I joined an existing enterprise developer program. I was able to run the app in developer mode, but had issues with building and archiving. The certificate for creating a universal distribution app is already present, but I am not able to build with it. How can I do it in steps??
The certificate is only half the necessary parts. You also need the key for the certificate.
Open Keychain Access on your Mac and select the Certificates filter on the left. When you select the certificate for your Enterprise Distribution, make sure you there is a green check mark in the top section next to a message that says "This certificate is valid" (bubble 4 in picture below).
Also, and this is likely your problem, you need to make sure there is a triangle next to the certificate that allows you to expand it (See bubble 3 in picture below). Without that, you have no way to code sign using the distribution certificate. You will need to get the private key from the person who created the certificate, or get the key off of the machine that was used to generate the certificate signing request file (CSR) used to generate the cert.
Related
I am attempting to complete my app build in Phone Gap to create an IPA file for App Store submission. However, I am constantly running into:
"Error:certificate doesn't match profile the default keychain doesn't have an identity matching"
...and I am clueless on how to fix this or what the problem is really indicating. This is my first app build, I created my certificate and mobileprovisioning file in Apple Developers account. I have successfully generated a p12 file from my distribution certificate.
I have been searching the web for days and Phone Gap's forums and even the link of "fix this error here, which takes me to a page that offers no real help, or that which I can make sense of. The information is simply not explicit enough to me to let me know what I need to fix. I've followed the tutorials and examples of certificate generation to a T, but I am stuck with this error time after time.
I simply do not know what the error is stating. I do not know what is the "profile" nor what is meant by "...The default keychain doesn't have an identity matching"
Please can someone let me know what exactly this is telling me so I can begin to know how to fix it?
Thanks
iOS certificates are notoriously difficult. What is most likely happening here is that there is a mismatch between the type of certificate (p12) and the provisioning profile - development or distribution. Meaning, you must use a development cert with a development provisioning profile, and same with distribution.
Steps (start from the beginning to ensure that there's not a mismatch):
Ensure that XCode and MacOS are updated to the latest version.
Extract the distribution certificate from Apple Keychain. Expand the iPhone Developer certificate entry, then select both items - the certificate and the private key together. You can do this by selecting the certificate first, then holding the command key and clicking on the private key. Next, right-click and choose the "export two items" option. You'll be prompted to save the export as a p12 file.
Back over in Apple Dev site, create a new iOS provisioning profile. Choose "Distribution, App Store" as the type.
Upload both to PhoneGap Build and rebuild.
In a nutshell:
I got a distribution profile in my keychain (image 1)
From XCode developer account preferences I see only the developer profile (image 2)
When I try to add a new iOS distribution profile it says that I already one and that I should visit the member centre (image 3)
I did so and this brings me back to step 1
Infinite loop (aka "I'm stuck here as I keep retrying..")
EDIT: When I try to use the iOS mobile distribution profile that I generated I don't see many options for the code signing identies. This is how it looks like:
I have downloaded the team distribution profile on my computer from the apple developer member centre. This is the way it looks in my keychain:
However when I try to sign my code for ad hoc distribution I cannot find the distribution certificate in the code signing identities tab.
I manage to build the product archive (for local ad hoc distribution, e.g. TestFlight) but when I try to export it (or submit it to AppStore) I get a message saying that I already have a code signing identity and that I need to download it. More details on this in this question that I asked yesterday.
Today I am trying a different approach and I decided to go to the Account->Preferences and try to click on the "+" button to add a new iOS Distribution profile. This is what I get as response:
Unfortunately it seems that XCode is unable to recognise the iOS Distribution profile that I have installed in my keychain (see beginning of this question) whilst unable to recreate one.
How can I fix this without messing up the certificates/apps of my team members?
Install both valid certificates in your system (Distribution and Developer)
By looking at your Keychain screenshot, I can see that the Certificate lacks the little disclosure triangle next to it. What this indicates is that although you have the distribution certificate, you lack the private signing key. Without it you will not be able to sign the app and it is why you're stuck in this loop.
If you were the person that created the CSR (Certificate Signing Request) when setting up the Distribution Certificate, you should have the private key already in your Keychain - in which instance it may be the case that you are using a couple of different Keychains (e.g. I have the login keychain as well as my Development keychain), the private key is actually in a different keychain to where your distribution certificate is.
In this instance you will simply need to move either your Key or Certificate into the correct keychain for it all to marry up.
Alternatively, if you were not the person that created the Distribution Certificate in the first place, you will need to have the original user export the Key for you using Keychain or by having them export the Developer profile using Xcode.
Pls check if your keychain is missing the private key associated with distribution certificate.
Here is a similar thread that you may wish to take a look at : link
good luck!
Ok, I am completely pulling my hair out on this one.
Back in July I created a provisioning profile so I could test on my iPad.
Then at the end of August I tried submitting my first App to the iTunes Store. The process was a complete nightmare, and I struggled. A lot. In the end I found a tutorial with relatively recent information in it, and only by following it step by step could I actually get anywhere with this. Unfortunately the result of this was that I created a new provisioning profile.
Now when I try to test on my iPad I get the following error in Xcode:
Certificate identity 'iPhone Developer: MyName' appears more than once in the keychain. The codesign tool requires there only be one.
I check the keychain, and sure enough there are the two provisioning profiles for development, one from July and the one I used to submit to the iTunes Store in August.
Now what I want to do is get rid of the old one, and then connect my iPad up to the new one. I can get rid of the old one fine, but I cannot connect my iPad to the new one, it insists on using the old profile, even to the point of re-attaching it to the keychain after Ive deleted it.
Can anyone tell me:
How to connect my iPad to the new provisioning profile?
And while we are at it, can anyone shed any light on why this entire process is so convoluted and difficult? Considering that so much of Apples interface is so well designed and fluid, this process of registering certificates and applying them to different devices and Apps seems so backwards. I initially suspected this was just me, but googling for these error messages reveals that there are many who are struggling at various points along this process.
This has nothing to do with Xcode and everything to do with keychain.
Open keychain.
Find the signing certificates that are tied to your provisioning profiles.
Delete one. You probably want to keep the newer one, so look at the expiration dates and remove the one that expires first.
Restart Xcode
You may need to update your provisioning profile if it isn't tied to the new certificate, but it won't be as painful as creating a new certificate.
Here's a broad overview of how code signing in Xcode works. It a bit much but will explain what's wrong with your configuration, and how you can fix it.
There are three parts to the mechanism that ensures that you are who you say you are and that your app is allowed to run where it wants to.
You've got a pair of keys, one public and one private. Your public key matches your private key, which identifies you.
Your keys are used to generate certificates. Generally, you'll have one certificate for development and one for distribution,either on the App Store or via Ad Hoc distribution. These certificates permit you to provision your apps.
Each certificate is used to generate provisioning profiles. The profiles must be attached to either a development or a distribution certification. A distribution profile either works on the App Store, or it contains a list of device IDs which may run apps signed with that profile.
If your certificate is expired, the provisioning profiles that are created with it are going to be invalid. In this case, replace both the certificate and the profiles. Generate a certificate signing request (CSR) from Keychain Access and upload it to the developer portal.
If you have multiple certificates in your keychain, Xcode won't know which one to use. This may happen if you renew your certificate and don't remove the old one. (It may also happen if you exported your developer profile and then imported it later. Your old certificates will carry over.)
If your provisioning profile is expired or invalid, you can renew it in the developer portal without generating a new CSR. You can just attach it to an existing valid certificate.
Certificates can't be carried over from one machine to another without moving the original key pair that requested it. Exporting the certificate from Keychain will export the keys as well.
Delete the old one, and start build with new.
One more way you can try , set code signing identity with profile you want to run in both target as well as project build setting.
Hope it will help you.
Otherwise you have to delete old one.
I developed an iOS app that my client is going to use internally. They sent me their enterprise distribution provisioning profile. When I add it to XCode it says "Valid signing identity not found". How do I build the app so that my client can run it on their devices?
Your computer is unable to sign with the distribution profile, since you don't have the private key for this certificate.
Alternative 1
Apple intends that building a project for distribution will only take place on a single machine - the machine that the certificate was originally created on. So, in their eyes, you should ask your clients to build the project internally (for distribution only - for development you should have no problems building yourself).
Alternative 2
There is a way to override it.. and it involves exporting the private key from that special distribution machine and emailing it to you.
These are the steps (also outlined here):
Access the computer where the certificate was created, open the "Keychain Access" program on the computer
In "Category" panel, select "Certificates"
Find the correct distribution certificate and expand it
Highlight both the iPhone distribution certificate line and the private key line under it.
Right click and select "Export 2 items"
Save the .p12 file, choose a password that can share, you will need it to import this file later
Email the saved file to you
Once you import this and type in the password from step 6, you will have the private key on your computer too and all will be good.
Alternative 3
There's a chance that when you ask your clients to export the private key, they will have no idea what you're talking about and no idea where the machine that created it is (this is what actually happened to me). This is usually the case if they are not regularly building for distribution on their own.
In this case, you can simply delete the certificate and create a new one (for the distribution profile). If you create the certificate on your machine, then you will have the private key. You should also export it to them just in case (using the same steps of alternative 2).. so they have the ability to build without you if need be.
Each provisioning profile is paired with a certificate. If you subscribe to the Apple developer service, you should have access to create and download a development cert (tied to the apple ID) and a distribution cert (tied to the organization). The enterprise distribution provisioning profile needs to be paired with the distribution cert. So in order to use their provisioning profile, you will have to get the distribution certificate from them. This will also involve you getting their private key, which they might not be so fond of. Alternatively, they can set you up as a developer on their portal, then you can distribute through the machine that already has the distribution cert installed on it.
This is getting frustrating. I have two identities, one old, one new, and the latter should be used to deploy iOS apps to the App Store.
I've created the new user, granted him admin access, then I created the app name and provisioning profiles. However, in the Organizer I see that the Dev provision works flawlessly, while the Deploy profile shows me the dreaded error:
Valid signing identity not found.
How can it be?
Well, I see that in the Certificates section in the iOS Provisioning Portal, there is only one distribution certificate, the one belonging to my company.
Is there a way to enable the new user to create apps without accessing the uberadmin's Xcode?
Thanks & Cheers!
You need the key that was used to create the Distribution Certificate for your company.
Remember when you created your developer certificate? Then you went to keychain -> certificate assistant -> Request a certificate from ...
When you did this, your Mac paired your certificate request to a key in your keychain. Once your developer certificate was processed and you downloaded it to your computer, it could be accessed by your computer through that key.
But if you did not create the Distribution Certificate that your company has, you don't have the key on your computer.
Take a look at your certificates in keychain:
Go to 'Certificates' and expand your developer certificate - it will have a little key with your name.
Now try to expand your distribution certificate - it will not have a key, right?
If this is the case, you have two options:
Ask the person who created the Distribution Certificate to export it from his keychain. This will create a file that includes both certificate and key.
Delete the current Distribution Certificate, and create a new Certificate Signing Request from your computer, which will connect it to a key that you have.
First method require access to "Uberadmins" computer. The second require admin access to your teams Apple account. There is usually no downside in using method 2, because creating a new certificate is necessary from time to time anyway. It will not affect already published apps, just coming releases and updates need to use a the latest certificate.
Once all this is done, you need to create a distribution provisioning profile for App Store and connect to the Distribution Certificate that you are going to use. (if you went with option 1, you might already have done this).
Download the profile to your computer, install it, and then in your app, select to build with this profile for distribution builds.
According to Apple's documentation:
A team’s distribution certificate allows a developer to build an app for distribution. If your team wants to use another Mac to create a distribution build, you need to transfer a copy of the distribution certificate as described in, “Safeguarding and Transferring Your Signing and Provisioning Assets” in Tools Workflow Guide for iOS. (from Managing a Distribution Certificate)
So, in order to have multiple users able to create & submit App Store builds, you must share a private key between them.
Create a new private key for the team, and then send that private key to everyone who needs it. Follow the instructions under Generating a Certificate Signing Request with Keychain Access.
See also: Any concern to share private key for distribution certificate among different group under a team account in itune provisioning portal