes this exported file to be invalid.
Do not request a new distribution certificate for the new machine, it will automatically revoke the previous one (which leads to make the first machine's certificate to be invalid). This thing is you would generate only one Distribution Certificate -by generating a "CertificateSigningRequest" file from the current machine- and then export it to be able to install it on the other machines, which means that all machines use the same distribution certificate.
Also, the following questions might be related to your case:
missing private key in the distribution certificate on keychain
How can I add private key to the distribution certificate?
Related
I created distribution certificate on one machine and I want to now run App on another machine. Only solution I found is to export and then import distribution certificate (Unable to create ipa in xcode 6?).
But currently I don't have access to my first machine. Is there any alternate way? May be to export from developer.apple.com. IF not then why apple is not giving that flexibility?
If you requested the distribution certificate from one machine, then that is the only place that private key exists. The only options are to export the complete certificate (private and public keys) from that machine, or to create a new distribution certificate.
You can download the certificate from Apple as Ahmed mentioned above, but it will not contain the private key needed to sign your app.
Its not possible to use a certificate without the private key. This key is only available on your previous machine.
You need this private key to sign the ipa through xcode.
The only options for you is to generate new certificate and provisioning profile (if you do not have access to previous machine).
You can download them from developer.apple.com and import them.
Xcode has also the ability to sign in into your account and
re-download them.
Here are steps that need to be followed for #2:
Go to Xcode;
Select "Preferences";
Choose "Account".
Yes, I am aware of the numerous duplicates of this question, but I tried everything suggested by others. At this point I don't have duplicates, I revoked and regenerated the certificates and keys from the scratch, I have my certificates paired with the corresponding keys.
The problem that I am facing is as follows: if I try to have the release with a distribution profile in my build settings I keep getting the error specified in my header, having a development profile though, works and doesn't provoke any problems. In case, I continue with a development profile and create the archive, when trying to distribute it, I can not specify my distribution profile again as I keep getting The private key for "" is not installed on this mac.
For generating certificates and keys,I used xCodes Preferences -> Account. For my development certificate xCode downloaded the certificate on it's own, while the distribution one I had to download manually. It did as well download all the profiles for me as I can visualise them in my iPhone configuration utility.
The question is: Am I missing something for the distribution profile? The error message says: No codesigning identities (i.e. certificate and private key pairs) that match the provisioning profile specified in your build settings "" were found. does this mean that I have to link my certificate with the profile somehow?
You should go to KeyChain Access and check if your distribution certificate contains a private key. If it doesn't, you need to regenerate your distribution certificate, the private key can't be retrieve from developer site, which means you have lost the key forever.
The distribution certificate should look like this:
You need a valid signing certificate for distribution. You seem to have a signing cert only for development. When you can't figure what is wrong kn your own after a while: Delete your private development and dist keys from keychain (be sure to delete the private keys, these are the ones visible when you expand an item in the tree viw in keychain. otherwise it may delete the public key and just silently hide the private key). selete all provisioning profiles. and recreTe both provisioning and develop and dist signibg certs.
you will develop some skills kver time when dealing with this every day. though when you can't figure, just go the hard reset path.
I have created certificate & provisioning profile related to my iphone app.
but when I run app it shows doesn't match any valid certificate/private key pair in the default keychain
& then I realize that it is not certificate which i have created.
what should I do now?
I have tried to delete previous certificate but it does also not working it again came back.
You should have the private key used to create the certificate present in your keychain app for you to be able to code sign your app. Start fresh, create a new certificate, this time make sure to store the private key as .p12 file.
You have not installed the .p12 file. Please go through the Apple docs for Certificate/Provisioning-profile creation process. That will help you to understand the whole process of signing an iOS app.
You can always verify certificate, which provision created with.
Provision profile have public key encoded in base64. You can compare hash sums or finger print with private key on your mac.
Here is example code how to export certificate from provision in ruby gist.gitgub
I downloaded a personal development certificate from the Apple Developer center and imported it to my keychain. Now, I want to export it as a .p12 file and encrypt it with a password. When I right click the certificate in the Keychain tab Certificates, and press the Export button, the .p12 option is not highlighted/available. Instead of the other 3 options (.cer, .pem, .p7b), which are available.
I tried a couple of things yet, like adding the Apple ID, which was used to create the certificate, to System preferences->Users and Groups->My account, but that didn't solve it. The certificate was created on a different Macbook than I'm using now.
Is it possible to export it as a .p12 in any way?
One point of interest: the Keychain Assistant window has a "Category" list in the right pane below the title bar (used to be in the lower part of the left panel). You can only export a p12 from the "(My) Certificates" view.
In the "All Items" view, you can see the certificates and the keys alongside, so that they're distinct items with no possibility of multiple selection; in the Certificates view, there's a tree structure with keys as child items of certificates, so that selecting a certificate implicitly selects the corresponding private key too.
The missing .p12 option means that you only have either the private key or the certificate on your machine. You need both of these to generate a .p12 (and incidentally, you'll need both the private key and certificate to sign your apps).
So, find out which of these you're missing, add the missing piece to Keychain, and the .p12 option will be available.
You can check in your keychain whether the private key is associated with the development certificate.
You can export the private key and certificate as .p12 only if it is there.
I was struggling with the same issue - I was able to sign macOS applications locally with my "Developer ID certificate", but wasn't able to export that certificate as a .p12 file (required by Azure Pipelines). What I found after maybe an hour of trying everything is that you need to store the Developer ID certificate in the "login" keychain (only there you can see also your private key and the "Export as .p12" option), not in the "System" keychain as I used to have for many years...
So although the Developer ID certificate stored in the System keychain works fine with Xcode, it doesn't allow you to export it as a .p12 file until you reimport it to the "login" keychain...
Just select Certificate from the left panel to export it as .p12
I developed an iOS app that my client is going to use internally. They sent me their enterprise distribution provisioning profile. When I add it to XCode it says "Valid signing identity not found". How do I build the app so that my client can run it on their devices?
Your computer is unable to sign with the distribution profile, since you don't have the private key for this certificate.
Alternative 1
Apple intends that building a project for distribution will only take place on a single machine - the machine that the certificate was originally created on. So, in their eyes, you should ask your clients to build the project internally (for distribution only - for development you should have no problems building yourself).
Alternative 2
There is a way to override it.. and it involves exporting the private key from that special distribution machine and emailing it to you.
These are the steps (also outlined here):
Access the computer where the certificate was created, open the "Keychain Access" program on the computer
In "Category" panel, select "Certificates"
Find the correct distribution certificate and expand it
Highlight both the iPhone distribution certificate line and the private key line under it.
Right click and select "Export 2 items"
Save the .p12 file, choose a password that can share, you will need it to import this file later
Email the saved file to you
Once you import this and type in the password from step 6, you will have the private key on your computer too and all will be good.
Alternative 3
There's a chance that when you ask your clients to export the private key, they will have no idea what you're talking about and no idea where the machine that created it is (this is what actually happened to me). This is usually the case if they are not regularly building for distribution on their own.
In this case, you can simply delete the certificate and create a new one (for the distribution profile). If you create the certificate on your machine, then you will have the private key. You should also export it to them just in case (using the same steps of alternative 2).. so they have the ability to build without you if need be.
Each provisioning profile is paired with a certificate. If you subscribe to the Apple developer service, you should have access to create and download a development cert (tied to the apple ID) and a distribution cert (tied to the organization). The enterprise distribution provisioning profile needs to be paired with the distribution cert. So in order to use their provisioning profile, you will have to get the distribution certificate from them. This will also involve you getting their private key, which they might not be so fond of. Alternatively, they can set you up as a developer on their portal, then you can distribute through the machine that already has the distribution cert installed on it.