My apologies for any confusion or misunderstandings, this is my first phone app so I'm still getting the hang of things.
I've been getting this error when I try to enable push notifications:
no valid 'aps-environment' entitlement string found for application
And my understanding of the issue (from reading other posts and Googling) is that this is most likely due to an incorrectly setup provisioning profile.
I currently have two certificates created, one created about 6 months ago strictly for development:
FirstName LastName iOS Development Mar 22, 2017
com.namehere.tasks APNs Development iOS Sep 18, 2017
Now I've heard that you might have to remake the provisioning profile after creating the APN, however when I try to recreate it to include the APN cert, it only lists the first cert.
I do notice that my current provisioning profile says invalid, which it didn't before, if this is at all relevant:
Name and OtherName 2016 iOS Development Invalid
So my question essentially is - do I need to create a new provisioning profile now that I've created a push certificate? And why can't I add it to my provisioning profile?
do I need to create a new provisioning profile now that I've created a
push certificate?
Yes, you will need to regenerate the provisioning profile. You can think of the provisioning profile as the single source of truth for all your certificates and bundled app services (eg. Push Notification)
however when I try to recreate it to include the APN cert, it only lists the first cert.
That is correct. Just go ahead with it. The provisioning process will obtain the push cert information automatically. When you view your App ID in the developer website, you should be able to see that Push Notification is enabled.
And why can't I add it to my provisioning profile?
If you are looking for an automatic way to regenerate these provisioning profile, you could let XCode manage the provisioning for you using Team Provisioning Profile.
If you enter information about your app and assign a team to your app,
Xcode creates the necessary signing identities and provisioning
profiles for you. Specifically, Xcode creates a team provisioning
profile that allows your app to run on all your devices and use app
services.
See link for more info
Related
On the iPhone Provisioning Portal, the team provisioning profiles with the specific ID is invalid.
As I did some research on net and it said I should click on the Xcode preference, then click the view details about the account, and then click the refresh button on the bottom right corner but I could not find it.
First thing is that you can create,edit or delete provisioning profile (developer,distribution) or certificates which wont effect the apps already live (on app-store). But it will effect the apps that you are using in your current project for testing in Device.
You can Delete all provisioning profiles and certificates. But you have to create again for testing your app in to device as well as upload new app on app-store from iTunes connect.
Apple provide Very nice and clear documentation please read bellow link for more clear
Provisioning and Development
Push Notification
The push certificate cannot be renewed. You have to create a new one.
The push notification certificate is not part of the application build. Therefore for push to continue working you only have to create a new certificate and deploy the p12 file (or whatever other format you are using) at your server. You don't have to submit a new version of your app.
Regarding refreshing the accounts and provisioning profiles, check here and here.
I had push notifications working on an app that was using an ad hoc distribution. My client then bought an Enterprise license, and I generated new certificates/profiles, archived the app, and now we are distributing via Enterprise, but push notifications are no longer working. What steps would I have to take in order to get them working on the Enterprise version? Thanks!
Based on your description it sounds as though you did your original implementation on an AppId registered under one developer account, and then attempted to migrated the build to a second developer account.
In APNS parlance, the server that generates the push notification payload objects is called the provider and must register an APNS certificate keypair to be able to establish a secure connection between your server and the relevant Apple Push Notification gateway (Sandbox or Production). This keypair is exclusive to the AppId for which it was registered, and AppIds are exclusive to the Developer Account under which it was registered -- even with a precise matching AppId certificates registered under one account can not be transferred to a second account. If that were possible, I could look at your app's AppId, register that AppId in my own account and start sending spammy pushes to your app. Thankfully, the Bundle Seed ID is a silent element to all AppIDs and prevent that situation from occurring!
I've answered a similar question about APNS Provisioning that might help further clarify what is going on behind the scenes, so you might give Why I can't add APNs Development iOS typed certificate to provisioning profile a read.
If you want to see that your AppIDs are actually different you can use a couple of Terminal commands to export information from the original Provisioning Profile (where things were working) and from the Enterprise Provisioning Profile (where things aren't working) to see the differences:
Copy and pasting the following, taking care to update the path to your specific .mobileprovision:
/usr/libexec/PlistBuddy -c 'Print :Entitlements' /dev/stdin <<< $(security cms -D -i /path/to/your/original.mobileprovision)
Then run this command a second time updating the path to your Enterprise provisioning profile.
The output of this command will be a dictionary of key value pairs:
Dict {
get-task-allow = true
aps-environment = development
com.apple.developer.team-identifier = ABC1DEF2G3
application-identifier = XYZW1ABC2D.com.mycompany.niftyapp
keychain-access-groups = Array {
XYZW1ABC2D.*
}
}
You'll notice that the output of these two commands is different -- the application-identifier section and keychain-access-groups section will have different bundle seed IDs.
So how do I fix it?
The fix is quite simple and requires no additional development work in-app! You will, however, likely need to recompile with a new provisioning profile:
Because you've set things up already you just need to login to the Enterprise Account and enable Push Notifications in your Enterprise account's AppId
While in that AppID's configuration, you will need to generate a new SSL keypair and submit it to Apple just as you did for the original account.
Install the new certificate and private key on your Push Server
Edit your Enterprise Distribution provisioning profile, and install it in Xcode taking care to remove the old Enterprise Distribution provisioning profile.
Rebuild your application using the new Provisioning Profile.
The rebuild may be necessary because if the Enterprise AppID didn't have Push Notifications enabled, the Enterprise Distribution Provisioning Profile's Entitlements block would not contain the aps-environment key and thus be prohibited from connecting with the APNS Gateways.
I've just finished my app, and so I am now getting ready to submit. But I need to change my developer Push certificate to Ad Hoc to test it with a Production Push certificate.
I thought I had it all figured out, but when I build the app, I get the error:
"Failed to get the task for process 2023" (The number changes every time I build.)
I have created my provisioning profile, and I am able to navigate to my Project's Build Settings and set the app to use my Ad Hoc profile. However, when I attempt to set my Code Signing Identity to "Apple Production Services..." all I see is my Distribution Certificate, not the Push Certificate.
What is going wrong?
I found the problem. I actually did have everything done correctly the first time. I just didn't know that I couldn't build on my phone through Xcode using an Ad Hoc provisioning profile.
So I ended up testing it by downloading the Beta via iTunes.
First of all, when you transfer all the Development Certificates to the Production you cant build the project from Xcode.
No one see push certificate in code signing identity.
You only see Either Development certificate or Distribution certificate depending upon the provision profile you have selected. You don't have to worry to choose Push notification certificate in Xcode, coz its managed by Apple once you enabled the push Notification service to the app by enabling it with unique bundle identifier in developer account. https://developer.apple.com (Only you have to give the merged version of that APNS certificate and distribution certificate in .pem format to web developer )
For Adhoc You have to generate Ipa of your project form xcode and install in you mobile through external link like http://www.diawi.com, if you import Ipa into your device from iTunes remote push notification will not arrive.
I recently implemented in an app Push Notifications. We also use an instance of Xcode Server to make automated builds for our QA.
When I updated the app id to support push notifications, I regenerated the provisioning profiles for both development and production.
I also enforced in the build settings to use the regenerated Dev prov. profile for debug builds and the Prod prov. profile for release builds.
But after this, the server didn't succeed to sign the archive anymore because for some reason, the server automatically creates a Team provisioning profile. I tried to force it somehow. I also tried to move prov. profiles in the folder where the server stores them. I also tried exporting/importing private keys. No success. I changed the build settings and went back to "automatic" rather than forcing a provisioning profile.
When I install a build from my local machine it signs with the manual prov. profile. And push notifications work.
If I install a build made with the server, it doesn't work. In the console here's the message:
SpringBoard[53] : No valid 'aps-environment' entitlement
string found for application 'myApp': (null). Notifications will not
be delivered.
When I take a look in the Apple Developer account, the provisioning profile used by the server says that IT HAS push notifications enabled. I can't edit it because it's managed by Xcode.
What to do?
Are you sure you updated also on server side the Certs? Looks like "current Provisioning Profile does not contain APNS information, as the Provisioning Profile is created BEFORE creating the APNS certificate." see here No valid 'aps-environment' entitlement string found for application on app store
I've developed and published an App on the App store successfully last month. However, since then, my Mac crashed and (stupidly!) I didn't have a backup of my Keychain Certificates. I've had to generate a new Certificate and ultimately create a new Developer Certificate in the Apple Provisioning Portal.
As a result - despite being able to sign and deploy the updated App to my iPhone and iPad, I cannot upload it to the App store because the signing is different.
Is there any way around this? Do I have to re-write the App and submit it a new with the new signing keys?
I've seen the question:
Can I upload a new version of my iOS app with a different certificate/profile than the previous one?
but this doesn't answer my question/problem.
your application bundle identifier & provisioning needs to be same which is irrespective with which distribution certificate you have compiled the build provided that you are generating build (ipa) for appstore submission from the same developer account.
Fixed! I logged into the Apple Provisioning Portal, revoked all my certificates and deleted all my distribution an provisioning certificates. Then I deleted everything from XCode and everything from my KeyChain. I re-generated a new CSR from the KeyChain, generates a new certificate in the Provisioning Portal with this and then did the rest through xCode. It found and downloaded my development and provisioning certificates, one against my team, the other as "unknown". I clicked on TEAMS in xCode and did a refresh then returning to the profiles say everything set as valid. I signed the App with the new certificates and uploaded them. The App is not awaiting review :)