I have an in-house enterprise app that is managed (deployed) from MaaS360
'https://portal.fiberlink.com'
And this app is built (and still maintained) in XCode 4.6.3 (i know, i know), so I don't have any of the fancy new features in XCode 7 that might help alleviate this problem. In fact, even the refresh button in Organizer no longer works... you tap it and a dialog says "service unavailable" and I've tried it on different days, so it's not just a temporary glitch or service interruption. I believe apple disabled whatever portion of their service was servicing that request from XCode 4's Organizer.
The provisioning profile on it is going to expire in March, and I'm trying to figure out how to renew it without inconveniencing the users by making them download a new rebuilt app. It would be particularly painful for them because it would require they sync a few gigabytes of data from their device through iTunes for each person, and it's a few hundred people.
My problem is, my certificate I used to sign the app is also expiring around the same time (in March).
I happened to have another certificate and an associated provisioning profile, I had generated on a different mac which expires in 2019, and I tried to use it to update the expiring provisioning profile on MaaS360 for this app in question, and I get this error
So what has me a little terrified is, I'm back on the mac where I originally created and deployed the app... if I need to renew my existing certificate (which I assume means revoking it and replacing it with a new one), in order to create a new provisioning profile, aren't I going to run into this dialog again, claiming that my certificates don't match, because I'll now have a new one, hence I can't update the profile.
If the only way to update my expiring provisioning profile is with my soon-to-be-expired-but-also-identical certificate which originally created the profile, that still means my profile is going to expire as scheduled because my original certificate will have expired too.
Is there a way out of this dilemma?
You can have two certificates active at the same time. So I would generate a new certificate using the same key you used to generate the original one. To do this on the Apple developer portal, you will need the cert signing request. Most developers don't save this when they generate their certificate the first time. The good news is, if you have the private key that was used for your distribution certificate, you can use that to generate the CSR. To find out if you have the private key, you can use this post for how to locate it in the Keychain app. https://stackoverflow.com/a/33651921/3708242
Once you have verified that you have the private key used for the certificate for the app store distribution, you can generate the a CSR using the following procedure: https://stackoverflow.com/a/7111454/3708242
Once you have the CSR, go to Apple's developer portal and generate a new distribution certificate for "In-House and Ad Hoc" distribution. As long as you only have one out there, you should be able to create a second without having to revoke the existing one. Once you've done that, you will likely need to provide that certificate to the MaaS360 service (I'm not familiar with how that works, but somehow the Maas360 server must have the private key and certificate that the apps were built with, as it is clearly checking that when you push the build of your app and the certs don't match). So download the new cert and provide that to MaaS360.
Then, generate a new distribution profile using the new certificate. Or you can update the existing one to use the new cert by clicking the edit button on the provisioning profile, then changing the radio button to the new cert which should expire several years out. Note that this won't prevent any existing apps built using the profile from running in the meantime (revoking the certificate, however, would immediately cause the apps to stop working, which you don't want). Save and download the new profile, and use it to rebuild the app.
The app will then be built with the new certificate, that won't expire any time soon. I do think you are missing the part of the process where you will have to provide the new cert to MaaS360. I can't really help you with that part, but hopefully there is some documentation from IBM that can help you out there. But, you will need to fix it, because once the cert expires, non of the apps built with it will work. Good luck and let me know if any of this is not clear enough.
Xcode as of 6.3 is no longer allowing me to automatically perform device provisioning for a client. Has anyone else experienced this issue? I found no results when searching for this on Google...
This client has their own bundle ID and it's possible they also have their own provisioning profile for this device. So maybe Apple is matching up the bundle ID irrespective of the developer account being used for provisioning.
I was able to address the issue by modifying the app's bundle ID and manually going through the provisioning process, but I'm guessing this issue is extremely rare, so I'm not sure if this post will be of use to anyone.
When I am create new certificate from my Xcode 9.2 the error was appear
"You already have a current iOS Distribution certificate or a pending certificate request".
Just 2 step for fix this error.
Remove old certificate from developer.apple.com
Create new certificate from Xcode or developer.apple.com
My problem has been solved (I am using Xcode 9.2).
I just found that if I remove my account from Xcode, and then sign in again, it solved the issue. I did revoke my existing certificates and request new ones though as part of that process. I didn't import an existing profile.
My team has maxed out on release certificates, because apparently there is a quota.
We had to delete one of the existing release certificates.
This issue is actually more common than you think.
Some Solutions:
I usually find that opening Xcode's settings and signing out of my account and the signing in again resolves most of those issues.
You may have an older mac that already used up that one allotted development certificate. In that case you'll want to export the developer profile from that machine. If you no longer have access to that machine, it may be time to invalidate that certificate and simply request a new one.
Another option may be to double check your build settings in your project and ensure that it's looking for the right certificate. It's fairly common in my experience for these settings to make decisions on their own, and confirming that they're what you expect may help.
Background:
When dealing with provisioning, it's really easy to get caught up with the frustration of all of the steps you need to go through. The first thing to note is if the error you see is talking about a "Certificate" or a "Profile." In your case, it's a certificate. Good.
Certificates differ from provisioning profiles in a few ways. Certificates are usually only generated twice: once for development, and once for distribution. (Exceptions to this rule are if you decide to add support for some of the special features like push notification or for generating passbook passes on a server.)
The process for generating certificates is also a little more bureaucratic than profiles. You request a certificate from Apple's Member Center. You generate a provisioning profile.
The reason for the word request vs generate is because both Apple and your iOS team's admin need to approve certificate requests. This is because certificates identify you as part of your iOS developer team, and offer all the powers associated with that.
For the sake of completeness, I'll add that provisioning profiles are generated based on that certificate, and really only tell iOS what environment your app is meant to run in. (On any device via the store, specific devices, etc.)
Now, the important part for you is the request business. Most people don't pay much attention to this terminology, since indie developers and small teams (where the developers are admins) don't require developers to ask for permission.
Your error is talking about a previously generated certificate or request. You can only have one development certificate per developer. You either have one, or you've requested one and someone has to approve.
That's what's happening here.
This process is made simple with Xcode 8.3 and 9. Just delete one of your old certifcates in the "validate" interface and click the plus button to request new one, Xcode will request for you and add it in keychain. in my case, maximum number was reached, so I deleted one which was lost in a old Mac and created new one.
This error may also be occur if you reach your distribution certificate limit. After creating 3 iOS Distribution Certificates in an account, the following error message will be displayed when you try to create 4th one: "You already have a current Distribution certificate or a pending certificate request."
Open this link
https://developer.apple.com/account/resources/certificates/add
Press + icon in front of Certificate
Check Apple Distribution section if its show the red text as shown in image then you should revoke you existing certificates to generate new one because you have reached you limit.
Just 2 step for fix this error.
Remove old certificate from developer.apple.com
Create new certificate from Xcode or developer.apple.com
Delete old developer certificate from https://developer.apple.com/account/ios/certificate/ and try to create developer certificate from xcode
1) Remove old certificate from apple developer account.
2) Go to the 'Xcode' 3) Select 'Preferences' option and then Select the 'Account' Tab
3) Select apple id from left side and click on 'Manage Certificate'.
4) Click on '+' (add certificate) button.
5) Add 'Apple Distribution' Certificate.
Unfortunately, only a macbook restart resolved this for me.
Creating another Distribution certificate was not an option, because it had already reached the max. number of certificates.
I manually added an existing one (incl. its private key) to the Keychain …and still Xcode said "Not in Keychain". I then tried to trigger a refresh of the Xcode listing by removing & adding my developer account to Xcode, but that didn't work — neither did restarting Xcode.
So, when all else fails, you try to reboot your system.
When you have three active distribution certificates that were created on distinct machines, you'll see this issue. You can either ask for the private key of a previously made one or simply revoke any of them and make your own.
I'm pulling my hair out over this. I just downloaded the iPhone 3.0 SDK, but now I can't get my provisioning profiles to work. Here is what I have tried:
Delete all provisioning profiles
Delete login keychain
Create new "login" keychain, make it
default
Create a new certificate signing request
Create new developer and distribution
certificates in the Apple developer center
Download and install them
Download the WWDR certificate and install it
Create a new provisioning profile and
double click it to install
All the certificates report as valid, but Xcode still won't recognize them. What should I try next?
Edit:
I completely re-installed Mac OS X and from a fresh install installed the 3.0 SDK and still have the same problem.
I had the same problem: I first downloaded my certificates to my small MacBook while on the run. When trying to install the certificates on my iMac... then I ran into the problems described on this page.
After spending hours pulling my hair out like many of you, I performed the following steps to fix it:
Close all your stuff except your webpage that should be logged into App Dev center.
Open Xcode. Click WINDOW > ORGANIZER. Then click the Devices tab and select "Provisioning Profiles" on the left.
That should bring up your provisioning profiles. Highlight one by one (if more than 1), right click and delete profile. Yes, just do it! Delete them all! (I kept making a new one after a new one trying to make the thing work.)
From the first page you see after logging into the App Dev Center on the right side click "iOS PROVISIONING PORTAL" > (do not "launch assistant"). Instead click on the left side. Select CERTIFICATES. You will probably have just one line listed with your name/company - from there click on the right side REVOKE. Click OK to verify that's what you want to do.
On the same page click DEVICES. Click the box next to your device you are trying to provision and click REMOVE SELECTED. Again click OK to verify.
Wait about 2 minutes to let Apple do their thing.
Now click on "HOME" that is on the left side navigation.
Click "Launch Assistant"
create a new app ID - call it whatever you want. Just make sure it's unique enough to know that's the one you just created because the others you've been messing with all day will not be deleted from Apples Dev Center.
You should be able to follow the rest of the Assistant without troubles -- the main thing is you just had to delete your old provision profiles and start over.
Good Luck!
I encountered the same issue. This is because the private key of the certificate does not existing on your machine.
If you are now using a new machine and download the certificate from website:
You can export the certificate from the old machine and then import on the new machine.
If you share the developer account with someone:
You ask the account owner to send you an invitation and become a team member of that account. Then you can create your own certificate from scratch.
If you don't want to handle all these sh*t:
Just revoke the certificate on website and delete the copy on your local machine. Then request a new one. This should be the ultimate way for solving such issue.
Had the same problem yesterday. Now, after signing to the developer portal, for every invalid provisioning profile have a button "Renew". After renewing and downloading updated provisioning profile all seems to work as expected, so problem is definitely solved :)
Update: you may have to contact Apple to get a "Renew"-button, or they removed it -- and the solution is to just download it and add it to the keychain, no need to renew.
What I found was that I needed to drag the distribution_identity.cer file that I downloaded from the "Certificates -> Distribution" page on the developer program portal into the keychain access program, then this error went away.
I solved it by
a) go to provisioning profile page on the portal
b) Click on Edit on the provisioning profile you are having trouble (right hand side).
c) Check the Appropriate Certificate box (not checked by default) and select the correct App ID (my old one was expired)
d) Download and use the new provisioning profile. Delete the old one(s).
Apparently there are 4 different causes of this problem:
Your Keychain is missing the private key associated with your
iPhone Developer or iPhone
Distribution certificate.
Your Keychain is missing the Apple Worldwide Developer Relations
Intermediate Certificate.
Your certificate was revoked or has expired.
Online Certificate Status Protocol (OCSP) or Certificate
Revocation List (CRL) are turned on in
Keychain Access preferences
.
After carefully going through the thread here and checking all the solutions proposed by people, I can confidently claim this, after following the steps mentioned on Apple developer docs for creating CSR and mobile provision file, just do this!,
Launch Xcode.
Select window->Organizer
Click this refresh button and that filthy yellow bar will remove instantly.
http://img.skitch.com/20100820-1ngm8an14c6fm3dt7g6j51d2nx.jpg
Trust me, you only have to do this. There is no need to repeat the process again and again to make sure that you doing it the right way. Just press Refresh, enter your login credentials and it's done.
For me it only worked when the certificate and both keys were in the Login keychain. I had created a Development keychain before, but the Xcode Organizer wouldn't find the keys in there. So I moved them back to Login, quit the keychain tool - and voila, the error in Xcode Organizer went away! This was on Snow Leopard 10.6.2 with the 3.1.3 SDK.
For development certificates you can just create a new one and match it to a profile. However for distribution, like when your going to submit to Apple, you cannot do this and must use the distribution certificate the team agent created. The problem is you need the private key on your machine. It's very simple, however, for the team agent who created the certificate to copy the private key to you, below are the instructions from Apple, I hope this helps.
It is critical that you save your private key somewhere safe in the event that you need to develop on multiple computers or decide to reinstall your system OS. Without your private key, you will be unable to sign binaries in Xcode and test your application on any Apple device. When a CSR is generated, the Keychain Access application creates a private key on your login keychain. This private key is tied to your user account and cannot be reproduced if lost due to an OS reinstall. If you plan to do development and testing on multiple systems, you will need to import your private key onto all of the systems you’ll be doing work on.
To export your private key and certificate for safe-keeping and for enabling development on multiple systems, open up the Keychain Access Application and select the ‘Keys’ category.
Control-Click on the private key associated with your iPhone Development Certificate and click ‘Export Items’ in the menu. The private key is identified by the iPhone Developer: public certificate that is paired with it.
Save your key in the Personal Information Exchange (.p12) file format.
You will be prompted to create a password which is used when you attempt to import this key on another computer.
You can now transfer this .p12 file between systems. Double-click on the .p12 to install it on a system. You will be prompted for the password you entered in Step 4.
The best answer I got was exporting your key, instead of just trying to import the cert file.
When you export the key from the keychain that generated the request, you get a Certificates.p12 file, which rolls the keys you need together.
Then import this into the new computer.
With keys like this, it's probably good to keep a rolled, certificate package file, because many times the "public" key, or cert file, is not enough to restore things from.
In my case, I copied the project from my iMac to my Macbook Pro and found out I didn't have my private key installed on the Macbook. So I exported my private key, copied and installed it to the Macbook, and voila it works! I've documented the information here:
http://www.creatistblog.com/2009/09/iphone-developer-provisioning.html
Just a note with Xcode 4: in the organizer there are two different sections in the left pane:
Library > Provisioning profiles
Devices > your device > Provisioning profiles
I was always puttings my provisioning profiles into 2. and even after cleaning and installing properly it was not working. Then I discovered 1. and finally I found the refresh button. If you select 'Automatic device provisioning' in 1. and click on refresh, then everything got validated (no yellow warning in 2. anymore).
Was facing a similar issue yesterday with our CI server. The app extension could not be signed with the error
Code Sign error: No matching provisioning profiles found: No provisioning profiles with a valid signing identity (i.e. certificate and private key pair) matching the bundle identifier XXX were found.
Note: I had created my provisioning profiles myself from Developer portal (not managed by Xcode).
The error was that I had created the provisioning profiles using the Distribution certificate, but the build settings were set to use the developer certificate. Changing it to use Distribution certificate solved the issue.
Summary: Match the certificate used for creating the provisioning profile in build settings too.
Did you try rebooting your Mac and your device? Lame answer, but I always try that first.
I got it working after re-doing everything and then creating an empty project with XCode and building/running it to the device. XCode showed a window asking something like: Do you want to accept the developer certificate. I pressed "Always". Only after this step I got rid of the message "A valid signing identity matching this profile could not be found in your keychain" in Organizer.
Hey guys, I had heaps of trouble with this yesterday. I went through the whole process a few times, requesting a new certificate request from the authority with the assistant, clearing out everything in the portal, uploading the certificate, creating a new profile and downloading everything. No dice.
However, check this out.
First up clear out all the certificates on the portal to start fresh.
After creating the new certificate request with the assistant, press "Show in Finder", and double click that bad boy. You should get a popup for the Certificate Assistant with a screen showing "Please specify the issuing Certificate Authority", etc. If you don't, just close it and double click again.
Now just proceed through the dialog choosing
"Request a certificate from an existing CA" - Continue
Request is "Saved to disk" - Continue
Save it where ever you like, even override the file.
At the end you should see the magic "Creating key pair"
Run over to the KeyChain access and you'll see your keys in there! Upload this certificate to the apple portal and then go through their wizard as normal, everything should work great now.
There are two different certificates for two different provisioning profiles (development and distribution). You have to install BOTH certificates in keychain. In the iPhone Developer Program Portal:
Certificates -> Development -> Download
Certificates -> Distribution -> Download
Double click both certificates. After that both certificates must appear in Keychain.
The answer is this revoke your Current Development Certificate and make a new one. follow the instructions on apples site on how to do so. Its that simple!! I had this exact problem.
Simple steps to get this done:
Start from keychain (which contains your dev key already) on your computer and create a request for certificate. Upload the request to dev site and create the certificate.
Create a profile using the certificate.
Download the profile and drop it on Xcode.
Now all the dots are connected and it should work. This works for both dev and distribution.
I logged into developer account and revoked the development certificate. After revoking and downloading the development certificate i double clicked the newly downloaded certificate and this time Private Key was there under development certificate in KeyChain Access.
A good way to ensure that this happens cleanly is to clean your login keychain completely first.
Also, a really important step is to unlock your keychain before you import the private key and public key
security unlock-keychain -p password ~/Library/Keychains/login.keychain
Import private key into login keychain :
security import PrivateKey.p12 -k ~/Library/Keychains/login.keychain
1 identity imported.
Import public key into login keychain :
security import PublicKeyName.pem -k ~/Library/Keychains/login.keychain
1 key imported.
I had this same problem but, it was due to my setting up "FileVault" on my Mac. I went into my keychain and set "login" to be my default and that fixed it.
"This was a bug on the Apple portal site. They were missing a necessary field in the provisioning profile. They fixed this bug late on 6/16/09. "
I don't know whether they really skipped it or if my eyes were just glazing over but....
Just in case anybody else is overlooking the same things that I did....
just as when you were developing and testing...
1) You need a DISTRIBUTION << CERTIFICATE >>
2) You need a DISTRIBUTION << PROVISIONING PROFILE >>
That is TWO STEPS on the portal in order to get the thing signed.
There I was, having created the developer CERTIFICATE and copied it to the Mobile Provisions folder, wondering why it didn't work.
As soon as I had the provisioning profile in place
* BINGO *
I had the exact same problem and tried everything. For whatever reason the solution was that all my certificates had migrated to a keychain called "microsoft_intermediate_certificates". As it probably happened during an Xcode upgrade I have absolutely no idea why, but it may help somebody.
I moved all content of the Microsoft keychain to the login keychain and everything went back to normal.
I finally got this to work after, like, 4 separate tries after incurring the same problem that was originally posted. So here's what happened, I am not sure if this is an old issue now (2009-07-09), but I will post anyway in case it is helpful to you. What worked for me... might work for you...
start anew and delete the old private keys, public keys, and certificates in the keychain
go through the whole process, request a certificate from a certificate authority, get a new public key, a new private key, and a new certificate. Note: when it worked I had exactly one private key, one public key, and one certificate
Make a new provisioning profile (which utilizes the certificate that you just made) and put that in your organizer window in Xcode. Delete all the old BS.
Run it.
Hopefully this helps.
Everyone here is very wrong. All you need is to follow the steps that Apple provides in Managing Your Digital Identities.
It instructs you to export your certificates through Xcode and reimport through Xcode. It works great, but make sure your username is the same on both computers or it will fail.
I just spent several hours on this fershlugginer issue, which cropped up after renewing my development license. To reiterate, everything was working without a hitch, then (thank you Apple!) it all got screwed up and stayed screwed up. None of the Apple official troubleshooting steps (linked to above) or possible resolution steps mentioned here resolved the issue for me.
What finally did it for me was to delete both my development and distribution certificates, revoke them in the provisioning portal, and then let Xcode AUTOMATICALLY refresh/issue them. Nothing else, in any order, was able to get both required certificates into my keychain with the private key correctly attached.
Here is what I did.
Make sure your certificates have not expired, make sure you delete all the expired ones. Get new ones etc, Once you have make sure all that is the way it should be, then focus on your project files.
in finder , go to your .xcodeproj files then show package contentes.
open project.pbxproj in xcode or textedit.
find every refrense to PROVISIONING_PROFILE and remove the GUID, just leave empty ""
Depending on your project you should have about 12+ refrences, remove all of the GUIDS.
Save file, then reopen your project in XCODE
Re select the correct provision profiles for all possible code signings( they should not all be the same)
Build your project and you should be good to go.
I think Xcode gets confused some how, and removing all the Provision Profiles from the project.pbxproj and then reselecting a valid profile will set it striaght.
If you have new mac you can go to
IOS developer center --> Provisioning Portal --> Certificates --> Development --> Revoke and create new certificate. My problem solved. My error is "Code Sign error: The identity 'iPhone Developer' doesn't match any valid, non-expired certificate/private key pair in your keychains"
What you need:
1) A private and a public key.
They have this symbol in your keychain:
2) A certificate made from the signing request of those keys
3) A provisioning profile linked to that certificate
Let's say you change computers and want to set up Xcode with provisioning profiles again. How do you do it?
Open Xcode, press ctrl + O to open the Organizer, and delete all provisioning profiles you might have installed already.
Open keychain access, and create a signing request which you save to file (when you create the request, a private and public key is created in your keychain).
Create/Update a certificate in the provisioning portal by sending apple this signing request
Download and install the newly created certificate.
Revoke your provisioning profiles and update them with the new certificate.
Download and install the newly updated provisioning profiles.