Renewing Apple Certificates - ios

As usual, Apple's over-complicated procedures are driving me mad.
We have an app that uses Push Notifications (amongst other certificates). This ran out 2 months ago but we have been unable to get a new certificate working which is, needless to say, ridiculous.
I have added new certificates to the Apple ID Developer account, generated p12 files, added to Keychain, converted to .pem file, etc but the app still fails. I don't know if we are generating the wrong certificate or storing in wrong place or not linking it to app etc.
Can someone please make themselves a hero for all us standard app developers by listing the full and precise steps to getting new certificates found by Xcode and the app build?
Thanks.
LATEST
Ok so still a duff app. Have cleared certificates, made new provisioning profile, made new certificates, added to keychain, copied to system keychain (whatever that is but they seemed to be there before)....
Errors are as follows.
Target > Capabilities > Push Notifications
Target > General > Signing
Both say 'Provisioning profile "xxxxxx" doesn't include signing certificate "iPhone Distribution: xxxxx. (M........6)'
Don't know what I should be doing with anything after adding to Keychain and no idea why I can't add certificates to a profile. Push Notifications is enabled on App ID.

Here is the full and precise steps to getting new certificates you want.

Related

Problems with iOS Free Provisioning Profile

I've been using Xcode with a free Apple ID, and signing a App with a free provisioning profile.
However, after I signed the App with another Mac, the certificate on the first Mac I used to sign the App with does not work anymore.
I received this error message when I tried to run it on my iPhone:
Please verify that your device's clock is properly set, and that your signing certificate is not expired. (0xE8008018).
After generating a new certificate via Xcode > Preferences > View Details... > iOS Distribution > Create, I got this error instead:
The identity used to sign the executable is no longer valid.
After deleting the App from my iPhone, I tried to run the App again and received this error message instead. This also caused my phone to freeze for a while:
dyld: Library not loaded: #rpath/libswiftCore.dylib
Referenced from: /var/mobile/Containers/Bundle/Application/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/Test.app/Test
Reason: no suitable image found. Did find:
/private/var/mobile/Containers/Bundle/Application/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/Test.app/Frameworks/libswiftCore.dylib: mmap() errno=1 validating first page of '/private/var/mobile/Containers/Bundle/Application/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/Test.app/Frameworks/libswiftCore.dylib'
(lldb)
Update: I'm using Free Provisioning Profile, thus I don't have access to iTunes Connect. I also can't import the certificate from my 2nd Mac as it was it was reset.
Update 2: I've also visited Keychain App and found 2 certificates - one expired and one valid. I deleted the expired one and tried to run the App on my phone again, but the error persists.
Update 3: I've tried to revoke all my certificates in developer.apple.com, but there isn't a certificates management. Only 'Programs & Add-ons' and 'Your Account' sections are available in the nav, which allows me to enrol into Apple Developer Program.
Update 4: I've also restarted my Xcode to no avail.
The main problem is that I'm not sure why I cannot revoke and regenerate a new certificate.
How can I solve this problem?
Generate a New CSR from your Keychain and download new certificate using this CSR. Include this certificate in your provisional profile and download it. Make sure you remove all expired certificates from Keychain. Good luck.
You don't need iTunes Connect to manage your certificates, IDs and provisioning profiles. iTunes Connect is used for managing your app store releases, which as you know you can't do with a free account.
You need to go to developer.apple.com and log in with your free account to the member center. You will be able to see the certificates and provisioning profiles under your developer account.
Since you don't have anything in the store (you can't with a free account), I would go into the developer's member center, revoke and delete any certificates that are out there, and delete all provisioning profiles. Start from scratch and generate a new certificate using a brand new CSR. Then generate a new provisioning profile using the existing app ID and the newly created certificate. Download the profile update your project settings to use the new signing identity and profile, and you're back in business.
Also, this is assuming that you are not sharing this developer account. If you are, doing the above instructions will make it so other developers will not be able to build with the signing identity unless you give them the private key for the certificate.
I managed to fix this problem by renaming the App name, and recompiling the App. I think that by renaming the App, a new certificate is generated, thus it would work.
Even though, it's not really a great solution, but it solved my problem as I wanted to rename the App in the first place.
Thanks everyone for providing answers!
I had to create a new Apple ID and it worked. Not the ideal solution but without access to certificates its the only solution that worked for me.

Apple Development Certificate issues

I have managed to get my Development and Distribution certificates in something of a mess (started with separate one for each App and more)
I'd like to start again with just one, generic, cert for each of Development and Distribution.
There are lots of tutorials on re-creating deleted or expired certificates but I can't find any confirmation that I can delete everything and start afresh (and, presumably, then use the new cert for new apps and/or updates to old ones?)
Has anyone actually gone through the steps of cancelling/deleting all Apple certificates and starting again? If so, any advice on steps and things to avoid will be appreciated.
thanks
Many thanks for the suggestions which I have now implemented.
I do now have just one each Development and Distribution certificate (although Xcode re-created the dozens of provisioning profiles I was trying to get rid of - I guess I will have to live with that long list for ever...).
An interesting result is the error message I received when I uploaded a new version of an App:
"Potential Loss of Keychain Access - The previous version of software has an application-identifier value of ['xxxxxxxxx.com.jeffmaynard.eurosceptic'] and the new version of software being submitted has an application-identifier of ['yyyyyyyyyy.com.jeffmaynard.eurosceptic']. This will result in a loss of keychain access."
Although the App has gone to review I am not sure of the consequences of this error message which I assume results from the certificate updates?
You have to clear your certificates in 2 places:
Keychain
Follow these steps to navigate and clear the certificates:
Open LaunchPad
Keychain Access
Select your Keychain
Select My Certificates
Now here you need to delete every certificate that starts with iPhone Developer or iPhone Distribution
Apple Developers Members Center
Login to Apple Developers
Go to Member Center
Click: Manage your certificates, App IDs, devices, and provisioning profiles
You have 2 tabs to interact Certificates and Provisioning Profiles
Remove all of them (Remember you can't delete those Provisioning Profiles, that are already in App Store).
Then you need to create it from the beginning: Follow my answer here

iOS Provisioning profile: Valid signing identity not found

I am trying to test the push notification functionality on a device. I followed this article. http://www.raywenderlich.com/32960/apple-push-notification-services-in-ios-6-tutorial-part-1
So the issue is when I download the development provisioning profile and import it into xcode then it says the valid code signing identity is not found.
This stops me from building the app as General projects settings says no matching provisioning profiles found.
No matter how many times I push fix button this wont go.
The app ID and provisioning profiles looks good on iOS Dev center.
I have tried deleting them and recreating them again and again but issue remains the same.
Also my build settings are:
There is only one option for code signing identity and that is "iPhone Developer" as no other matching code signing identity is found. I have tried deleting the app and recreating it in xcode also. I have double checked the bundle ID. And I have google a lot. Everyone says revoking the certificate and recreating fixed the issue but not in my case.
Also the keychain seems to have the correct public and private key.
I am stuck on it for last 2 days :(
Make sure to delete the old .cer file from you Keychain and download the latest one.
If the CertificateSigningRequest.certSigningRequest is created from another machine, get the corresponding .p12 file and add it to your Keychain.
Thats it. Now double click on your provisioning profile and it should be valid.
Worst solution:
If you are unable to get the .p12 file, Revoke your existing certificate and configure all again.
Fixed it by deleting all development certificates in iOS dev centre (even my iOS development certificate) and recreating new ones from beginning. I had 2 iOS development certificates and I think Xcode was confused about which to use. This happened because I have revoked my development certificate from another machine and thus creating a new one. Somehow it ended up in two developer certificates managed by xcode. Since then i have'n tested any app on device and so though that was the problem.
Install the valid p12 file (i.e) double click the valid p12 file.

Certificate identity 'iPhone Developer: ' appears more than once in the keychain. The codesign tool requires there only be one

Ok, I am completely pulling my hair out on this one.
Back in July I created a provisioning profile so I could test on my iPad.
Then at the end of August I tried submitting my first App to the iTunes Store. The process was a complete nightmare, and I struggled. A lot. In the end I found a tutorial with relatively recent information in it, and only by following it step by step could I actually get anywhere with this. Unfortunately the result of this was that I created a new provisioning profile.
Now when I try to test on my iPad I get the following error in Xcode:
Certificate identity 'iPhone Developer: MyName' appears more than once in the keychain. The codesign tool requires there only be one.
I check the keychain, and sure enough there are the two provisioning profiles for development, one from July and the one I used to submit to the iTunes Store in August.
Now what I want to do is get rid of the old one, and then connect my iPad up to the new one. I can get rid of the old one fine, but I cannot connect my iPad to the new one, it insists on using the old profile, even to the point of re-attaching it to the keychain after Ive deleted it.
Can anyone tell me:
How to connect my iPad to the new provisioning profile?
And while we are at it, can anyone shed any light on why this entire process is so convoluted and difficult? Considering that so much of Apples interface is so well designed and fluid, this process of registering certificates and applying them to different devices and Apps seems so backwards. I initially suspected this was just me, but googling for these error messages reveals that there are many who are struggling at various points along this process.
This has nothing to do with Xcode and everything to do with keychain.
Open keychain.
Find the signing certificates that are tied to your provisioning profiles.
Delete one. You probably want to keep the newer one, so look at the expiration dates and remove the one that expires first.
Restart Xcode
You may need to update your provisioning profile if it isn't tied to the new certificate, but it won't be as painful as creating a new certificate.
Here's a broad overview of how code signing in Xcode works. It a bit much but will explain what's wrong with your configuration, and how you can fix it.
There are three parts to the mechanism that ensures that you are who you say you are and that your app is allowed to run where it wants to.
You've got a pair of keys, one public and one private. Your public key matches your private key, which identifies you.
Your keys are used to generate certificates. Generally, you'll have one certificate for development and one for distribution,either on the App Store or via Ad Hoc distribution. These certificates permit you to provision your apps.
Each certificate is used to generate provisioning profiles. The profiles must be attached to either a development or a distribution certification. A distribution profile either works on the App Store, or it contains a list of device IDs which may run apps signed with that profile.
If your certificate is expired, the provisioning profiles that are created with it are going to be invalid. In this case, replace both the certificate and the profiles. Generate a certificate signing request (CSR) from Keychain Access and upload it to the developer portal.
If you have multiple certificates in your keychain, Xcode won't know which one to use. This may happen if you renew your certificate and don't remove the old one. (It may also happen if you exported your developer profile and then imported it later. Your old certificates will carry over.)
If your provisioning profile is expired or invalid, you can renew it in the developer portal without generating a new CSR. You can just attach it to an existing valid certificate.
Certificates can't be carried over from one machine to another without moving the original key pair that requested it. Exporting the certificate from Keychain will export the keys as well.
Delete the old one, and start build with new.
One more way you can try , set code signing identity with profile you want to run in both target as well as project build setting.
Hope it will help you.
Otherwise you have to delete old one.

iPhone app signing: A valid signing identity matching this profile could not be found in your keychain

I'm pulling my hair out over this. I just downloaded the iPhone 3.0 SDK, but now I can't get my provisioning profiles to work. Here is what I have tried:
Delete all provisioning profiles
Delete login keychain
Create new "login" keychain, make it
default
Create a new certificate signing request
Create new developer and distribution
certificates in the Apple developer center
Download and install them
Download the WWDR certificate and install it
Create a new provisioning profile and
double click it to install
All the certificates report as valid, but Xcode still won't recognize them. What should I try next?
Edit:
I completely re-installed Mac OS X and from a fresh install installed the 3.0 SDK and still have the same problem.
I had the same problem: I first downloaded my certificates to my small MacBook while on the run. When trying to install the certificates on my iMac... then I ran into the problems described on this page.
After spending hours pulling my hair out like many of you, I performed the following steps to fix it:
Close all your stuff except your webpage that should be logged into App Dev center.
Open Xcode. Click WINDOW > ORGANIZER. Then click the Devices tab and select "Provisioning Profiles" on the left.
That should bring up your provisioning profiles. Highlight one by one (if more than 1), right click and delete profile. Yes, just do it! Delete them all! (I kept making a new one after a new one trying to make the thing work.)
From the first page you see after logging into the App Dev Center on the right side click "iOS PROVISIONING PORTAL" > (do not "launch assistant"). Instead click on the left side. Select CERTIFICATES. You will probably have just one line listed with your name/company - from there click on the right side REVOKE. Click OK to verify that's what you want to do.
On the same page click DEVICES. Click the box next to your device you are trying to provision and click REMOVE SELECTED. Again click OK to verify.
Wait about 2 minutes to let Apple do their thing.
Now click on "HOME" that is on the left side navigation.
Click "Launch Assistant"
create a new app ID - call it whatever you want. Just make sure it's unique enough to know that's the one you just created because the others you've been messing with all day will not be deleted from Apples Dev Center.
You should be able to follow the rest of the Assistant without troubles -- the main thing is you just had to delete your old provision profiles and start over.
Good Luck!
I encountered the same issue. This is because the private key of the certificate does not existing on your machine.
If you are now using a new machine and download the certificate from website:
You can export the certificate from the old machine and then import on the new machine.
If you share the developer account with someone:
You ask the account owner to send you an invitation and become a team member of that account. Then you can create your own certificate from scratch.
If you don't want to handle all these sh*t:
Just revoke the certificate on website and delete the copy on your local machine. Then request a new one. This should be the ultimate way for solving such issue.
Had the same problem yesterday. Now, after signing to the developer portal, for every invalid provisioning profile have a button "Renew". After renewing and downloading updated provisioning profile all seems to work as expected, so problem is definitely solved :)
Update: you may have to contact Apple to get a "Renew"-button, or they removed it -- and the solution is to just download it and add it to the keychain, no need to renew.
What I found was that I needed to drag the distribution_identity.cer file that I downloaded from the "Certificates -> Distribution" page on the developer program portal into the keychain access program, then this error went away.
I solved it by
a) go to provisioning profile page on the portal
b) Click on Edit on the provisioning profile you are having trouble (right hand side).
c) Check the Appropriate Certificate box (not checked by default) and select the correct App ID (my old one was expired)
d) Download and use the new provisioning profile. Delete the old one(s).
Apparently there are 4 different causes of this problem:
Your Keychain is missing the private key associated with your
iPhone Developer or iPhone
Distribution certificate.
Your Keychain is missing the Apple Worldwide Developer Relations
Intermediate Certificate.
Your certificate was revoked or has expired.
Online Certificate Status Protocol (OCSP) or Certificate
Revocation List (CRL) are turned on in
Keychain Access preferences
.
After carefully going through the thread here and checking all the solutions proposed by people, I can confidently claim this, after following the steps mentioned on Apple developer docs for creating CSR and mobile provision file, just do this!,
Launch Xcode.
Select window->Organizer
Click this refresh button and that filthy yellow bar will remove instantly.
http://img.skitch.com/20100820-1ngm8an14c6fm3dt7g6j51d2nx.jpg
Trust me, you only have to do this. There is no need to repeat the process again and again to make sure that you doing it the right way. Just press Refresh, enter your login credentials and it's done.
For me it only worked when the certificate and both keys were in the Login keychain. I had created a Development keychain before, but the Xcode Organizer wouldn't find the keys in there. So I moved them back to Login, quit the keychain tool - and voila, the error in Xcode Organizer went away! This was on Snow Leopard 10.6.2 with the 3.1.3 SDK.
For development certificates you can just create a new one and match it to a profile. However for distribution, like when your going to submit to Apple, you cannot do this and must use the distribution certificate the team agent created. The problem is you need the private key on your machine. It's very simple, however, for the team agent who created the certificate to copy the private key to you, below are the instructions from Apple, I hope this helps.
It is critical that you save your private key somewhere safe in the event that you need to develop on multiple computers or decide to reinstall your system OS. Without your private key, you will be unable to sign binaries in Xcode and test your application on any Apple device. When a CSR is generated, the Keychain Access application creates a private key on your login keychain. This private key is tied to your user account and cannot be reproduced if lost due to an OS reinstall. If you plan to do development and testing on multiple systems, you will need to import your private key onto all of the systems you’ll be doing work on.
To export your private key and certificate for safe-keeping and for enabling development on multiple systems, open up the Keychain Access Application and select the ‘Keys’ category.
Control-Click on the private key associated with your iPhone Development Certificate and click ‘Export Items’ in the menu. The private key is identified by the iPhone Developer: public certificate that is paired with it.
Save your key in the Personal Information Exchange (.p12) file format.
You will be prompted to create a password which is used when you attempt to import this key on another computer.
You can now transfer this .p12 file between systems. Double-click on the .p12 to install it on a system. You will be prompted for the password you entered in Step 4.
The best answer I got was exporting your key, instead of just trying to import the cert file.
When you export the key from the keychain that generated the request, you get a Certificates.p12 file, which rolls the keys you need together.
Then import this into the new computer.
With keys like this, it's probably good to keep a rolled, certificate package file, because many times the "public" key, or cert file, is not enough to restore things from.
In my case, I copied the project from my iMac to my Macbook Pro and found out I didn't have my private key installed on the Macbook. So I exported my private key, copied and installed it to the Macbook, and voila it works! I've documented the information here:
http://www.creatistblog.com/2009/09/iphone-developer-provisioning.html
Just a note with Xcode 4: in the organizer there are two different sections in the left pane:
Library > Provisioning profiles
Devices > your device > Provisioning profiles
I was always puttings my provisioning profiles into 2. and even after cleaning and installing properly it was not working. Then I discovered 1. and finally I found the refresh button. If you select 'Automatic device provisioning' in 1. and click on refresh, then everything got validated (no yellow warning in 2. anymore).
Was facing a similar issue yesterday with our CI server. The app extension could not be signed with the error
Code Sign error: No matching provisioning profiles found: No provisioning profiles with a valid signing identity (i.e. certificate and private key pair) matching the bundle identifier XXX were found.
Note: I had created my provisioning profiles myself from Developer portal (not managed by Xcode).
The error was that I had created the provisioning profiles using the Distribution certificate, but the build settings were set to use the developer certificate. Changing it to use Distribution certificate solved the issue.
Summary: Match the certificate used for creating the provisioning profile in build settings too.
Did you try rebooting your Mac and your device? Lame answer, but I always try that first.
I got it working after re-doing everything and then creating an empty project with XCode and building/running it to the device. XCode showed a window asking something like: Do you want to accept the developer certificate. I pressed "Always". Only after this step I got rid of the message "A valid signing identity matching this profile could not be found in your keychain" in Organizer.
Hey guys, I had heaps of trouble with this yesterday. I went through the whole process a few times, requesting a new certificate request from the authority with the assistant, clearing out everything in the portal, uploading the certificate, creating a new profile and downloading everything. No dice.
However, check this out.
First up clear out all the certificates on the portal to start fresh.
After creating the new certificate request with the assistant, press "Show in Finder", and double click that bad boy. You should get a popup for the Certificate Assistant with a screen showing "Please specify the issuing Certificate Authority", etc. If you don't, just close it and double click again.
Now just proceed through the dialog choosing
"Request a certificate from an existing CA" - Continue
Request is "Saved to disk" - Continue
Save it where ever you like, even override the file.
At the end you should see the magic "Creating key pair"
Run over to the KeyChain access and you'll see your keys in there! Upload this certificate to the apple portal and then go through their wizard as normal, everything should work great now.
There are two different certificates for two different provisioning profiles (development and distribution). You have to install BOTH certificates in keychain. In the iPhone Developer Program Portal:
Certificates -> Development -> Download
Certificates -> Distribution -> Download
Double click both certificates. After that both certificates must appear in Keychain.
The answer is this revoke your Current Development Certificate and make a new one. follow the instructions on apples site on how to do so. Its that simple!! I had this exact problem.
Simple steps to get this done:
Start from keychain (which contains your dev key already) on your computer and create a request for certificate. Upload the request to dev site and create the certificate.
Create a profile using the certificate.
Download the profile and drop it on Xcode.
Now all the dots are connected and it should work. This works for both dev and distribution.
I logged into developer account and revoked the development certificate. After revoking and downloading the development certificate i double clicked the newly downloaded certificate and this time Private Key was there under development certificate in KeyChain Access.
A good way to ensure that this happens cleanly is to clean your login keychain completely first.
Also, a really important step is to unlock your keychain before you import the private key and public key
security unlock-keychain -p password ~/Library/Keychains/login.keychain
Import private key into login keychain :
security import PrivateKey.p12 -k ~/Library/Keychains/login.keychain
1 identity imported.
Import public key into login keychain :
security import PublicKeyName.pem -k ~/Library/Keychains/login.keychain
1 key imported.
I had this same problem but, it was due to my setting up "FileVault" on my Mac. I went into my keychain and set "login" to be my default and that fixed it.
"This was a bug on the Apple portal site. They were missing a necessary field in the provisioning profile. They fixed this bug late on 6/16/09. "
I don't know whether they really skipped it or if my eyes were just glazing over but....
Just in case anybody else is overlooking the same things that I did....
just as when you were developing and testing...
1) You need a DISTRIBUTION << CERTIFICATE >>
2) You need a DISTRIBUTION << PROVISIONING PROFILE >>
That is TWO STEPS on the portal in order to get the thing signed.
There I was, having created the developer CERTIFICATE and copied it to the Mobile Provisions folder, wondering why it didn't work.
As soon as I had the provisioning profile in place
* BINGO *
I had the exact same problem and tried everything. For whatever reason the solution was that all my certificates had migrated to a keychain called "microsoft_intermediate_certificates". As it probably happened during an Xcode upgrade I have absolutely no idea why, but it may help somebody.
I moved all content of the Microsoft keychain to the login keychain and everything went back to normal.
I finally got this to work after, like, 4 separate tries after incurring the same problem that was originally posted. So here's what happened, I am not sure if this is an old issue now (2009-07-09), but I will post anyway in case it is helpful to you. What worked for me... might work for you...
start anew and delete the old private keys, public keys, and certificates in the keychain
go through the whole process, request a certificate from a certificate authority, get a new public key, a new private key, and a new certificate. Note: when it worked I had exactly one private key, one public key, and one certificate
Make a new provisioning profile (which utilizes the certificate that you just made) and put that in your organizer window in Xcode. Delete all the old BS.
Run it.
Hopefully this helps.
Everyone here is very wrong. All you need is to follow the steps that Apple provides in Managing Your Digital Identities.
It instructs you to export your certificates through Xcode and reimport through Xcode. It works great, but make sure your username is the same on both computers or it will fail.
I just spent several hours on this fershlugginer issue, which cropped up after renewing my development license. To reiterate, everything was working without a hitch, then (thank you Apple!) it all got screwed up and stayed screwed up. None of the Apple official troubleshooting steps (linked to above) or possible resolution steps mentioned here resolved the issue for me.
What finally did it for me was to delete both my development and distribution certificates, revoke them in the provisioning portal, and then let Xcode AUTOMATICALLY refresh/issue them. Nothing else, in any order, was able to get both required certificates into my keychain with the private key correctly attached.
Here is what I did.
Make sure your certificates have not expired, make sure you delete all the expired ones. Get new ones etc, Once you have make sure all that is the way it should be, then focus on your project files.
in finder , go to your .xcodeproj files then show package contentes.
open project.pbxproj in xcode or textedit.
find every refrense to PROVISIONING_PROFILE and remove the GUID, just leave empty ""
Depending on your project you should have about 12+ refrences, remove all of the GUIDS.
Save file, then reopen your project in XCODE
Re select the correct provision profiles for all possible code signings( they should not all be the same)
Build your project and you should be good to go.
I think Xcode gets confused some how, and removing all the Provision Profiles from the project.pbxproj and then reselecting a valid profile will set it striaght.
If you have new mac you can go to
IOS developer center --> Provisioning Portal --> Certificates --> Development --> Revoke and create new certificate. My problem solved. My error is "Code Sign error: The identity 'iPhone Developer' doesn't match any valid, non-expired certificate/private key pair in your keychains"
What you need:
1) A private and a public key.
They have this symbol in your keychain:
2) A certificate made from the signing request of those keys
3) A provisioning profile linked to that certificate
Let's say you change computers and want to set up Xcode with provisioning profiles again. How do you do it?
Open Xcode, press ctrl + O to open the Organizer, and delete all provisioning profiles you might have installed already.
Open keychain access, and create a signing request which you save to file (when you create the request, a private and public key is created in your keychain).
Create/Update a certificate in the provisioning portal by sending apple this signing request
Download and install the newly created certificate.
Revoke your provisioning profiles and update them with the new certificate.
Download and install the newly updated provisioning profiles.

Resources