I am just about a week away of expiration of the Apple developer certificate. Accidentally I lost the CSR file which I used when I created the last certificate which I am currently using.
Could you please let me know what all issue I may face if I will go with another CSR for new certificate?
Note:
Without CSR, you will be able to work with existing certificate but once it expires, you must create new one and you can use/create new CSR if previous one is lost.
Updating your certificate will not impact on your distributed build on public environment (Apple App Store). But of-course it won't allow you to distribute your new build with invalid/expired certificate.
Here is an instruction from Apple Developer Documentation for Code Signing Identity, that says,
If you lose control of your Apple-issued signing identity, such as
your Developer ID or Mac App Distribution identity, report this to
Apple immediately. Apple will invalidate the old identity and help you
to replace it. While this seems like a bit of work, it is critical,
because anyone possessing your identity can distribute potentially
malicious or destructive code that looks like it came from you.
This may also help you.
No Code Signing Identities Found
Xcode detects when you’re missing a signing identity. Typically, this happens when you move from one Mac to another. Follow the steps in Creating the Team Provisioning Profile to create your signing identity and add it to the team provisioning profile. You’ll have the option of importing your signing identity from another Mac or resetting it. If you use a custom development provisioning profile that you manage yourself, it becomes invalid after revoking the development certificate. Read Editing Provisioning Profiles in Your Developer Account to regenerate it.
To avoid this problem, export your certificates as a developer profile file on the other Mac, and then import them on your new Mac, as described in Exporting and Importing Certificates and Profiles.
As per apple documentation .CSR is used in combination with your App ID, provisioning profile and entitlements. So, if one have both (App ID and provisioning profile) it will harmful to you.
.CSR explanation
Related
I've been using Xcode with a free Apple ID, and signing a App with a free provisioning profile.
However, after I signed the App with another Mac, the certificate on the first Mac I used to sign the App with does not work anymore.
I received this error message when I tried to run it on my iPhone:
Please verify that your device's clock is properly set, and that your signing certificate is not expired. (0xE8008018).
After generating a new certificate via Xcode > Preferences > View Details... > iOS Distribution > Create, I got this error instead:
The identity used to sign the executable is no longer valid.
After deleting the App from my iPhone, I tried to run the App again and received this error message instead. This also caused my phone to freeze for a while:
dyld: Library not loaded: #rpath/libswiftCore.dylib
Referenced from: /var/mobile/Containers/Bundle/Application/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/Test.app/Test
Reason: no suitable image found. Did find:
/private/var/mobile/Containers/Bundle/Application/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/Test.app/Frameworks/libswiftCore.dylib: mmap() errno=1 validating first page of '/private/var/mobile/Containers/Bundle/Application/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/Test.app/Frameworks/libswiftCore.dylib'
(lldb)
Update: I'm using Free Provisioning Profile, thus I don't have access to iTunes Connect. I also can't import the certificate from my 2nd Mac as it was it was reset.
Update 2: I've also visited Keychain App and found 2 certificates - one expired and one valid. I deleted the expired one and tried to run the App on my phone again, but the error persists.
Update 3: I've tried to revoke all my certificates in developer.apple.com, but there isn't a certificates management. Only 'Programs & Add-ons' and 'Your Account' sections are available in the nav, which allows me to enrol into Apple Developer Program.
Update 4: I've also restarted my Xcode to no avail.
The main problem is that I'm not sure why I cannot revoke and regenerate a new certificate.
How can I solve this problem?
Generate a New CSR from your Keychain and download new certificate using this CSR. Include this certificate in your provisional profile and download it. Make sure you remove all expired certificates from Keychain. Good luck.
You don't need iTunes Connect to manage your certificates, IDs and provisioning profiles. iTunes Connect is used for managing your app store releases, which as you know you can't do with a free account.
You need to go to developer.apple.com and log in with your free account to the member center. You will be able to see the certificates and provisioning profiles under your developer account.
Since you don't have anything in the store (you can't with a free account), I would go into the developer's member center, revoke and delete any certificates that are out there, and delete all provisioning profiles. Start from scratch and generate a new certificate using a brand new CSR. Then generate a new provisioning profile using the existing app ID and the newly created certificate. Download the profile update your project settings to use the new signing identity and profile, and you're back in business.
Also, this is assuming that you are not sharing this developer account. If you are, doing the above instructions will make it so other developers will not be able to build with the signing identity unless you give them the private key for the certificate.
I managed to fix this problem by renaming the App name, and recompiling the App. I think that by renaming the App, a new certificate is generated, thus it would work.
Even though, it's not really a great solution, but it solved my problem as I wanted to rename the App in the first place.
Thanks everyone for providing answers!
I had to create a new Apple ID and it worked. Not the ideal solution but without access to certificates its the only solution that worked for me.
You have revoked your certificate, so it is no longer valid.
Certificate: iOS Development
Team Name:
Any provisioning profiles that include this certificate are no longer valid and must be regenerated for future use.
Best regards,
Apple Developer Program Support
I don't know what it means and how should I do?
It probably means you, or someone else with access to the same development account had Xcode auto-generate a new development certificate for it to use. The first step there is to revoke the old one.
These messages look much scarier than they actually are. You may have to go into the member center and tell your provisioning profiles to use that new certificate now, then redownload them.
If you were the one who initiated the certificate creation in Xcode, then you should be all set. If you were not, and you need to use the same account for development, then have whomever clicked the button export the certificate for you, then you shouldn't have a problem building to a device after installing it on your computer.
If you and everybody else on the account don't have a current development certificate, then just make a new one.
Ok, I am completely pulling my hair out on this one.
Back in July I created a provisioning profile so I could test on my iPad.
Then at the end of August I tried submitting my first App to the iTunes Store. The process was a complete nightmare, and I struggled. A lot. In the end I found a tutorial with relatively recent information in it, and only by following it step by step could I actually get anywhere with this. Unfortunately the result of this was that I created a new provisioning profile.
Now when I try to test on my iPad I get the following error in Xcode:
Certificate identity 'iPhone Developer: MyName' appears more than once in the keychain. The codesign tool requires there only be one.
I check the keychain, and sure enough there are the two provisioning profiles for development, one from July and the one I used to submit to the iTunes Store in August.
Now what I want to do is get rid of the old one, and then connect my iPad up to the new one. I can get rid of the old one fine, but I cannot connect my iPad to the new one, it insists on using the old profile, even to the point of re-attaching it to the keychain after Ive deleted it.
Can anyone tell me:
How to connect my iPad to the new provisioning profile?
And while we are at it, can anyone shed any light on why this entire process is so convoluted and difficult? Considering that so much of Apples interface is so well designed and fluid, this process of registering certificates and applying them to different devices and Apps seems so backwards. I initially suspected this was just me, but googling for these error messages reveals that there are many who are struggling at various points along this process.
This has nothing to do with Xcode and everything to do with keychain.
Open keychain.
Find the signing certificates that are tied to your provisioning profiles.
Delete one. You probably want to keep the newer one, so look at the expiration dates and remove the one that expires first.
Restart Xcode
You may need to update your provisioning profile if it isn't tied to the new certificate, but it won't be as painful as creating a new certificate.
Here's a broad overview of how code signing in Xcode works. It a bit much but will explain what's wrong with your configuration, and how you can fix it.
There are three parts to the mechanism that ensures that you are who you say you are and that your app is allowed to run where it wants to.
You've got a pair of keys, one public and one private. Your public key matches your private key, which identifies you.
Your keys are used to generate certificates. Generally, you'll have one certificate for development and one for distribution,either on the App Store or via Ad Hoc distribution. These certificates permit you to provision your apps.
Each certificate is used to generate provisioning profiles. The profiles must be attached to either a development or a distribution certification. A distribution profile either works on the App Store, or it contains a list of device IDs which may run apps signed with that profile.
If your certificate is expired, the provisioning profiles that are created with it are going to be invalid. In this case, replace both the certificate and the profiles. Generate a certificate signing request (CSR) from Keychain Access and upload it to the developer portal.
If you have multiple certificates in your keychain, Xcode won't know which one to use. This may happen if you renew your certificate and don't remove the old one. (It may also happen if you exported your developer profile and then imported it later. Your old certificates will carry over.)
If your provisioning profile is expired or invalid, you can renew it in the developer portal without generating a new CSR. You can just attach it to an existing valid certificate.
Certificates can't be carried over from one machine to another without moving the original key pair that requested it. Exporting the certificate from Keychain will export the keys as well.
Delete the old one, and start build with new.
One more way you can try , set code signing identity with profile you want to run in both target as well as project build setting.
Hope it will help you.
Otherwise you have to delete old one.
This is getting frustrating. I have two identities, one old, one new, and the latter should be used to deploy iOS apps to the App Store.
I've created the new user, granted him admin access, then I created the app name and provisioning profiles. However, in the Organizer I see that the Dev provision works flawlessly, while the Deploy profile shows me the dreaded error:
Valid signing identity not found.
How can it be?
Well, I see that in the Certificates section in the iOS Provisioning Portal, there is only one distribution certificate, the one belonging to my company.
Is there a way to enable the new user to create apps without accessing the uberadmin's Xcode?
Thanks & Cheers!
You need the key that was used to create the Distribution Certificate for your company.
Remember when you created your developer certificate? Then you went to keychain -> certificate assistant -> Request a certificate from ...
When you did this, your Mac paired your certificate request to a key in your keychain. Once your developer certificate was processed and you downloaded it to your computer, it could be accessed by your computer through that key.
But if you did not create the Distribution Certificate that your company has, you don't have the key on your computer.
Take a look at your certificates in keychain:
Go to 'Certificates' and expand your developer certificate - it will have a little key with your name.
Now try to expand your distribution certificate - it will not have a key, right?
If this is the case, you have two options:
Ask the person who created the Distribution Certificate to export it from his keychain. This will create a file that includes both certificate and key.
Delete the current Distribution Certificate, and create a new Certificate Signing Request from your computer, which will connect it to a key that you have.
First method require access to "Uberadmins" computer. The second require admin access to your teams Apple account. There is usually no downside in using method 2, because creating a new certificate is necessary from time to time anyway. It will not affect already published apps, just coming releases and updates need to use a the latest certificate.
Once all this is done, you need to create a distribution provisioning profile for App Store and connect to the Distribution Certificate that you are going to use. (if you went with option 1, you might already have done this).
Download the profile to your computer, install it, and then in your app, select to build with this profile for distribution builds.
According to Apple's documentation:
A team’s distribution certificate allows a developer to build an app for distribution. If your team wants to use another Mac to create a distribution build, you need to transfer a copy of the distribution certificate as described in, “Safeguarding and Transferring Your Signing and Provisioning Assets” in Tools Workflow Guide for iOS. (from Managing a Distribution Certificate)
So, in order to have multiple users able to create & submit App Store builds, you must share a private key between them.
Create a new private key for the team, and then send that private key to everyone who needs it. Follow the instructions under Generating a Certificate Signing Request with Keychain Access.
See also: Any concern to share private key for distribution certificate among different group under a team account in itune provisioning portal
I am currently fixing bugs for a client who had the iPhone app made by someone else.
I think i have to use the clients distribution certificate to upload the binary of update..
I downloaded the distribution certificate but Xcode is complaining valid sign identity not found.
I know it is an issue with the keychain .. i don't have accces to the keys of the original developer..
how to proceed?
Invalidate the certificate
Create a new one
Create a new distribution profile using the new certificate.
Install that profile in XCode
???
Profit :)
If use certificate from another person then you are in need of private key. Without private key, you will be unable to sign binaries in Xcode and test your application on any Apple device. Try to request a .p12 file from original developer for this certificate or create new one yourself.
Delete any certificates you might have from the provisioning portal
Create a new Certificate Signing Request on your mac
Upload that request to the Provisioning portal to generate a new certificate
Associate your existing provisioning profile to the newly generated Certificate
Add the new provisioning profile to XCode
Compile your app :-) Done.
This will not delete any app details. This is just creating a new certificate. You will still be able to use all your old details. So dont worry.