I've done an app update for a client.
He previously work with another external dev, and have no access to the certificate private key.
Using xCode, (as team member), looks like a can get the client provisioning profile, but not the Distribution certificate.
What are the solution, Are the client have to create a new one?
Thanks!
It is not possible to build an app for the app store without the certificate. As #Shubhank says, you'll have to revoke the certificate and create a new one.
Related
Last week we've transferred a published app in iTunes Connect to another company's account. Now they want us to provide an update to the app.
How do we sign, package and submit the app to them for publishing? Which Provisioning profile do we need to use? Do we still sign the .ipa with our team and send the .ipa to them or do we need to have additional info for this to work?
I hope someone is able to shed some light on this process, since the whole provisioning and signing process is hard to grasp for me.
Recently we have transferred our app to another company and we have pushed an update to the app. Let me explain you how we did
Once you transfer the app to another company account, you will not
be able to use your old certificates for publishing any new update
for app.
Apple by default removes your certificates and appid from your
previous account.
Apple generates an app id for your app in transferred account.
You can use this app id and create new certificate for your app and
publish the app by using new account.
You have to get the certificate and the private keys used to signe the application.
You import the private keys on your computer and install the certificate.
Then get the corresponding profile, compile, sign and post.
The other solution is to regenerate a new certificat with the keys on your computer, a new provisionning profile.
Then sign the app with those new files.
The certificate and profile need to be created from the new account.
I used XCode to download certificates after regenerating them. I noticed the distribution certificate didn't have a private key in the key chain. I saw that XCode now has a "reset" button so I used that. The new certificate has a private key but with a different name. It still worked though and allowed me to export and install an adhoc app. Also we have two dev teams, could this be the other teams private key?
When the certificate is first requested, the private key is generated and saved in the keychain on the Mac used to generate the request. Only this Mac will be able to actually sign the apps. As in your case, if you have more than one developer authorised to sign apps for distribution using this certificate, you'll need to export the private key from the original requesting machine, and import it into the keychain of other developers.
If you use the 'reset' button, it will revoke the existing certificate and issue a new certificate signing request from your Mac. This will also invalidate all provisioning profiles in the developer account that are tied to the previous certificate. Existing apps already in the iOS app store will be OK, but you will need to regenerate the provisioning profile with the new certificate for any new app signing.
I have a doubt on Code Signing during Appstore submission. I already submitted an app to appstore with the profiles and certs created and its currrently in appstore. Unfortunately, i lost my machine where i had backup of those profiles and certs. I know that Prov Profile can be downloaded from my developer account.
My Doubt here is, 1) As i dont have backup of .p12, should i need to raise a request for new certificate from my keychain and proceed with that?
2) If so, will users can be able to upgrade the existing app from the appstore?
Thanks in Advance.
Here are your answers
1) As I don't have backup of certificate and .p12, should I need to raise a request for new certificate from my keychain and proceed with that?
Don't worry, when you like to give new update for your application, create new .p12 file and use it. Certificates are used to basically authenticate your machine with developer account.
2) If so, will users can be able to upgrade the existing app from the appstore?
No problem for users, as app store distribution provisioning profile works very different from developer provisioning profile, so no user needs to update.
Just for your info: the signing files for Android are very important, not for iPhone application. For Android, if signing keys are lost, you cannot update apps, whereas for iPhone you can create new certificates and update your apps.
Yes, you can just request a new production certificate from your new machine.
Then use it for your old provisioning profile for the app.
Yes without private key in your keychain, You cant use the existing provision files created with that private key. So you need to create a new Developer/Distribution certificates in developer portal with new Certificates. This will not affect the existing application in appstore.
[I've checked similar posts and my question differs slightly from others in that we have multiple apps signed under one certificate]
We've been commissioned to work on an existing iOS app for a client and now need to distribute it to the app store using their certificate. The problem is that the certificate wasn't generated by us so we do not have the private key (.p12 file). Assuming that we can't get this, I believe the only option is to revoke the existing distribution certificate and create a new one...so my question is:
Q1) The client has 3 existing apps on the app store all signed under this existing Distribution Certificate. If we revoke the existing certificate and create a new one will it break the existing apps?
Q2) Presumably the 'Company' name for your app in the app store is taken from the distribution certificate? i.e. If I signed the app using our certificate instead, would our company name appear above the app instead of the clients?
Thanks!!
Neil
I had this same dilemma.
Q1) It is ok to do this, it will not break the existing apps. Just go ahead and create a new one right after you do it.
Q2) The name will not be affected, you set this yourself in iTunes connect when you submit the app.
This is getting frustrating. I have two identities, one old, one new, and the latter should be used to deploy iOS apps to the App Store.
I've created the new user, granted him admin access, then I created the app name and provisioning profiles. However, in the Organizer I see that the Dev provision works flawlessly, while the Deploy profile shows me the dreaded error:
Valid signing identity not found.
How can it be?
Well, I see that in the Certificates section in the iOS Provisioning Portal, there is only one distribution certificate, the one belonging to my company.
Is there a way to enable the new user to create apps without accessing the uberadmin's Xcode?
Thanks & Cheers!
You need the key that was used to create the Distribution Certificate for your company.
Remember when you created your developer certificate? Then you went to keychain -> certificate assistant -> Request a certificate from ...
When you did this, your Mac paired your certificate request to a key in your keychain. Once your developer certificate was processed and you downloaded it to your computer, it could be accessed by your computer through that key.
But if you did not create the Distribution Certificate that your company has, you don't have the key on your computer.
Take a look at your certificates in keychain:
Go to 'Certificates' and expand your developer certificate - it will have a little key with your name.
Now try to expand your distribution certificate - it will not have a key, right?
If this is the case, you have two options:
Ask the person who created the Distribution Certificate to export it from his keychain. This will create a file that includes both certificate and key.
Delete the current Distribution Certificate, and create a new Certificate Signing Request from your computer, which will connect it to a key that you have.
First method require access to "Uberadmins" computer. The second require admin access to your teams Apple account. There is usually no downside in using method 2, because creating a new certificate is necessary from time to time anyway. It will not affect already published apps, just coming releases and updates need to use a the latest certificate.
Once all this is done, you need to create a distribution provisioning profile for App Store and connect to the Distribution Certificate that you are going to use. (if you went with option 1, you might already have done this).
Download the profile to your computer, install it, and then in your app, select to build with this profile for distribution builds.
According to Apple's documentation:
A team’s distribution certificate allows a developer to build an app for distribution. If your team wants to use another Mac to create a distribution build, you need to transfer a copy of the distribution certificate as described in, “Safeguarding and Transferring Your Signing and Provisioning Assets” in Tools Workflow Guide for iOS. (from Managing a Distribution Certificate)
So, in order to have multiple users able to create & submit App Store builds, you must share a private key between them.
Create a new private key for the team, and then send that private key to everyone who needs it. Follow the instructions under Generating a Certificate Signing Request with Keychain Access.
See also: Any concern to share private key for distribution certificate among different group under a team account in itune provisioning portal