valid iOS Distribution Cetificate - developer name change - ios

Here's how I've been led to this path.
I started on a macbook, with a standard developer account. Submitted a few applications. Then moved to an iMac, same developer account. Submitted a few applications.
Now, my developer account is a company account i.e, I got the name changed to my company name. However, now I cannot submit to the app store. I get your account already has a valid iOS Distribution Certificate
I cannot get past this hurdle!
I'll now try and explain which profiles and signing identities I have in my developer account.
Certificates
Company name - iOS Distribution
My Old account name and/or my actual name - iOS Development
App IDs
Application Name - Correct bundle identifier
Provisioning Profiles
iOSTeam Provisioning Profile: App-Name - iOS Development
App Name - iOS Distribution - Active ( correct app id and correct certification for distribution )
All of these certificates are locally in my keychain.
However, I cannot get it to work. Some help would be greatly appreciated, I'm having an absolute nightmare.

The certificate is just used to prove that you are the person who (signed and) submitted the app.
Apple re-signs your app with their credentials before it appears on the store. You can be assured that revoking a certificate won't invalidate any previous submissions for this reason.
The issue right now is that Xcode and/or keychain are likely affected by (or using) conflicted (or old) details, and Xcode doesn't recognize that something has changed, or cannot replace the old data with the current data.
You should revoke your certificate(s), delete them from Xcode and keychain, then let Xcode generate a new one.
Otherwise, those old keys will linger in Xcode and keychain and be a point of confusion, both now, and down the road.
I realize it seems like an ominous thing to do, but if there were dire consequences, Apple would clearly be warning you, instead of letting you simply revoke and be reissued a new certificate.

Solution in my case.
I deleted all old certificates/keys, revoked my distribution profile from the members centre ( so I didn't have any ) Then proceeded to xCode>Accounts>View Info> + > distribution profile and it generated me a new one.
This has now allowed me to submit via the app store and remove the very vague error.

Related

Problems with iOS Free Provisioning Profile

I've been using Xcode with a free Apple ID, and signing a App with a free provisioning profile.
However, after I signed the App with another Mac, the certificate on the first Mac I used to sign the App with does not work anymore.
I received this error message when I tried to run it on my iPhone:
Please verify that your device's clock is properly set, and that your signing certificate is not expired. (0xE8008018).
After generating a new certificate via Xcode > Preferences > View Details... > iOS Distribution > Create, I got this error instead:
The identity used to sign the executable is no longer valid.
After deleting the App from my iPhone, I tried to run the App again and received this error message instead. This also caused my phone to freeze for a while:
dyld: Library not loaded: #rpath/libswiftCore.dylib
Referenced from: /var/mobile/Containers/Bundle/Application/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/Test.app/Test
Reason: no suitable image found. Did find:
/private/var/mobile/Containers/Bundle/Application/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/Test.app/Frameworks/libswiftCore.dylib: mmap() errno=1 validating first page of '/private/var/mobile/Containers/Bundle/Application/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/Test.app/Frameworks/libswiftCore.dylib'
(lldb)
Update: I'm using Free Provisioning Profile, thus I don't have access to iTunes Connect. I also can't import the certificate from my 2nd Mac as it was it was reset.
Update 2: I've also visited Keychain App and found 2 certificates - one expired and one valid. I deleted the expired one and tried to run the App on my phone again, but the error persists.
Update 3: I've tried to revoke all my certificates in developer.apple.com, but there isn't a certificates management. Only 'Programs & Add-ons' and 'Your Account' sections are available in the nav, which allows me to enrol into Apple Developer Program.
Update 4: I've also restarted my Xcode to no avail.
The main problem is that I'm not sure why I cannot revoke and regenerate a new certificate.
How can I solve this problem?
Generate a New CSR from your Keychain and download new certificate using this CSR. Include this certificate in your provisional profile and download it. Make sure you remove all expired certificates from Keychain. Good luck.
You don't need iTunes Connect to manage your certificates, IDs and provisioning profiles. iTunes Connect is used for managing your app store releases, which as you know you can't do with a free account.
You need to go to developer.apple.com and log in with your free account to the member center. You will be able to see the certificates and provisioning profiles under your developer account.
Since you don't have anything in the store (you can't with a free account), I would go into the developer's member center, revoke and delete any certificates that are out there, and delete all provisioning profiles. Start from scratch and generate a new certificate using a brand new CSR. Then generate a new provisioning profile using the existing app ID and the newly created certificate. Download the profile update your project settings to use the new signing identity and profile, and you're back in business.
Also, this is assuming that you are not sharing this developer account. If you are, doing the above instructions will make it so other developers will not be able to build with the signing identity unless you give them the private key for the certificate.
I managed to fix this problem by renaming the App name, and recompiling the App. I think that by renaming the App, a new certificate is generated, thus it would work.
Even though, it's not really a great solution, but it solved my problem as I wanted to rename the App in the first place.
Thanks everyone for providing answers!
I had to create a new Apple ID and it worked. Not the ideal solution but without access to certificates its the only solution that worked for me.

Keychain access in iOS and provisioning profiles

I started to read the Keychain Services Programming Guide and in the Keychain Services Concepts there is a note:
On iPhone, Keychain rights depend on the provisioning profile used to sign your application. Be sure to consistently use the same provisioning profile across different versions of your application.
I don't understand this note... what if for example I need a build for adHoc deployment and I need to later edit the provisioning profile to add more devices? Or if I sometimes build the app for adHoc deployment with its appropriate adHoc provisioning profile, and another times I build it to use TestFlight with its provisioning profile for the App Store?
Thanks
I don't think that's true, I regenerate my provisioning profiles every year and haven't lost keychain access.
What exactly constitutes keychain "identity" is hard to pin down.
QA1726 seems to imply that your keychain access is based on BundleID Prefix/Team ID plus bundle ID. Although bundle IDs are allowed to differ if you use the keychain-access-groups entitlement.
I would also hazard that provisioning profile type now comes into play.
e.g. once upon a time I could read the keychain of the AppStore version of our app from an Ad Hoc version of the app, but not a dev version, but that seemed to stop working around iOS 7.
I hope somebody can contribute some slightly less conjectural information.
it says about the every year the profile expired and updated with new one.this should be same. see here, more here

Apple Development Certificate issues

I have managed to get my Development and Distribution certificates in something of a mess (started with separate one for each App and more)
I'd like to start again with just one, generic, cert for each of Development and Distribution.
There are lots of tutorials on re-creating deleted or expired certificates but I can't find any confirmation that I can delete everything and start afresh (and, presumably, then use the new cert for new apps and/or updates to old ones?)
Has anyone actually gone through the steps of cancelling/deleting all Apple certificates and starting again? If so, any advice on steps and things to avoid will be appreciated.
thanks
Many thanks for the suggestions which I have now implemented.
I do now have just one each Development and Distribution certificate (although Xcode re-created the dozens of provisioning profiles I was trying to get rid of - I guess I will have to live with that long list for ever...).
An interesting result is the error message I received when I uploaded a new version of an App:
"Potential Loss of Keychain Access - The previous version of software has an application-identifier value of ['xxxxxxxxx.com.jeffmaynard.eurosceptic'] and the new version of software being submitted has an application-identifier of ['yyyyyyyyyy.com.jeffmaynard.eurosceptic']. This will result in a loss of keychain access."
Although the App has gone to review I am not sure of the consequences of this error message which I assume results from the certificate updates?
You have to clear your certificates in 2 places:
Keychain
Follow these steps to navigate and clear the certificates:
Open LaunchPad
Keychain Access
Select your Keychain
Select My Certificates
Now here you need to delete every certificate that starts with iPhone Developer or iPhone Distribution
Apple Developers Members Center
Login to Apple Developers
Go to Member Center
Click: Manage your certificates, App IDs, devices, and provisioning profiles
You have 2 tabs to interact Certificates and Provisioning Profiles
Remove all of them (Remember you can't delete those Provisioning Profiles, that are already in App Store).
Then you need to create it from the beginning: Follow my answer here

iOS app updated with iCloud passes validation during distribution, but the distribution profile is invalid in the developer portal

I have a strange issue.
I have a distribution certificate for my app in my developer portal with two App IDs (one wildcard and one explicit) and I've had to adjust the app ID to include the iCloud entitlements because I'm working on an update (iOS 7 only) with iCloud support.
I'm now ready to distribute and so I created a new provisioning profile in the developer portal with that certificate. As soon as it's added to Xcode, it shows up as "invalid" in the Developer Portal.
If I archive and validate my app before the app distribution in Xcode, and use my Apple ID and this provisioning profile, it says "it passed without any errors".
I'm extremely nervous about uploading this to Apple because it doesn't make sense to me.
The other provisioning profiles I have in the developer portal are the iOS Team Provisioning Profile (managed by Xcode).
I've got the entitlements in Xcode and my app works in development with iCloud, but I really want to distribute this.
If I add in more distribution profiles, as soon as it's added to Xcode, it shows up as invalid in the developer portal member centre. That's with using the explicit App ID. If I create one using the wildcard ID, it remains active, but I've read on the Apple documentation that for iCloud, you have to use an explicit App ID.
I have managed to solve this, thankfully.
I contacted the Apple Developer Support team by phone with this (without having to create a new support request and have that take a while) and was sent the following link:
https://developer.apple.com/library/ios/documentation/IDEs/Conceptual/AppDistributionGuide/MaintainingCertificates/MaintainingCertificates.html#//apple_ref/doc/uid/TP40012582-CH31-SW34
The specific header is "Re-Creating Certificates and Updating Related Provisioning Profiles”,
basically went through and revoked all of my certificates in the portal and removed the certificate and private key in the keychain access. From there, I removed all of my provisioning profiles as well.
Within Xcode on the accounts section, I got a popup asking if the development and distribution certificates should be generated. I said YES and it did it. In the developer portal, I now had two certificates. I created a developer profile and tested my app; it worked. I then created a distribution certificate and added it to Xcode. After refreshing the portal, it still showed active. I archived and validated my app, with no issues and then uploaded. The new distribution profile is still active.
This was great and I'm happy to have this resolved.

Certificate identity 'iPhone Developer: ' appears more than once in the keychain. The codesign tool requires there only be one

Ok, I am completely pulling my hair out on this one.
Back in July I created a provisioning profile so I could test on my iPad.
Then at the end of August I tried submitting my first App to the iTunes Store. The process was a complete nightmare, and I struggled. A lot. In the end I found a tutorial with relatively recent information in it, and only by following it step by step could I actually get anywhere with this. Unfortunately the result of this was that I created a new provisioning profile.
Now when I try to test on my iPad I get the following error in Xcode:
Certificate identity 'iPhone Developer: MyName' appears more than once in the keychain. The codesign tool requires there only be one.
I check the keychain, and sure enough there are the two provisioning profiles for development, one from July and the one I used to submit to the iTunes Store in August.
Now what I want to do is get rid of the old one, and then connect my iPad up to the new one. I can get rid of the old one fine, but I cannot connect my iPad to the new one, it insists on using the old profile, even to the point of re-attaching it to the keychain after Ive deleted it.
Can anyone tell me:
How to connect my iPad to the new provisioning profile?
And while we are at it, can anyone shed any light on why this entire process is so convoluted and difficult? Considering that so much of Apples interface is so well designed and fluid, this process of registering certificates and applying them to different devices and Apps seems so backwards. I initially suspected this was just me, but googling for these error messages reveals that there are many who are struggling at various points along this process.
This has nothing to do with Xcode and everything to do with keychain.
Open keychain.
Find the signing certificates that are tied to your provisioning profiles.
Delete one. You probably want to keep the newer one, so look at the expiration dates and remove the one that expires first.
Restart Xcode
You may need to update your provisioning profile if it isn't tied to the new certificate, but it won't be as painful as creating a new certificate.
Here's a broad overview of how code signing in Xcode works. It a bit much but will explain what's wrong with your configuration, and how you can fix it.
There are three parts to the mechanism that ensures that you are who you say you are and that your app is allowed to run where it wants to.
You've got a pair of keys, one public and one private. Your public key matches your private key, which identifies you.
Your keys are used to generate certificates. Generally, you'll have one certificate for development and one for distribution,either on the App Store or via Ad Hoc distribution. These certificates permit you to provision your apps.
Each certificate is used to generate provisioning profiles. The profiles must be attached to either a development or a distribution certification. A distribution profile either works on the App Store, or it contains a list of device IDs which may run apps signed with that profile.
If your certificate is expired, the provisioning profiles that are created with it are going to be invalid. In this case, replace both the certificate and the profiles. Generate a certificate signing request (CSR) from Keychain Access and upload it to the developer portal.
If you have multiple certificates in your keychain, Xcode won't know which one to use. This may happen if you renew your certificate and don't remove the old one. (It may also happen if you exported your developer profile and then imported it later. Your old certificates will carry over.)
If your provisioning profile is expired or invalid, you can renew it in the developer portal without generating a new CSR. You can just attach it to an existing valid certificate.
Certificates can't be carried over from one machine to another without moving the original key pair that requested it. Exporting the certificate from Keychain will export the keys as well.
Delete the old one, and start build with new.
One more way you can try , set code signing identity with profile you want to run in both target as well as project build setting.
Hope it will help you.
Otherwise you have to delete old one.

Resources