I struggle since a few days to get a correct provisioning profile.
I am an independent iOS dev with my own iTunes connect account but I recently started to develop for a development team. Since then, I can't get a correct provisionning profile to run my app from xCode to my iPhone.
iOS documentation describes how to create certificates and provisionning profiles but it doesn't identify who needs to do each step (either me the developer, either the development team manager).
Could you please describe who needs to do the following step :
1. Create a development certificate. To me, it should be me as it is me who develops. Then, I send it to the dev team manager who adds it in his member center.
2. App ID : The dev team manager create the app ID with a specific bundle ID
3. Devices : The dev team manager adds my iPhone UDID.
4. Provisioning profile : The dev team manager creates it from my certificates, the app ID and my device. Then, he sends me the file and I just have to double-click on it.
However, this doesn't seem to work. Any idea how I can obtain a valid provisioning profile.
PS 1 : I have been added in Itunes Connect and I can access to the app details.
PS 2 : Bundle ID of the app in xCode and iTunes connect are the same (I've checked a hundred times).
Each team member is responsible for creating their own key/cert pair and adding it to their machine via Keychain Access. That is for Development builds. Distribution certs can only be created by an admin.
To create an app Id or provision on the member center you need to have admin access. If you don't have admin access then you have to rely on someone who does to create those. They would be responsible for making sure your device and cert are attached to then development provision for your app.
Your problem could also be that your code signing settings are not setup correctly in the project. You should set provision to Automatic and identity to iOSDeveloper. This lets Xcode figure it out and also allows you to share the project in a team setting without code signing issues
Ok, here are the steps:
Generate a new CSR from Keychain.
Go to iTunes Connect.
In Certificate section:
Download Apple's World Wide Relations Authority Certificate using CSR.
Download iOS Developer Certificate using CSR.
Add both these certificates to Keychain.
In Provisional Profile Section:
Download a new provisional profile which includes this developer certificate.
Add this profile to Xcode.
In Xcode, go to Build Settings --> Code Signing --> Set provisional profile.
Run project.
This should do it for you.
Good luck.
Related
I am trying to test my unity game on different iOS device using Xcode 7.3.1. Previously, I connect my iPhone 6 on mac and test the game successfully with free apple account(that has limited privilege).
Now I want to test that game on different device and later want to upload to app store. So I asked my client for apple id that has role "agent". I add apple id on Xcode and try to run the project with iPhone 6 connected. I got the error message saying-
"Your account already has a valid iOS Distribution certificate"
"You have a valid iOS Distribution certificate in the Member Center, but it is not installed locally. If your signing identity is installed on another Mac, you can export a developer profile on that Mac and import it on this Mac. You can also reset your current certificate."
Then I click on reset button to reset current certificate. And try to run the project again. Again I got the error message saying-
Unable to fix signing issue.
Xcode failed to resolve the issue. Check your code signing settings; ensure you have a matching signing certificate and provisioning profile installed; and try again.
I restarted Xcode many times but got the same error. Screenshot of my account details looks like below .
enter image description here
It is not enough, to login and download Developer profiles only.
You need that Certificate physically and signed in your mac as well.
Ak your client to export Signing identities and Provisioning Profiles.
This you will be able to import to you Xcode and Keychain in one step.
This process will help you handle private keys as well, as they are necessary if signing App using Developer/Distribution Certificate.
1) Your client has to export Identities and profiles:
2) He/She can send you them by e-mail:
3) You can import them all in one.
https://developer.apple.com/library/ios/recipes/xcode_help-accounts_preferences/articles/export_signing_assets.html#//apple_ref/doc/uid/TP40013306-CH8-SW1
When recreation of Certificates and Provisioning Profiles is needed:
Make sure you have appropriate privileges - you have to be team agent or admin:
1) Login to https://developer.apple.com with your developer credentials.
2) Go to Certificates, IDs & Profiles
3) Go to Certificates and remove the old one. Then Add new:
4) This is few step process, that requires you to create Certificate signing request. Just follow steps that are stated there. The last action in this step will be installing that Certificates - when ready, just click on it/them and they seamlessly get to your Keychain.
5) When finished with Certificates, open Profiles, find those marked with yellow triangle and edit them. Check the new certificate (and devices if you are creating Development profile as well). I personally prefer creating brand new profiles, as it it'll be easier to recognise older ones and new ones in Build settings later.
6) You now have to update your Xcode -> Preferences -> Accounts section and Xcode does this for you.
7) Last step - update Build settings in your projects according to your new profiles. You should be ready to validate you project now.
My first question here, and I have tried everything and googled like hell and couldn't find an answer to this issue.
So I have a client for whom I have to make an iOS distribution via in House distribution system (they don't want their app on the store but will use it in corporate use with over 20 devices, so the AdHoc UDID system is out of the question).
Now, the client has given me Admin roles on their Enterprise account and I have done the following:
Downloaded the production certificate
Installed the .p12 file from the client on my keychain
Created the app id
Created the provisioning profile and downloaded it too
Now, I do manage to archive the app and install it on my device, but then the app crashes like right after the splash screen. It is to my understanding that there is an issue with the production certificate, and I am clueless. Any help or advice would be greatly appreciated.
An enterprise-signed app won't allow a debug connection. if you want install app in device, you should create archive .ipa and install.
for debug app in device you need to signed app using AdHoc provisional profile of individual developer account.
After some time I have managed to solve this little issue. The main problem was not the .p12 but the bundle ID itself. Since most of the times I was getting an error that the bundle ID was not matched with the provided provisioning profile. So what I did is:
Edited the app id on the Apple Dev Site from an old name, i.e. com.potato.PotatoApp into com.lemon.PotatoApp (the main reason I had to do this is cuz' my default ID is my company's ID, and in this scenario I had to use the client's Apple Dev Account, and thus the ID itself.
Edited the provisioning profile by selecting the newly edited app id, and then changing the name from "PotatoApp" to "PotatoApp inHouse"
Downloaded the newly edited profile.
On the Debug settings, this was the corresponding list:
-Provisioning profile (debug & release): "PotatoApp inHouse"
-Code signing identity (debug & release): "iPhone distribution: Lemon Company Ltd."
Also on the team list changed from "Potato Company Ltd." to "Lemon Company Ltd.", after that a simple Archive and the build was created without any issues.
When I try to use the 'Export > Save for Ad Hoc Deployment' option in Xcode I am presented with a dropdown menu where it says the following :
To Save for Ad Hoc Deployment, select a Development Team to use for provisioning:
I only have a single option so once I click 'Choose' I get the following error message:
Xcode attempted to locate or generate matching signing assets and failed to do so because of the following issues: Your account already has a valid iOS Distribution certificate
When logging into my iOS Developer account I can see I currently have 3 iOS Distribution Certificates (5 in total) and all currently valid (e.g they expire in the future).
The Mac I am using is new, plus all the mobile iOS apps were developed by external developers/teams therefore I'm not sure which certificates I can safely remove.
As the certificates would have been made on other machines I don't have access to it isn't possible for me to simply export the existing developer profiles on these other Mac's and have them installed on my Mac. I'm also unsure if i can revoke current certificates? What is the worst that can happen when revoking current certificates?
As with most error messages in Xcode regarding certificates, it is not very helpful. I would do the following:
delete all the current certificates on your developer account
create new ones on your new machine MANUALLY (not through Xcode, so use the Keychain), this will make sure that the keys that sign your certificates are in your current keychain
update your provisioning profiles with the new certificates
sync the new profiles within Xcode (Preferences -> Accounts)
update your app settings
To this day I still manually do all my certificates and provisioning and while certainly not problem free, I don't seem to have nearly the nightmares that many people do. The only part of the process that I do let Xcode handle is to sync up the profiles.
This is getting frustrating. I have two identities, one old, one new, and the latter should be used to deploy iOS apps to the App Store.
I've created the new user, granted him admin access, then I created the app name and provisioning profiles. However, in the Organizer I see that the Dev provision works flawlessly, while the Deploy profile shows me the dreaded error:
Valid signing identity not found.
How can it be?
Well, I see that in the Certificates section in the iOS Provisioning Portal, there is only one distribution certificate, the one belonging to my company.
Is there a way to enable the new user to create apps without accessing the uberadmin's Xcode?
Thanks & Cheers!
You need the key that was used to create the Distribution Certificate for your company.
Remember when you created your developer certificate? Then you went to keychain -> certificate assistant -> Request a certificate from ...
When you did this, your Mac paired your certificate request to a key in your keychain. Once your developer certificate was processed and you downloaded it to your computer, it could be accessed by your computer through that key.
But if you did not create the Distribution Certificate that your company has, you don't have the key on your computer.
Take a look at your certificates in keychain:
Go to 'Certificates' and expand your developer certificate - it will have a little key with your name.
Now try to expand your distribution certificate - it will not have a key, right?
If this is the case, you have two options:
Ask the person who created the Distribution Certificate to export it from his keychain. This will create a file that includes both certificate and key.
Delete the current Distribution Certificate, and create a new Certificate Signing Request from your computer, which will connect it to a key that you have.
First method require access to "Uberadmins" computer. The second require admin access to your teams Apple account. There is usually no downside in using method 2, because creating a new certificate is necessary from time to time anyway. It will not affect already published apps, just coming releases and updates need to use a the latest certificate.
Once all this is done, you need to create a distribution provisioning profile for App Store and connect to the Distribution Certificate that you are going to use. (if you went with option 1, you might already have done this).
Download the profile to your computer, install it, and then in your app, select to build with this profile for distribution builds.
According to Apple's documentation:
A team’s distribution certificate allows a developer to build an app for distribution. If your team wants to use another Mac to create a distribution build, you need to transfer a copy of the distribution certificate as described in, “Safeguarding and Transferring Your Signing and Provisioning Assets” in Tools Workflow Guide for iOS. (from Managing a Distribution Certificate)
So, in order to have multiple users able to create & submit App Store builds, you must share a private key between them.
Create a new private key for the team, and then send that private key to everyone who needs it. Follow the instructions under Generating a Certificate Signing Request with Keychain Access.
See also: Any concern to share private key for distribution certificate among different group under a team account in itune provisioning portal
I have a company iphone dev account.
According to the doc, only the team-agent is allowed to submit a distribution cert and download the distribution provisioning profile.
Can a team only have 1 Team Agent?
Also, if that is the case, is there a way around this to allow multiple devs the option to build a distributed version of the app?
I have another developer who I would like to build and submit the app to itunes. I tried giving him the distribution cert and distribution profile. When he dragged and dropped them into xcode, and checked out windows->organize, it complains
"assigning identity matching this profile cannot be found in your keychain"
So this leads me to believe I need to get my key chain credentials on his machine. I tried exporting a private key and giving it to him, but he was unable to install it.
Is there anything else I can do?
I honestly thing its really silly if apple expects one developer to be responsible for building all apps for a company. Hopefully I'm wrong and there is a way to get multiple developers access to building a distribution of an app.
Thank you
NOTE: This process is heavily simplified in XCode 4 (although not personally tested by me) with importing and exporting of developer profiles through the Organizer window (Developer Profile section).
This is how I got it working.
1) Login to the iOS Provisioning Portal as the Agent.
2) Run through the process of making the Distribution Certificate Signing Request / Provisioning Profile: http://developer.apple.com/iphone/manage/distribution/index.action. These instructions a re super long, but pretty clear and necessary.
3) Pay extra attention to the section "Obtaining your iOS Distribution Certificate" > "Saving your Private Key and Transferring to Other Systems" on that page. It describes how to generate and save the Agent's .p12 file.
4) Now invite other developer(s) to be part of the team in the Member Center: https://developer.apple.com/membercenter/index.action#invitations
5) Back in the iOS Provisioning Portal, download the app's Distribution Certificate (Certificates > Distribution (tab)). Should be named "distribution_identity.cer"
6) Now download the Distribution Provisioning Profile (Provisioning > Distribution (tab)). Should be named "whatever_you_named_it.mobileprovision"
7) Email those two files along with the Agent's .p12 file to your other developer machine.
8) On the developer's machine, double-click the distribution_identity.cer file and it should load up in Keychain Access
9) Drag the .p12 file to Keychain and it should automatically put the identity under the certificate
10) Drag the whatever_you_named_it.mobileprovision file into XCode.
11) In each of the Project and Build's Info windows, set the Code Signing Identity to the "iPhone Distribution - Your Company" identity which should now be available.
Hope that helps. Rob
Just another tutorial step by step, but slightly different, the certificates have been already installed in the team's agent keychain, so it explains how to export the .p12 files from the keychain:
how-to-share-an-ios-distribution-certificate
You definitely should be able to build your app with a distribution certificate and profile on your coworker's machine.
Are you sure that the distribution certificate and provisioning profile are installed correctly? If you can build apps with the development certificate but not the deployment one, check to make sure that everything's properly installed in the keychain and that the correct provisioning profile is selected in the settings for the active target.
You can copy the private key in this way, but it's really UNSAFE:
Give him your login.keychain file (located in ~/Library/Keychains/), and let him open it with Keychain.app, and ask him to drag your private key to his login.keychain.
Apple also said you should keep your private key secured, if you need to reinstall your system, make sure you backup the login.keychain file.