Appcelerator - CodeSign issue since adding new UDIDs to provisioning profile - ios

I recently added some new UDIDs to my AdHoc Distribution Provisioning profile. I then downloaded the updated certificate and since then I have been able to publish my iPhone app as I keep getting a 'Codesign' issue.
I've tried everything seen in many other posts on this forum including deleting and recreating my developer and production certificates and deleting and recreating my provisioning certificates (Both Developer and Ad Hoc Distribution).
I now can't even 'run' the app to my iPhone attached to the computer (which wasn't one of the new UDIDs - deployment to this phone has always worked).
I'm at a loss where to turn as
Apple tells me my Provisioning Profiles are 'Active'
Xcode shows the correct Provisioning profiles
My Key Chain tells me I have two valid certificates (one iPhone developer, one iPhone Distribution).
Appcelerator gives me all the ticks when I am choosing which profiles to use in the build
I have been 'cleaning' my app and restarting Appcelerator like crazy but with no luck
I really need to get this app over to the client, but have no idea what is 'wrong' as everything matches up. Is it possible Xcode has cached old certificates? Has something got corrupted?

I have been through this issue in past month, the problem was exactly same as yours, everything was showing correctly.
But from your Keychain screenshot, I think there is no private key (this was my case also) attached with your certificates which is the issue of CodeSign.
If you even install the .cert file, it will still show it as a valid certificate, but you might not be able to sign your code due to missing private key.
So, make sure you get the private key added along with the certificate in your keychain. If it does not works for you then you should create new certificates from same machine you will distribute the app as it will save a lot your headaches :)

As is often the case - this was a very simple issue wrapped up as a complex one.
When creating a build (both under 'Run' and 'Package'), you can select which KeyChain to use. Somehow this dropdown had changed from 'System Defaults' to another one... changing this Select KeyChain drop down back to System Defaults was all I had to do!
Thanks to #prashant-saini for getting me thinking about keys and keychains!

Related

Xcode 6.3 - You already have a current iOS Development certificate or a pending certificate request

Xcode as of 6.3 is no longer allowing me to automatically perform device provisioning for a client. Has anyone else experienced this issue? I found no results when searching for this on Google...
This client has their own bundle ID and it's possible they also have their own provisioning profile for this device. So maybe Apple is matching up the bundle ID irrespective of the developer account being used for provisioning.
I was able to address the issue by modifying the app's bundle ID and manually going through the provisioning process, but I'm guessing this issue is extremely rare, so I'm not sure if this post will be of use to anyone.
When I am create new certificate from my Xcode 9.2 the error was appear
"You already have a current iOS Distribution certificate or a pending certificate request".
Just 2 step for fix this error.
Remove old certificate from developer.apple.com
Create new certificate from Xcode or developer.apple.com
My problem has been solved (I am using Xcode 9.2).
I just found that if I remove my account from Xcode, and then sign in again, it solved the issue. I did revoke my existing certificates and request new ones though as part of that process. I didn't import an existing profile.
My team has maxed out on release certificates, because apparently there is a quota.
We had to delete one of the existing release certificates.
This issue is actually more common than you think.
Some Solutions:
I usually find that opening Xcode's settings and signing out of my account and the signing in again resolves most of those issues.
You may have an older mac that already used up that one allotted development certificate. In that case you'll want to export the developer profile from that machine. If you no longer have access to that machine, it may be time to invalidate that certificate and simply request a new one.
Another option may be to double check your build settings in your project and ensure that it's looking for the right certificate. It's fairly common in my experience for these settings to make decisions on their own, and confirming that they're what you expect may help.
Background:
When dealing with provisioning, it's really easy to get caught up with the frustration of all of the steps you need to go through. The first thing to note is if the error you see is talking about a "Certificate" or a "Profile." In your case, it's a certificate. Good.
Certificates differ from provisioning profiles in a few ways. Certificates are usually only generated twice: once for development, and once for distribution. (Exceptions to this rule are if you decide to add support for some of the special features like push notification or for generating passbook passes on a server.)
The process for generating certificates is also a little more bureaucratic than profiles. You request a certificate from Apple's Member Center. You generate a provisioning profile.
The reason for the word request vs generate is because both Apple and your iOS team's admin need to approve certificate requests. This is because certificates identify you as part of your iOS developer team, and offer all the powers associated with that.
For the sake of completeness, I'll add that provisioning profiles are generated based on that certificate, and really only tell iOS what environment your app is meant to run in. (On any device via the store, specific devices, etc.)
Now, the important part for you is the request business. Most people don't pay much attention to this terminology, since indie developers and small teams (where the developers are admins) don't require developers to ask for permission.
Your error is talking about a previously generated certificate or request. You can only have one development certificate per developer. You either have one, or you've requested one and someone has to approve.
That's what's happening here.
This process is made simple with Xcode 8.3 and 9. Just delete one of your old certifcates in the "validate" interface and click the plus button to request new one, Xcode will request for you and add it in keychain. in my case, maximum number was reached, so I deleted one which was lost in a old Mac and created new one.
This error may also be occur if you reach your distribution certificate limit. After creating 3 iOS Distribution Certificates in an account, the following error message will be displayed when you try to create 4th one: "You already have a current Distribution certificate or a pending certificate request."
Open this link
https://developer.apple.com/account/resources/certificates/add
Press + icon in front of Certificate
Check Apple Distribution section if its show the red text as shown in image then you should revoke you existing certificates to generate new one because you have reached you limit.
Just 2 step for fix this error.
Remove old certificate from developer.apple.com
Create new certificate from Xcode or developer.apple.com
Delete old developer certificate from https://developer.apple.com/account/ios/certificate/ and try to create developer certificate from xcode
1) Remove old certificate from apple developer account.
2) Go to the 'Xcode' 3) Select 'Preferences' option and then Select the 'Account' Tab
3) Select apple id from left side and click on 'Manage Certificate'.
4) Click on '+' (add certificate) button.
5) Add 'Apple Distribution' Certificate.
Unfortunately, only a macbook restart resolved this for me.
Creating another Distribution certificate was not an option, because it had already reached the max. number of certificates.
I manually added an existing one (incl. its private key) to the Keychain …and still Xcode said "Not in Keychain". I then tried to trigger a refresh of the Xcode listing by removing & adding my developer account to Xcode, but that didn't work — neither did restarting Xcode.
So, when all else fails, you try to reboot your system.
When you have three active distribution certificates that were created on distinct machines, you'll see this issue. You can either ask for the private key of a previously made one or simply revoke any of them and make your own.

TestFlight iOS App get-task-allow Issue

I have an app in testflight for ios called MapItTrackIt. Everything has been working great.
I just updated to xcode 5.1. I built the app exactly the same way I always have. Same profile and ad-hoc cert.
This time when I try to upload my IPA file I get the 'Invalid Profile: developer build entitlements must have get-task-allow set to true.' error.
I didn't change anything at all with provisioning or what not. I just added some more functionality to the app and rev'ed the version.
What the heck do I do now? How do I fix this? My boss wants this deployed right now and I can't.
Same exact issue for about 4 hours today - restarting Xcode seems to be the fix as depressing as that is.
I had this and solved it.
Xcode was using a different provisioning profile from the one I had expected it to - it was signing the build with a distribution certificate, but had created a development provisioning profile.
It turned out that the distribution certificate was somehow invalid. I discovered this by setting the provisioning profile explicitly in the project, which then prompted xcode to give me an error to tell me there were problems.
A good place to start solving these issues is to look in the build log, at the codesign step - there will be a line line:
Using code signing identity "iPhone Distribution: XXXXXX" and provisioning profile "YYYYYY" (<..guid...>)
Check this line says the certificate and profile you expect, and that the signing identity and profile are both distribution ones.
For me the problem was that I had a custom .framework bundled with the app that was not code signed. Apparently this unsigned framework caused the problem.
When I code signed the framework with a distribution certificate the app uploaded without problems.
I fixed this bug by changing my Code Signing Identity - Release part to Distribution certificate
It looks like there are several different issues that can cause this. Mine was similar to JosephH's, but not the same.
For me there was another provisioning profile that was valid, but from a different user. I have several apple accounts that I am a member of for development.
My build was using a different profile from another user account when it went to sign. This was even though I had told it which one to use in the settings.
I solved this by having to delete that other provisioning profile whenever I wanted to build this app for testflight. The provisioning profile would always come back if I did an update from the dev site for that other user account.
The final solution was that I happened to get a new mac for development and didn't install that other user account's profiles into this mac yet. Now everything builds fine without doing anything.
I tried many different ways. None of them works for me.
I thought maybe it's a problem of testflight.
So I used crashlytics to distribute my adhoc build. I had no problems to upload it.
Then I tried to use Organizer to validate this archive to get more information, I got an
error. I was told this archive contains unsupported i386 and x86_64 architectures.It turned out that I used a framework which contains i386 and x86_64 architectures. Then I recreated a new framework which contains device only architectures. It works like a charm.
Same exact issue here with the new Xcode 6.3 beta, solved by deleting the Project.entitlements (along with the Code Signing Entitlements entry on the Build Settings of the target)
Solved. I was trying to update a label in the launch screen to show app name, version and build through a custom ViewController. This proved impossible to too complex so I deleted the View Controller. BUT I left the outlets in the Launch Screen Storyboard. I deleted these (Last icon in Utilities tab, a right arrow in circle) and all is love, peace and joy.

"The private key for ... is not installed on this Mac" – distribution and provisioning profiles in Xcode

I've tried looking at the other answers for this but there's a lot of incomplete or conflicting information, but if you have a good link that would be great.
When I try to distribute my app I get this error:
I've tried creating a new distribution profile from Certificates, Identifiers & Profiles at developer.apple.com, but none of these seem to work.
I have a Time Machine backup from before I did a clean install of Mavericks to upgrade, and I also have a code saved to a text file in my Dropbox (I'm not sure if it's a private key – I doubt it) which looks like 'df9a79...' around thirty characters long.
I just can't seem to find the right link to guide me through the entire process of key creation, iTunes connect and developer.apple.com. I've done this before – I'm currently just trying to submit an update to the App Store.
My app update status is currently Waiting For Upload.
Here is my Keychain:
I've tried removing duplicates (e.g. those in the first screenshot), but that didn't seem to help. If you have any suggestions or links I'd love to hear them.
Thanks for your help.
In your keychain, there are two keys named 'Matthew Palmer'. Those two entries for the same name can be conflicting. Try by removing those both and install it again.
I hope you make a Distribution Provising Certificate at developer.apple.com.
Chose that profile there , if you are not, create that, first you need to create that certificate before proceeding.
I had this problem and eventually realised that I'd originally installed my provisioning certificate on another machine. The private key was only on that machine, and there was only a public key on my new machine. I needed to install my private key on my new machine so I could sign my app and submit it.
On my original machine, I went to Xcode>Preferences>Accounts and used "Export accounts" (under the cog) to save a copy of my accounts. I transferred the generated .developerprofile to my other machine and dropped it on Xcode there. That installed the private key for the provisioning profile on that machine and I was able to submit my app.
Another resolution to this is restart Xcode. I had the same issue after creating a new provisioning profile, and after restarting Xcode I no longer had the issue.
After experiencing this error, I tried submitting to the app store via Application Loader, signing the app with my AdHoc certificate instead of the app store certificate, as that one didn't generate the same error.
The submission was accepted by Apple with no validation errors.
This is a temporary workaround, but it may be helpful if you need a quick submission.

Certificate identity 'iPhone Developer: ' appears more than once in the keychain. The codesign tool requires there only be one

Ok, I am completely pulling my hair out on this one.
Back in July I created a provisioning profile so I could test on my iPad.
Then at the end of August I tried submitting my first App to the iTunes Store. The process was a complete nightmare, and I struggled. A lot. In the end I found a tutorial with relatively recent information in it, and only by following it step by step could I actually get anywhere with this. Unfortunately the result of this was that I created a new provisioning profile.
Now when I try to test on my iPad I get the following error in Xcode:
Certificate identity 'iPhone Developer: MyName' appears more than once in the keychain. The codesign tool requires there only be one.
I check the keychain, and sure enough there are the two provisioning profiles for development, one from July and the one I used to submit to the iTunes Store in August.
Now what I want to do is get rid of the old one, and then connect my iPad up to the new one. I can get rid of the old one fine, but I cannot connect my iPad to the new one, it insists on using the old profile, even to the point of re-attaching it to the keychain after Ive deleted it.
Can anyone tell me:
How to connect my iPad to the new provisioning profile?
And while we are at it, can anyone shed any light on why this entire process is so convoluted and difficult? Considering that so much of Apples interface is so well designed and fluid, this process of registering certificates and applying them to different devices and Apps seems so backwards. I initially suspected this was just me, but googling for these error messages reveals that there are many who are struggling at various points along this process.
This has nothing to do with Xcode and everything to do with keychain.
Open keychain.
Find the signing certificates that are tied to your provisioning profiles.
Delete one. You probably want to keep the newer one, so look at the expiration dates and remove the one that expires first.
Restart Xcode
You may need to update your provisioning profile if it isn't tied to the new certificate, but it won't be as painful as creating a new certificate.
Here's a broad overview of how code signing in Xcode works. It a bit much but will explain what's wrong with your configuration, and how you can fix it.
There are three parts to the mechanism that ensures that you are who you say you are and that your app is allowed to run where it wants to.
You've got a pair of keys, one public and one private. Your public key matches your private key, which identifies you.
Your keys are used to generate certificates. Generally, you'll have one certificate for development and one for distribution,either on the App Store or via Ad Hoc distribution. These certificates permit you to provision your apps.
Each certificate is used to generate provisioning profiles. The profiles must be attached to either a development or a distribution certification. A distribution profile either works on the App Store, or it contains a list of device IDs which may run apps signed with that profile.
If your certificate is expired, the provisioning profiles that are created with it are going to be invalid. In this case, replace both the certificate and the profiles. Generate a certificate signing request (CSR) from Keychain Access and upload it to the developer portal.
If you have multiple certificates in your keychain, Xcode won't know which one to use. This may happen if you renew your certificate and don't remove the old one. (It may also happen if you exported your developer profile and then imported it later. Your old certificates will carry over.)
If your provisioning profile is expired or invalid, you can renew it in the developer portal without generating a new CSR. You can just attach it to an existing valid certificate.
Certificates can't be carried over from one machine to another without moving the original key pair that requested it. Exporting the certificate from Keychain will export the keys as well.
Delete the old one, and start build with new.
One more way you can try , set code signing identity with profile you want to run in both target as well as project build setting.
Hope it will help you.
Otherwise you have to delete old one.

iOS Enterprise In House Distribution Process

We currently have an Enterprise account with a Distribution Certificate installed with a Distribution Provisioning profile (which contains a wildcard app ID for all of our apps). They are installed on our machines correctly, and each target points to the correct profile. We've been trying to get applications to install correctly, but it only likes devices that have been included in the registered device list in our provisioning portal. These devices happened to be included through Xcode. I understand that with an enterprise license, the requirements of having the device in the portal via UDID is not necessary, and it should allow for distribution to devices within the company. We have about 10 targets with different bundle identifier suffixes, but conform with our distribution wildcard profile. We have included an entitlements.plist file that has the following key/values:
get-task-allow: NO
application-identifier: $(AppIdentifierPrefix)$(CFBundleIdentifier)
keychain-access-groups:
Item 0: $(AppIdentifierPrefix)$(CFBundleIdentifier)
Everything compiles correctly and code-signing works, but trying to distribute the app through the air to other devices returns a 'Unable to Download' error. We run CI and we have a script that compiles and code-signs everything, and then generates a webpage with all the apps so users can test them out. The distribution provisioning profile is set to 'In House' and is signed with the certificate we're using.
Any suggestions?
Figured it out. Seems like everything was set correctly, we just had an old, lingering distribution profile that was used in our script. That profile would embed with the apps and hence wouldn't work.
We have just configured a setup very similar to what you are describing. We wanted to use a wildcard provisioning profile for OTA distribution of several apps with different app ids, without the need to specify device UUID's in the provisioning profile.
While we quickly got it working for an iPad app, I spent to great a part of my life, wondering why I couldn't make it work for an iPhone build. I was faced with the same annoying "Unable to download" error, and no clue of any kind in the device logs as to what might be wrong.
It turned out, that the problem was with my .plist file, which contained a wrong reference to a 512px icon. A 512px icon which isn't even used, but having a non-existing URL in the .plist was enough to break the whole OTA installation process. I simply ended up removing the "full-size-image" section from my .plist, and now it works like a charm!

Resources