Apple developer certs - what to back up - ios

I'm new to iOS development. I know this has been asked so many times, but I'm still confused. We created a new developer.apple.com organization and I have invited my personal Apple ID as an admin, then registered my personal Apple ID within Xcode. From there I opened Team -> "View Details". To create the signing identities, I simply clicked "Create" next to iOS Development and iOS Distribution. Xcode did all the work and I never created a certificate signing request.
We now have a iOS Development (in my name) and Distribution (in the company name) certificates. I have created an App ID and a provisioning profile for wildcard (development) and explicit app ID (distribution).
Now my question is - what do I need to back up from my Keychain and why? It seems I can just re-download everything I need from developer.apple.com. For fun, after doing all this, I deleted the iPhone Developer / iPhone Distribution certs from my keychain, after backing them up, just to see what would happen. Restarting Xcode -> Accounts -> Team -> "View Details" -> "Download All" seemed to download the same private keys I just deleted from my Keychain, which is good.
That suggests to me it's not really important that I back those up. I've heard some say that you absolutely must back up the CSR, but since I never created one, I'm rather confused. My assumption is that Xcode automatically created a transient CSR which I have no access to. The manual CSR route also creates a public and private key pair in your Keychain, and some say to back those up for sure. Since I didn't create a CSR, I only have a cert and private key. No public key was created / registered by Xcode.
If my machine spontaneously combusts, it seems I don't need to recover anything from a backup. Just install xcode, add my Apple ID, and use Download All to retrieve the certs / private keys. Is there something I am missing? I have Time Machine backups to recover from, but I'm curious which assets I should preserve so the rest of our organization can continue to update the app should I, or my computer, vaporize.

You don't need to back up anything. Instead, if you lose your private key or other unrecoverable bits of your developer profile, you can reset everything and create all-new keys, certificates, etc. for your account and revoke the old ones.
You can back everything up if you want, and it's easy. In Xcode's Account Preferences, export your developer profile to a file and back up that file. The profile is encrypted for safety and includes things you cannot re-download from the Apple Developer Center like your private key. You can use this as a backup, and also to easily set up your developer account(s) on multiple Macs.
To export your profile, open the Accounts tab of Xcode's preferences. Click the ⋯⃝ (three dots in a circle icon) in the bottom left area and choose “Export Apple ID and Code Signing Assets…”.
(In older versions of Xcode, the icon was a gear and the menu item was “Export Developer Accounts…”).

what do I need to back up from my Keychain and why?
Nothing. In a worst case scenario everything can be retrieved / regenerated from the Member Center. Just don't forget your Apple ID and password.

Related

Distribution Managed Expiration?

Currently my Distribution Managed expires . Now the question that I have is do I need to revoked it and then create a new one? Im a bit confused because I cannot find that specific Certificate under the create a new certificates. So what do I need to do with it?. I already created a new Distribution certificate. But what know about the Distribution Managed one?. Also is there a way to automatically update or create a new certificate before its expires?
MY App is written in Flutter .
A little bit of information about certificates can be found here. The most important bit:
Development certificates belong to individuals. In your developer
account, the computer name is appended to the development certificate
name (for example, Gita Kumar (Work Mac) where Work Mac is the
computer name) so you can identify them.
...
Distribution certificates
belong to the team but only the Account Holder or Admin role can
create distribution certificates (if you’re enrolled as an individual,
you are the Account Holder).
Certificates can't be renewed (at least manually, afaik), you have to create a new one that is then used for new app updates from now on. Afaik, an expired distribution certificate won't prevent anyone from using your app, it just means that you can't export/release new versions.
Steps to create and import a new distribution certificate (check below for a possible faster way):
Close Xcode
Go to https://developer.apple.com, log in, click on "Account" (top right), then go to "Certificates, IDs & Profiles", which lists all your current certificates.
Click on the blue "+" next to the "Certificates" header.
On the next page pick "Apple Distribution" (for Xcode 11+) - "Next"
Now you have to upload a "Certificate Signing Request" (".certSigningRequest" file), more information and a screenshot can be found here:
Launch Keychain Access located in /Applications/Utilities.
Choose Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority.
In the Certificate Assistant dialog, enter an email address in the User Email Address field.
In the Common Name field, enter a name for the key (for example, Gita Kumar Dev Key).
Leave the CA Email Address field empty.
Choose "Saved to disk,” then click Continue.
Click "Continue" and download the new certificate (".cer" file).
Double-click the file, this automatically opens the Keychain Access app and imports it.
Now you can open Xcode again. To check if the import was successfull, go to Xcode - Preferences - Accounts - Select the Apple ID on the left side, then click "Manage Certiciates" in the bottom right. You should now see a new "Apple Distribution" certificate with a creation date of today.
In the same window there's also a "+" button in the bottom left that gives you a list of new certificates you can create. This might be a faster way but I haven't tested it yet.
For an additional check archive your app as usual, then, while exporting (I use "Ad Hoc"), it should show the name and date of the certificate that was used on the very last page.
On the website you can now click on the expired certificate in the list (if it isn't already gone) and "Revoke" it (red button in top right).

iOS signing certificate issue

Anyone please help me to fix an issue on iOS signing identity issue. When i archive the product, I am getting the error"you have a valid distribution certificate in the member centre. but it is not installed locally"
I downloaded the certificate from the member centre and installed locally. But still I am getting the same issue.
I am able to solve the error by resetting the certificate from Xcode->preference->account->view details->signing identities->iOS distribution, all profiles associated with the certificate become inactive. Again, I need to activate all in the member centre and download from Xcode->preference->account->view details->provisioning profiles->download all.
But the above step causes the problem to other developers as the certificate is been revoked.
How to solve this issue without resetting the certificate from Xcode?
FYI: I am experiencing this issue in Xcode 7.3.
First make sure that you are using a Developer profile that is specific to you. If you have signed into an Apple Developer account (signed in through xcode's GUI) that is being shared by other team members then you will not be able to sign the code on your computer. Generating another p12 private key will cause the current p12 key assigned to that Developer profile to be revoked.
If you are sharing an account, go to Apple's Developer Center and add yourself as a team member. You will get an email to the address you add and then can follow the link to create an account. After you create your account generate a provisioning profile from the menu options and double click on the download once it completes.
Go back to Xcode and select the Xcode drop down menu. Choose Preferences from the list and highlight the profile you were using previously. Once its highlighted remove it by selecting the (-) option. Then click the (+) option and sign in to your new account. This should resolve your issue. Be sure to clean before building just in case.
If you are already using a distinct account that is only for you then you are receiving this error because you have changed machines and did not transfer the p12 key to your new device. You have two options now. First option is to use an external storage device or cloud service to transfer the p12 key to your new laptop. Second option is to generate a new p12 key from Apple's Developer portal. Double click on the download once it completes and it will be automatically added to Xcode.
Now return to Xcode. Choose Preferences from the list and highlight the profile you were using previously. Once its highlighted remove it by selecting the (-) option. Then click the (+) option and sign in to your new account. This should resolve your issue.
If you are still seeing this issue you can take these additional steps to purge old caches that could be causing the issue. Open the Keychain Access program on your Macbook. Find the any old certificates that do not have private keys associated with them. Certificates without private keys (p12) will not have a grey disclosure arrow next to them. Delete these and try again.

Xcode 6.3 - You already have a current iOS Development certificate or a pending certificate request

Xcode as of 6.3 is no longer allowing me to automatically perform device provisioning for a client. Has anyone else experienced this issue? I found no results when searching for this on Google...
This client has their own bundle ID and it's possible they also have their own provisioning profile for this device. So maybe Apple is matching up the bundle ID irrespective of the developer account being used for provisioning.
I was able to address the issue by modifying the app's bundle ID and manually going through the provisioning process, but I'm guessing this issue is extremely rare, so I'm not sure if this post will be of use to anyone.
When I am create new certificate from my Xcode 9.2 the error was appear
"You already have a current iOS Distribution certificate or a pending certificate request".
Just 2 step for fix this error.
Remove old certificate from developer.apple.com
Create new certificate from Xcode or developer.apple.com
My problem has been solved (I am using Xcode 9.2).
I just found that if I remove my account from Xcode, and then sign in again, it solved the issue. I did revoke my existing certificates and request new ones though as part of that process. I didn't import an existing profile.
My team has maxed out on release certificates, because apparently there is a quota.
We had to delete one of the existing release certificates.
This issue is actually more common than you think.
Some Solutions:
I usually find that opening Xcode's settings and signing out of my account and the signing in again resolves most of those issues.
You may have an older mac that already used up that one allotted development certificate. In that case you'll want to export the developer profile from that machine. If you no longer have access to that machine, it may be time to invalidate that certificate and simply request a new one.
Another option may be to double check your build settings in your project and ensure that it's looking for the right certificate. It's fairly common in my experience for these settings to make decisions on their own, and confirming that they're what you expect may help.
Background:
When dealing with provisioning, it's really easy to get caught up with the frustration of all of the steps you need to go through. The first thing to note is if the error you see is talking about a "Certificate" or a "Profile." In your case, it's a certificate. Good.
Certificates differ from provisioning profiles in a few ways. Certificates are usually only generated twice: once for development, and once for distribution. (Exceptions to this rule are if you decide to add support for some of the special features like push notification or for generating passbook passes on a server.)
The process for generating certificates is also a little more bureaucratic than profiles. You request a certificate from Apple's Member Center. You generate a provisioning profile.
The reason for the word request vs generate is because both Apple and your iOS team's admin need to approve certificate requests. This is because certificates identify you as part of your iOS developer team, and offer all the powers associated with that.
For the sake of completeness, I'll add that provisioning profiles are generated based on that certificate, and really only tell iOS what environment your app is meant to run in. (On any device via the store, specific devices, etc.)
Now, the important part for you is the request business. Most people don't pay much attention to this terminology, since indie developers and small teams (where the developers are admins) don't require developers to ask for permission.
Your error is talking about a previously generated certificate or request. You can only have one development certificate per developer. You either have one, or you've requested one and someone has to approve.
That's what's happening here.
This process is made simple with Xcode 8.3 and 9. Just delete one of your old certifcates in the "validate" interface and click the plus button to request new one, Xcode will request for you and add it in keychain. in my case, maximum number was reached, so I deleted one which was lost in a old Mac and created new one.
This error may also be occur if you reach your distribution certificate limit. After creating 3 iOS Distribution Certificates in an account, the following error message will be displayed when you try to create 4th one: "You already have a current Distribution certificate or a pending certificate request."
Open this link
https://developer.apple.com/account/resources/certificates/add
Press + icon in front of Certificate
Check Apple Distribution section if its show the red text as shown in image then you should revoke you existing certificates to generate new one because you have reached you limit.
Just 2 step for fix this error.
Remove old certificate from developer.apple.com
Create new certificate from Xcode or developer.apple.com
Delete old developer certificate from https://developer.apple.com/account/ios/certificate/ and try to create developer certificate from xcode
1) Remove old certificate from apple developer account.
2) Go to the 'Xcode' 3) Select 'Preferences' option and then Select the 'Account' Tab
3) Select apple id from left side and click on 'Manage Certificate'.
4) Click on '+' (add certificate) button.
5) Add 'Apple Distribution' Certificate.
Unfortunately, only a macbook restart resolved this for me.
Creating another Distribution certificate was not an option, because it had already reached the max. number of certificates.
I manually added an existing one (incl. its private key) to the Keychain …and still Xcode said "Not in Keychain". I then tried to trigger a refresh of the Xcode listing by removing & adding my developer account to Xcode, but that didn't work — neither did restarting Xcode.
So, when all else fails, you try to reboot your system.
When you have three active distribution certificates that were created on distinct machines, you'll see this issue. You can either ask for the private key of a previously made one or simply revoke any of them and make your own.

Xcode "The private key for is not installed on this mac - distributing"

I always get this message when I try to submit my app to the app store.
Here is a picture of the message:
It would be great if someone could help me resolve that problem so I can submit my app to the store.
Try following these steps:
Revoke your existing iOS Distribution Certificate from the iOS developer website.
Generate a new iOS Distribution Certificate by going to XCode Preferences->Accounts->View Details and then clicking the + underneath the list of signing identities.
Go back to the developer website and make sure all your provisioning profiles are configured with the new certificate. (They should all be listed as Active when you are done.)
Go back to XCode and refresh your list of provisioning profiles.
I had the same issue as you did and this resolved it just fine.
This solved it for me without starting all the way from scratch:
1. Open Keychain Access on the machine that was used to generate the private keys
2. Select Keychains->Login and Category->Certificates on the left hand side
3. Locate the two certificates iPhone Developer: [your developer name] and iPhone Distribution: [your developer name]
4. Select both, right click and choose Export 2 items...
5. Enter a password of choice, save to disk and get the .p12-file over to the other machine that won't sign
6. Open the file, enter the password and you should be good to go.
Having a similar problem, after several days of testing, checking, try to repairing and so on, what worked for me was simply:
Open Xcode's preferences (Accounts panel)
Click on "Manage Certificates".
Add a new certificate.
Then everything started working again.
I also experienced this and fought the process for 4 hours. finally i did the following
Deleted all the Private and public keys and certifications in my Keychain Access
Deleted all Provisioning profiles
Deleted all AppID's - (Probably didn;t need to do this by I wanted a clean slate)
Deleted my certifications on the Developer.Apple site
Created new Wildcard Development Profile
Created new Profile SPECIFIC to the App that I was deploying (So it had the appname instead of *, in the AppID)
Created a new development Certificate from the Website.
Downloaded the intermediate certificate (Worldwide Developer Relations Certificate Authority) since I wiped that off my Keychain too
Created the Certification Signing Request (CSR), followed the instructions to the letter to add it to my keychain access. and Uploaded the CSR.
Once the Certification was added, I made sure to rename the public and Private Keys, and added comments to the info box - so I could remember what I did.
Created a new Distribution Cert by repeating Steps 7,9, 10 for the Distribution so I could get it onto the App Store.
Hopefiully this helps someone to know that you can wipe everything out and start over. I loaded all the certs on an olf Macbook Pro that started flaking out last week. So I got a new Mac Air last week, but Icouldn;t remember what keys, and I certainly didn't remember I had 2 sets of Private and Public one for the Development, and 1 for the Distribution. (If you have more that 1 distribution, I believe you would have additional sets.)
Steve
It is worth checking in Keychain Access to make sure you don't have multiple keys with the same name. Also, very often when I have run into Code Signing issues, the fastes solution has been to start the process over (create new keypairs, certs and provisioning profiles).
Best of luck!
Ran into the same issue and after cursing at Apple , I realized it was my fault.
1.- Go to developer.apple.com / Certificates / Production
2.- Download your certificate
This worked for me thank after trying other answers.
Go to Preferences -> Accounts -> Select the Apple ID you're using -> click "View Details…" button -> then click the plus button and select the "iOS Distribution" button. More details here.
It seems that you have got as far as generating a distribution certificate, so you must have generated a key pair at some point. Do you develop on multiple machines? Export the developer profile from the machine that has it and import it into this machine.
It's simple, login to the user's account (maybe on different mac) which was used to create the distribution certificate. Open Keychain Access and export their private key. Then install it to your Keychain.
My problem was Xcode was not on the Access control list for the private key. You can fix this in the keychain access without generating a new key pair.
Open keychain access.
On the left side select login and My Certificates.
Select your distribution certificate and double click your private key.
Select access control and add Xcode to the list if its not there.
Restart Xcode and make a new archive. It should find the private key now.
I actually just closed and reopened xCode and then everything was back to normal.
I have another answer (in addition to my prior post). Today, my private key expired (as I found looking at KeyChain Access), and a new one was in the list. How? Idk... Maybe from using the XCode "fix the problem" button I was presented, or by pulling an update for provisioning profiles as I described in my other post a new one was created automatically?...
Anyway, I logged in the development center, found the provisioning profile I wanted to use and clicked "edit". I was then able to select "Certificates". I found that the one wanted was not selected. I selected it and clicked "generate" to recreate the provisioning profile. Then I was able to download it. I dragged and dropped the file onto my XCode dock icon. That fixed it!
I've got the solution:
Your company has a Company (Enterprise Distribution).pem and CompanyEnterpriseDistribution.p12 you have to install them as well.
I have a company account in apple.
I solved the problem by:
1)in the developer website Certificates, Identifiers & Profiles
2)under Provisioning Profiles -> development
3)went to my development Provisioning -> edit
4)then download , and double click.
Try this..
In Your "System preferences" select "Security and Privacy".
Click on 'Lock' icon on bottom left corner.
Change 'Allow apps downloaded from' from "Anywhere" to "Mac App store and identified developers".
-Then try to build.
For those who are trying to update an app after some time, you need to renew your Porvisioning Profile in Apple Development Center, and then simply go to Certificates on the left hand side on your Apple Development Center, download the distribution certificate, and open it.
Xcode will do the rest and let you run the app.
Cheers!
For me it is that i have not installed my production certificate. (I have already installed development certificate which)
After downloading the production certificate and installed to key chain it worked for me.
This solved it for me without starting all the way from scratch:
reGenerate file "CertificateSigningRequest.certSigningRequest" by other macbook.
reGenerate Certificates "* Grid Information Technology Co.,Ltd"
reGenerate Provisioning Profiles
I am building and distributing development ipa's for my beta iOS app. I have repeatedly had to add new devices to list of those allowed, and have had many woes created by this. This time I'm documenting and sharing such a problem and the solution...
I added a new udid to my list in the developer center, built an archive and found the ipa was not found in the profile embedded in the ipa. So, I refreshed my provisioning profiles in XCode (to get an updated list) and this error was caused with the private key missing (as depicted in the start of this thread).
I then couldn't build another archive. Further, this created code signing errors when attempting to build the project.
After much pain I fixed it like this:
In XCode, go to Preferences...Account Tab. Click the add button (middle left) and select "iOS Development". This will create a new signing identity.
You should now be able to use the new provisioning profile to create the archive.
Also, the build errors should be fixed. Back in the project, "General" tab, select the "team" and retry the build. There may be some additional permissions dialogs. Click "fix" or "always allow" when prompted.
Note: The Member Center and Key Chain list will become a mess, with duplicates for signing ids, but at least everything works. You may want to try cleaning it up...
I created a new Distribution certificate, then edited my existing provisioning profile to point to that new certificate, then in Xcode > preferences > account > view details I updated my signing certificates.
worked like a charm
this will happen because you have format your mac and reinstall it or you are developing from new mac .
if you can not do the above and have your old certicate and profiles exported from the old mac
you will need to remove the wild card provissioning profiles from apple developer center , and also from certifcates you have to remove the old ones just the general development and production certificates .
then you will have to create new ones and to create new provisioning profiles for the app you need to upload to apple .
you do not need to delete all the provisiong profiles for now , but for sure you will need to create new ones for apps that you do not create for it .

iPhone app signing: A valid signing identity matching this profile could not be found in your keychain

I'm pulling my hair out over this. I just downloaded the iPhone 3.0 SDK, but now I can't get my provisioning profiles to work. Here is what I have tried:
Delete all provisioning profiles
Delete login keychain
Create new "login" keychain, make it
default
Create a new certificate signing request
Create new developer and distribution
certificates in the Apple developer center
Download and install them
Download the WWDR certificate and install it
Create a new provisioning profile and
double click it to install
All the certificates report as valid, but Xcode still won't recognize them. What should I try next?
Edit:
I completely re-installed Mac OS X and from a fresh install installed the 3.0 SDK and still have the same problem.
I had the same problem: I first downloaded my certificates to my small MacBook while on the run. When trying to install the certificates on my iMac... then I ran into the problems described on this page.
After spending hours pulling my hair out like many of you, I performed the following steps to fix it:
Close all your stuff except your webpage that should be logged into App Dev center.
Open Xcode. Click WINDOW > ORGANIZER. Then click the Devices tab and select "Provisioning Profiles" on the left.
That should bring up your provisioning profiles. Highlight one by one (if more than 1), right click and delete profile. Yes, just do it! Delete them all! (I kept making a new one after a new one trying to make the thing work.)
From the first page you see after logging into the App Dev Center on the right side click "iOS PROVISIONING PORTAL" > (do not "launch assistant"). Instead click on the left side. Select CERTIFICATES. You will probably have just one line listed with your name/company - from there click on the right side REVOKE. Click OK to verify that's what you want to do.
On the same page click DEVICES. Click the box next to your device you are trying to provision and click REMOVE SELECTED. Again click OK to verify.
Wait about 2 minutes to let Apple do their thing.
Now click on "HOME" that is on the left side navigation.
Click "Launch Assistant"
create a new app ID - call it whatever you want. Just make sure it's unique enough to know that's the one you just created because the others you've been messing with all day will not be deleted from Apples Dev Center.
You should be able to follow the rest of the Assistant without troubles -- the main thing is you just had to delete your old provision profiles and start over.
Good Luck!
I encountered the same issue. This is because the private key of the certificate does not existing on your machine.
If you are now using a new machine and download the certificate from website:
You can export the certificate from the old machine and then import on the new machine.
If you share the developer account with someone:
You ask the account owner to send you an invitation and become a team member of that account. Then you can create your own certificate from scratch.
If you don't want to handle all these sh*t:
Just revoke the certificate on website and delete the copy on your local machine. Then request a new one. This should be the ultimate way for solving such issue.
Had the same problem yesterday. Now, after signing to the developer portal, for every invalid provisioning profile have a button "Renew". After renewing and downloading updated provisioning profile all seems to work as expected, so problem is definitely solved :)
Update: you may have to contact Apple to get a "Renew"-button, or they removed it -- and the solution is to just download it and add it to the keychain, no need to renew.
What I found was that I needed to drag the distribution_identity.cer file that I downloaded from the "Certificates -> Distribution" page on the developer program portal into the keychain access program, then this error went away.
I solved it by
a) go to provisioning profile page on the portal
b) Click on Edit on the provisioning profile you are having trouble (right hand side).
c) Check the Appropriate Certificate box (not checked by default) and select the correct App ID (my old one was expired)
d) Download and use the new provisioning profile. Delete the old one(s).
Apparently there are 4 different causes of this problem:
Your Keychain is missing the private key associated with your
iPhone Developer or iPhone
Distribution certificate.
Your Keychain is missing the Apple Worldwide Developer Relations
Intermediate Certificate.
Your certificate was revoked or has expired.
Online Certificate Status Protocol (OCSP) or Certificate
Revocation List (CRL) are turned on in
Keychain Access preferences
.
After carefully going through the thread here and checking all the solutions proposed by people, I can confidently claim this, after following the steps mentioned on Apple developer docs for creating CSR and mobile provision file, just do this!,
Launch Xcode.
Select window->Organizer
Click this refresh button and that filthy yellow bar will remove instantly.
http://img.skitch.com/20100820-1ngm8an14c6fm3dt7g6j51d2nx.jpg
Trust me, you only have to do this. There is no need to repeat the process again and again to make sure that you doing it the right way. Just press Refresh, enter your login credentials and it's done.
For me it only worked when the certificate and both keys were in the Login keychain. I had created a Development keychain before, but the Xcode Organizer wouldn't find the keys in there. So I moved them back to Login, quit the keychain tool - and voila, the error in Xcode Organizer went away! This was on Snow Leopard 10.6.2 with the 3.1.3 SDK.
For development certificates you can just create a new one and match it to a profile. However for distribution, like when your going to submit to Apple, you cannot do this and must use the distribution certificate the team agent created. The problem is you need the private key on your machine. It's very simple, however, for the team agent who created the certificate to copy the private key to you, below are the instructions from Apple, I hope this helps.
It is critical that you save your private key somewhere safe in the event that you need to develop on multiple computers or decide to reinstall your system OS. Without your private key, you will be unable to sign binaries in Xcode and test your application on any Apple device. When a CSR is generated, the Keychain Access application creates a private key on your login keychain. This private key is tied to your user account and cannot be reproduced if lost due to an OS reinstall. If you plan to do development and testing on multiple systems, you will need to import your private key onto all of the systems you’ll be doing work on.
To export your private key and certificate for safe-keeping and for enabling development on multiple systems, open up the Keychain Access Application and select the ‘Keys’ category.
Control-Click on the private key associated with your iPhone Development Certificate and click ‘Export Items’ in the menu. The private key is identified by the iPhone Developer: public certificate that is paired with it.
Save your key in the Personal Information Exchange (.p12) file format.
You will be prompted to create a password which is used when you attempt to import this key on another computer.
You can now transfer this .p12 file between systems. Double-click on the .p12 to install it on a system. You will be prompted for the password you entered in Step 4.
The best answer I got was exporting your key, instead of just trying to import the cert file.
When you export the key from the keychain that generated the request, you get a Certificates.p12 file, which rolls the keys you need together.
Then import this into the new computer.
With keys like this, it's probably good to keep a rolled, certificate package file, because many times the "public" key, or cert file, is not enough to restore things from.
In my case, I copied the project from my iMac to my Macbook Pro and found out I didn't have my private key installed on the Macbook. So I exported my private key, copied and installed it to the Macbook, and voila it works! I've documented the information here:
http://www.creatistblog.com/2009/09/iphone-developer-provisioning.html
Just a note with Xcode 4: in the organizer there are two different sections in the left pane:
Library > Provisioning profiles
Devices > your device > Provisioning profiles
I was always puttings my provisioning profiles into 2. and even after cleaning and installing properly it was not working. Then I discovered 1. and finally I found the refresh button. If you select 'Automatic device provisioning' in 1. and click on refresh, then everything got validated (no yellow warning in 2. anymore).
Was facing a similar issue yesterday with our CI server. The app extension could not be signed with the error
Code Sign error: No matching provisioning profiles found: No provisioning profiles with a valid signing identity (i.e. certificate and private key pair) matching the bundle identifier XXX were found.
Note: I had created my provisioning profiles myself from Developer portal (not managed by Xcode).
The error was that I had created the provisioning profiles using the Distribution certificate, but the build settings were set to use the developer certificate. Changing it to use Distribution certificate solved the issue.
Summary: Match the certificate used for creating the provisioning profile in build settings too.
Did you try rebooting your Mac and your device? Lame answer, but I always try that first.
I got it working after re-doing everything and then creating an empty project with XCode and building/running it to the device. XCode showed a window asking something like: Do you want to accept the developer certificate. I pressed "Always". Only after this step I got rid of the message "A valid signing identity matching this profile could not be found in your keychain" in Organizer.
Hey guys, I had heaps of trouble with this yesterday. I went through the whole process a few times, requesting a new certificate request from the authority with the assistant, clearing out everything in the portal, uploading the certificate, creating a new profile and downloading everything. No dice.
However, check this out.
First up clear out all the certificates on the portal to start fresh.
After creating the new certificate request with the assistant, press "Show in Finder", and double click that bad boy. You should get a popup for the Certificate Assistant with a screen showing "Please specify the issuing Certificate Authority", etc. If you don't, just close it and double click again.
Now just proceed through the dialog choosing
"Request a certificate from an existing CA" - Continue
Request is "Saved to disk" - Continue
Save it where ever you like, even override the file.
At the end you should see the magic "Creating key pair"
Run over to the KeyChain access and you'll see your keys in there! Upload this certificate to the apple portal and then go through their wizard as normal, everything should work great now.
There are two different certificates for two different provisioning profiles (development and distribution). You have to install BOTH certificates in keychain. In the iPhone Developer Program Portal:
Certificates -> Development -> Download
Certificates -> Distribution -> Download
Double click both certificates. After that both certificates must appear in Keychain.
The answer is this revoke your Current Development Certificate and make a new one. follow the instructions on apples site on how to do so. Its that simple!! I had this exact problem.
Simple steps to get this done:
Start from keychain (which contains your dev key already) on your computer and create a request for certificate. Upload the request to dev site and create the certificate.
Create a profile using the certificate.
Download the profile and drop it on Xcode.
Now all the dots are connected and it should work. This works for both dev and distribution.
I logged into developer account and revoked the development certificate. After revoking and downloading the development certificate i double clicked the newly downloaded certificate and this time Private Key was there under development certificate in KeyChain Access.
A good way to ensure that this happens cleanly is to clean your login keychain completely first.
Also, a really important step is to unlock your keychain before you import the private key and public key
security unlock-keychain -p password ~/Library/Keychains/login.keychain
Import private key into login keychain :
security import PrivateKey.p12 -k ~/Library/Keychains/login.keychain
1 identity imported.
Import public key into login keychain :
security import PublicKeyName.pem -k ~/Library/Keychains/login.keychain
1 key imported.
I had this same problem but, it was due to my setting up "FileVault" on my Mac. I went into my keychain and set "login" to be my default and that fixed it.
"This was a bug on the Apple portal site. They were missing a necessary field in the provisioning profile. They fixed this bug late on 6/16/09. "
I don't know whether they really skipped it or if my eyes were just glazing over but....
Just in case anybody else is overlooking the same things that I did....
just as when you were developing and testing...
1) You need a DISTRIBUTION << CERTIFICATE >>
2) You need a DISTRIBUTION << PROVISIONING PROFILE >>
That is TWO STEPS on the portal in order to get the thing signed.
There I was, having created the developer CERTIFICATE and copied it to the Mobile Provisions folder, wondering why it didn't work.
As soon as I had the provisioning profile in place
* BINGO *
I had the exact same problem and tried everything. For whatever reason the solution was that all my certificates had migrated to a keychain called "microsoft_intermediate_certificates". As it probably happened during an Xcode upgrade I have absolutely no idea why, but it may help somebody.
I moved all content of the Microsoft keychain to the login keychain and everything went back to normal.
I finally got this to work after, like, 4 separate tries after incurring the same problem that was originally posted. So here's what happened, I am not sure if this is an old issue now (2009-07-09), but I will post anyway in case it is helpful to you. What worked for me... might work for you...
start anew and delete the old private keys, public keys, and certificates in the keychain
go through the whole process, request a certificate from a certificate authority, get a new public key, a new private key, and a new certificate. Note: when it worked I had exactly one private key, one public key, and one certificate
Make a new provisioning profile (which utilizes the certificate that you just made) and put that in your organizer window in Xcode. Delete all the old BS.
Run it.
Hopefully this helps.
Everyone here is very wrong. All you need is to follow the steps that Apple provides in Managing Your Digital Identities.
It instructs you to export your certificates through Xcode and reimport through Xcode. It works great, but make sure your username is the same on both computers or it will fail.
I just spent several hours on this fershlugginer issue, which cropped up after renewing my development license. To reiterate, everything was working without a hitch, then (thank you Apple!) it all got screwed up and stayed screwed up. None of the Apple official troubleshooting steps (linked to above) or possible resolution steps mentioned here resolved the issue for me.
What finally did it for me was to delete both my development and distribution certificates, revoke them in the provisioning portal, and then let Xcode AUTOMATICALLY refresh/issue them. Nothing else, in any order, was able to get both required certificates into my keychain with the private key correctly attached.
Here is what I did.
Make sure your certificates have not expired, make sure you delete all the expired ones. Get new ones etc, Once you have make sure all that is the way it should be, then focus on your project files.
in finder , go to your .xcodeproj files then show package contentes.
open project.pbxproj in xcode or textedit.
find every refrense to PROVISIONING_PROFILE and remove the GUID, just leave empty ""
Depending on your project you should have about 12+ refrences, remove all of the GUIDS.
Save file, then reopen your project in XCODE
Re select the correct provision profiles for all possible code signings( they should not all be the same)
Build your project and you should be good to go.
I think Xcode gets confused some how, and removing all the Provision Profiles from the project.pbxproj and then reselecting a valid profile will set it striaght.
If you have new mac you can go to
IOS developer center --> Provisioning Portal --> Certificates --> Development --> Revoke and create new certificate. My problem solved. My error is "Code Sign error: The identity 'iPhone Developer' doesn't match any valid, non-expired certificate/private key pair in your keychains"
What you need:
1) A private and a public key.
They have this symbol in your keychain:
2) A certificate made from the signing request of those keys
3) A provisioning profile linked to that certificate
Let's say you change computers and want to set up Xcode with provisioning profiles again. How do you do it?
Open Xcode, press ctrl + O to open the Organizer, and delete all provisioning profiles you might have installed already.
Open keychain access, and create a signing request which you save to file (when you create the request, a private and public key is created in your keychain).
Create/Update a certificate in the provisioning portal by sending apple this signing request
Download and install the newly created certificate.
Revoke your provisioning profiles and update them with the new certificate.
Download and install the newly updated provisioning profiles.

Resources