I'm trying to Validate my app on xcode and I'm having this error pop up when I try to do so. I've read that I should delete and re-add my login certificates in keychain access as well as the system ones. But this doesn't seem to do anything in my case.
The error I get on the certificate is as follow:
"This certificate has an invalid issuer"
I would like to point out that when I click the drop down on the certificate it says a IOS developer but its kind is a private key.
does anyone have a similar problem?
Many thanks
I just wanted to add this image to give people a better understanding of my keychain access.. All the ones that aren't highlighted are giving me the above mentioned error.
**** Update ****
Related
Trying to submit my app to TestFlight. I am getting stuck with a missing private key error. What's weird is that the private key does exist. I can see it in KeyChain. I've only ever used one Mac for development, so it's not like I need to get it from another machine.
I tried revoking the cert and deleting all the Apple Distribution certs/keys from my Keychain. Then I went through the Distribute App process again. Xcode offered to generate a distribution cert for me. I did that. Does it appear to have created two of them? One looks normal, but the second one is grayed out and says "Not in keychain".
The "missing private key" error says I have one Apple Distribution certificate but its private key is not installed. Contact the creator of this certificate to get a copy of the private key.
I've looked at a bunch of discussion posts and StackOverflow posts about this, but nothing seems to apply to my specific issue. At least, I tried all those techniques and nothing seems to work.
This is the image of Xcode signing certificates
Xcode signing certificates:
App distribution while uploading on App Store:
I had the same problem and after a frustrating afternoon I got round it using manual signing as per a post I found over on the apple forums. When manually signing I chose to use the existing iOS dist cert instead. Not tried with the apple dist cert that auto signing was trying to use.
iOS Distribution: Missing Private Key
Mine too is an app that's only ever been distributed from this Mac. The first hint of trouble was a message saying there was no distribution certificate so I accepted when Xcode offered to create one. After that it was just as you showed in your screenshots .. one greyed out, one looks ok. Private key is listed in Keychain Access but still get the message in Xcode when trying an ad-hoc build on Mojave, Xcode 11.3.1.
Every time trying to submit but some result. Like this
ERROR ITMS-90034: "Missing or invalid signature. The bundle '****.******.****' at bundle path 'Payload/APP_NAME.app' is not signed using an Apple submission certificate."
Everything looks fine, we click submit, it goes to validate, and starts to upload to the app store. Then at the very last second ,the error pops up no matter what we've done to try to fix it.
Tried following steps to.
1) Tried to make just new app and upload ( With this excluded depending from any framework or source and any settings) - some result
2) Tried to remove account from Xcode->Preferences->Account (Remove account) and then add again.
3) Tried revoke certificate make again and then refresh provisioning profile
4) Tried to make app zip and upload from Application Loader
5) Tried to make IPA
6) Make change in Keychain Access for related Certification Authority certificate from "Always Trust" to "Use the system default".
7) remove all certificates and provisioning profiles and add again.
The build is valid
Some Error for every time, when trying to upload for submission.
Error from Application loader.
Error from Organizer.
Has anyone been able to work through this or a similar issue, and can you help?
I have just got the same issue. I have restarted XCode and it works like a charm!
I have not changed anything and it was working an hour ago; therefore, I did not spent any time on keychain. I have simply restarted XCode and it has worked.
If the problem still persists, then I recommend you to Go to Keychain Access, delete all the expired certificates, and add the corresponding valid certificate.
you can try... Make change in Keychain Access for related Certification Authority certificate from "Always Trust" to "Use the system default".
This do the trick for me!
I got the same issue today. My app was sent successfully, but after 10 mins I got an email. with this Error ITMS-90034. As result, I started to check If my profiles are expired and etc. Everything was fine. So maybe after few hours I just sent a new archive, and it was successfully uploaded. I guess it was related to the apple side.
I have resolved this many times:
check AppleWWDRCA certificate if expired or not.
check fields for always trust by double click the distribution certificate in keychain.
I was using another distribution certificate from same name with another expiry date.
update/delete previous distribution installed certificate
It works for me in few days ago. But, Today 2016/2/22, I use the same step to do all of setting not change after one day work still can't upload to App store. I don't know whats going on. Does anyone has solved this problem.
Finally, I find a good solution to solve this issues first download and install the new WWDR intermediate certificate (by double-clicking on the file). deleting the expired certificate from keychain . Then all of problem is solved. Here for reference Xcode 7 error: “Missing iOS Distribution signing identity for …”
I have two certificates with same bundle identifier. One was revoked and one was valid.
I deleted the revoked one and it worked for me.
Reason of Error: Compiler could not figure the correct certificate (unknown).
This issue can be raised because of distribution certificate with private key not present in the keychain or revoked from apple developer account.
We can fix this issue by two ways :
Create distribution certificate on apple developer account. download it and add it in keychain. Make sure this certificate is added in login section with private key.
If distribution certificate is already created on any other machine that time you can take distribution certificate with private key by selecting distribution certificate and private key, export both items to specific destination path. After take that certificate and add it in keychain.
Happy Coding ...
For me the problem was the Signing Certificate at the MyProject -> Signing & Capabilities -> Release page differed from the common name of the Distribution certificate at the Organizer page.
The common name could be found in Keychain Access by a right click at a certificate name and then get info.
Go to Keychain Access, delete all the expired certificates, and add the corresponding valid ones.
i was facing same issue, i was selecting Automatically Signing on xCode and manually distribution certificate at uploading time.
then i tried manually certificate on both places.(Xcode and TF.) Now it's working fine.
the solution is to generate a provision profile again, from the apple developer page.
Make sure you're using the same profile in Signing and Capabilities either the one you're in Product -> Archive.
Checking that worked for me! I use manual signing and didn't realize I had different profiles.
https://developer.apple.com/forums/thread/133781?answerId=423098022#423098022
I recommend to revoke all certificates you have duplicated in developer.apple.com account under certificates, I kept my distribution certificate.
Make sure to revoke all other distribution or development certificates associated to your name.
Go to Xcode and submit it again, with letting Xcode automatically sign it.
You might think, not again such a question where are already thousands of topics about. However, I've not been capable of finding the answer I needed to fix this problem.
None of these topics go as deep as the Keychain.
When I'm trying to deploy my app to an iPhone, I'm receiving the following message:
Code Sign error: The identity 'iPhone Developer: [Name] ([ID])' doesn't match any valid, non-expired certificate/private key pair in your keychains.
Now, as said, I have been looking for multiple guides or fixes, however, none of them seemed to fix this issue.
Things I've tried:
Use Apple's walkthrough for app deployment for countless of times
Searched the internet for guides for app deployment
Changed the content of the 'pbxproj' file inside the 'xcodeproj' package.
Retrieve all available profiles from Apple's server using the Refresh button in Xcode 4.6 (allows you to obtain automatically)
After trying all of these ways, I've still not been able to solve the issue. One problem I've seen is that at first hand, the certificate in the Keychain was showing an invalid status, which is now solved.
However, if I'm right, there are supposed to be two keys attached to the certificate. A public and private key, and these are not showing.
Neither are there any keys showing in the Keys tab in the Keychain Access.
Solution
(Thanks to nsgulliver)
Do everything what the post (marked as Solution) of nsgulliver says.
If you already have an active Certificate, click the Revoke button, this won't cause any trouble, you'll simply have to re-create the keys of which then will be generated a new certificate.
Make sure you have the WWDR of Apple installed to mark the certificate authority as valid.
Follow the default Provisioning Assistant guidelines.
Provisioning profiles installed on the devices or signed with for the target might not be valid, try to go to Organizer->Provisioning profile and see if the profiles have the valid status? if not try to delete & refresh them, if they appear valid after refreshing then it might solve your problem if not then you should remove all the entries from keychain and delete profiles on your provisioning portal and try to create from scratch, if you still face the problem then take help from step by step guide tutorial
You cannot re-create matching keys, that would defeat the whole purpose of them. You need to find the old keys or start the signing procedure from scratch.
Are you using the same machine that you generated the keys on? If not, go to the other machine, export the developer profile, then import it on the new machine.
Can you restore the keys from backups? If not, stop everything you are doing and configure your computer for backups before you do anything else.
If you are really stuck, you will have to follow the signing procedure right from the very beginning, where you request a certificate from a certificate authority. This will generate new keys, and you will have to create matching provisioning profiles, then set your application to be signed with these. Dlete the old provisioning profiles, they will be useless without the old keys.
You need to lock keychain. Please see screenshot:
Required reading when you're having code signing problems:
Technical Note TN2250: iOS Code Signing Troubleshooting
Nothing will help you more than really understanding what's in your certificates and what isn't, where the necessary pieces are kept, and how they're used. This isn't the last time that you'll have code signing issues, and this tech note provides a long checklist that should help you make sure that everything is in the right place to help you develop your app and ultimately sign and submit it to the app store.
When I've had this problem in the past I've just deleted everything on my local machine and started again. So:
Delete the keys associated with your developer account in Keychain access.
In XCode open the 'Organizer' (window->organizer)
In Devices (top menu) and Provisioning Profiles (left menu), select all of the profiles and delete them.
Now hit refresh. It will ask you to sign in and whether you want to generate new keys etc, select yes and wait.
I find that this is the quickest way to fix any provisioning / key problems, as you can spend hours finding that you've missed something small.
After removing all old provisioning profiles (~/Library/MobileDevice/Provisioning Profiles/) and updating xCode, the certificates can be found again.
I've been having trouble re-establishing my build environment. It's worked fine in the past, but in the midst of running archive processes, I've managed to throw myself back a couple of days.
I've done TN2250 patiently.
Everything goes smooth — except no matter what I do, the Apple WWDRCA.cer shows up in the login (default) keychain in my Keychain Access as "This certificate was signed by an unknown authority." I've tried getting the certificate from a link from Apple's iOS Provisioning Profile as well as hard links — not that it should matter, but I'm desperate at this point.
My developmer and distribution certificates appear to be fine — there are no errors next to their view in Keychain Access and they contain my private keys, as best as I can tell (click arrow, down it goes, there's my key.)
I notice this even before I add the certificate. I mean — it's coming from Apple? It's a file. Why would it not be signed correctly?
The errors vary with the various things I try. But the recurring one is
CSSMERR_TP_NOT_TRUSTED codesign failed with exit code 1
I've tried & referred to:
CSSMERR_TP_NOT_TRUSTED error
and the specific points in TN2250 here:
https://developer.apple.com/legacy/library/technotes/tn2250/_index.html#//apple_ref/doc/uid/DTS40009933-CH1-TNTAG19
Just seem to have figured this out. I haven't seen this answer anywhere, so I'll answer my own question. It seems as though my Keychain was missing a valid "Apple Computer, Inc. Root Certificate" and "Apple Inc. Root Certificate". As soon as I installed these, my certificates became "green" and valid.
I got these certificates from here: http://www.apple.com/certificateauthority/
I am having real trouble with provisioning and code signing issues. I have migrated to a new computer and have a bunch of "Valid signing identity not found" messages. In repeated attempts to fix distribution code signing I have managed to lose my developer code signing as well.
I am the first to admit that the root problem is my complete and utter failure to grasp the concepts of code signing, provisioning, and all related subjects. I am asking a separate question on SO to address this.
THIS question is to ask for concrete steps to wipe my provisioning and code signing mess completely clean. I am running Xcode 4.3 and have 2 live apps in the App Store that I do not want to interrupt the distribution of. Please help.
Update: I have imported my private key from the old mac, and it is showing in Keychain Access. When I try to request a certificate according to Apple docs, I don't get a "Let me specify key/value" checkbox, and when I try to save it to disk anyways I get the error "the specified item could not be found in the keychain". Arrgh.
Step 1: Open XCode. In the Organizer, delete all provisioning profiles.
Step 2: Open Keychain Access (Utilities>Keychain Access); delete all certificates related to developer/distribution and the WWDCCA (or whatever it's called) intermediate certificate.
Step 3: Re-download and resign. Make sure you export and import your private key from your old machine to your new one.
If you need instructions on how to set up code signing, you can look at my answer to this question: Code Signing Error.
Cheers!
Have a look at this tutorial here. You may find this helpful
http://seventhsoulmountain.blogspot.com/2013/09/ios-code-sign-in-complete-walkthrough.html