Certificates, provisioning profiles and setting Apple Push Notification is the part I could never grasp fully since first day. I believe a lot of people are having similar issues looking at SO questions. Unfortunately after long approval process and finally the app being in Appstore, my apps push notification is not working. While in development, the push notification was working perfectly. I guess I made a mistake in setting production certificates just before app store submission (most probably the reason was my frustration with this subject - or my lack of knowledge - we will find out..)
Now the technical part:
I submitted my App with the APN certificate labelled as 1. After we figured the PN are not working, I created the certificate labelled as 2. I will talk about it later.
And here is the Keychain access screenshot from the computer I created the certificates from (The labels are matched with the above certificates image):
As you can see, the certificate 1 doesn't have a private key attached to it. (Is this a problem?!) I don't know how it happened or if I have deleted it by mistake or never created it in the beginning. All the rest have private keys attached to the certificates.
Thinking that this must be the reason for the PN not working, After the app was in Appstore, I created a new APN certificate labelled 2. This time with a private key attached:)
And here is how I export the certificate and private key couple to a .p12 file. I don't think this part is wrong since it is the same procedure I used for development .p12:
Whatever I tried, (I exported every possible .p12 combination of the 4 certificates and 3 private keys and embedded them to our server) Push notifications are not working.
So my question is:
Do I have to re-submit my app to the Appstore again with brand new certificates? This would be really bad since the people who downloaded the app will not have Push notification functionality for another at least 12 days. (thats how long it took Appstore to review last time)
Is there still a chance that I can play with the Apple Developer Console and alter/create new certificates/provisioning files/APN certificates and get this thing working without the need for a re-submission.
Thanks for reading the somehow long question. Any help/thought would be appreciated.
No, there is no need of re-submitting the app.
For certificate 1 - yes missing private key means certificate is not correct.
where as certificate 2 you can again export .p12 file or you can create a new certificate and create .p12 file.
and yes, you can play around for .p12 file.
Related
I am amazed to see that When ever I am creating Certificates "Apple Push Notification service SSL (Production & Development)" it is not shown in Profiles
Things are very much changed on Developer portal And after bashing my head many times (deleting and creating different certificates) its is not working for me
What I am doing:
Attempt 1: When I create certificates from certificate menu it did appear on Profile menu (from where we create provisioning profile & selects certificates) but when I create APNs SSL certificate it never appears in provisioning profile menu
Attempt 2: I created separate SSL certificate and created p12 file from them and uploaded them into FCM server and then i created normal certificate and generated Provisioning profile and installing them in xcode it gives me error of not including something for Notification.
So after trying all these I am now not able to run app on device and not able to work around for FCM notification
Question: What steps are needed to create certificate while working on FCM?
"NOTE: Since all interface and working procedures are updated on developer portal is updated so all help on SO and other places are out date. Please let me know what should I do and how it is done in precise manner it will be great help. THANKS"
I suggest to use for push notification, .p8 key because this same key will work for both sandbox And production mode.
Use this solution to generate .p8 Key And upload key on firebase read this articles
It's my first time to update one app in app store after implementing the Firebase push notifications in the project. I'm trying to upload the "Production Certificate" in Firebase Console, but it gives me this:
The APNs certificate provided does not match the current environment
I want to make sure that after updating the app users will receive notifications.
Any link with tutorial to update one app in appstore is welcome.
The mistake I was making was that I was exporting the "private key" part of the certificate in Keychain Access instead of the "certificate" part. As soon as I re exported the .p12 using the correct item - it worked.
Please refer to the answer given here
The other possibility is:
You are confusing the development certificate with Production one in the certificate list of Key Chain Access.
Try to "Export" from the correct one.
This is what brought me here :)
I have not found any functional solution, between a great number of suggestion on internet. I don't know exactly where and when it stopped to work, but I have an app at Apple Store that is working fine and it is in the 1.7 version. One month ago, I have tried to implement Push Notification and, to this tool works, I have to create and manipulate some certificates (Apple Developer certificates, Keychain Access, etc). After that, when I try to upload a new version to Apple Store using Xcode, I receive the message “Upload Successful”. Some minutes after this, I receive this message in my email:
Dear developer,
We have discovered one or more issues with your recent delivery for "Habilidades Médicas". To process your delivery, the following issues must be corrected:
Missing or invalid signature -
The bundle 'com.IvanSinigagliaApps.ChkList' at bundle path 'Payload/HabMed.app' is not signed using an Apple submission certificate.
Once these issues have been corrected, you can then redeliver the corrected binary. Regards, The App Store team”
I really don`t know what I did. Maybe, I can have deleted a key (keychain) or deleted a certificate or both. All the posts I have found about “Missing or Invalid Signature” didn’t work for me; many don't push me to my issue and many other are out of date for Xcode 8.3. I will post some screens with some doubts I have to show most information I can and I hope they can work as clues to help me to fix it.
Fig 01: My Keychain Access: I can found to Certificates: 1) iPhone Developer: QRL…, and 2) iPhone Distribution: C3D….
Fig 02: Apple Developer Provisioning Profiles:
Fig 03: iOs Certificates
Fig 04: Xcode (Certificate iPhone Developer QRL… ) ???
Fig 05: Xcode: even when manual provisioning is set up (C3D…) it doesn’t work.
Fig 06: Uploading App (Signing identity Distribution C3D…
Fig 07: Uploading (C3D…)
Fig 08: Upload Successful
UPDATE #1
This is happening the same way to my 4 apps, that were loading fine before.
Still not working, but after following the instructions at Apple Developer Troubleshotings technical Note TN2318, section: Resolving Signature Verification Failure, I run the Terminal with these instructions:
codesign --verify -vvvv -R='anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.1] exists and (certificate leaf[field.1.2.840.113635.100.6.1.2] exists or certificate leaf[field.1.2.840.113635.100.6.1.4] exists)' /path/to/the.app
I receive this message: code object is not signed at all
Now, I will try to go on this clue.
Yes, it is done, after a lot of hard work.
I have a great help from Apple Developer technical Support and to short this issue what I did was trying to fix it editing my certificates. As the problems involved all my apps, it should be something with the certificates. So, the guy from Apple, John, told me to think about this information:
I see they were issuing an revoking their certificates throughout May
and created the latest Certificate on June 1st. It is currently the
only active certificate. When a Distribution/Development Cert is
revoked, the associated provisioning profiles are invalidated and the
apps will stop functioning. This is the expected behavior. Apps
distributed via the App Store are not subject to this behavior. Only
apps distributed using the Ad-Hoc distribution method.
So I went to my certificates, at Apple Developer site, and edited those that I had just revoked and edited them again. A new one was created for this particular app and I have downloaded it to my machine. I have done a new upload and now everything is working fine again, with all apps.
There was a big confusion with all my certificates and with all my apps that. This confusion came to create this issue. Now I have reorganized all this stuff and everything is fine.
That's my lesson from this issue: keep all your work organized.
I really hope someone with the same issue can fix them after reading all this post or at least find an orientation.
Thank you Apple Developer Support and everybody who has read this.
I have an in-house enterprise app that is managed (deployed) from MaaS360
'https://portal.fiberlink.com'
And this app is built (and still maintained) in XCode 4.6.3 (i know, i know), so I don't have any of the fancy new features in XCode 7 that might help alleviate this problem. In fact, even the refresh button in Organizer no longer works... you tap it and a dialog says "service unavailable" and I've tried it on different days, so it's not just a temporary glitch or service interruption. I believe apple disabled whatever portion of their service was servicing that request from XCode 4's Organizer.
The provisioning profile on it is going to expire in March, and I'm trying to figure out how to renew it without inconveniencing the users by making them download a new rebuilt app. It would be particularly painful for them because it would require they sync a few gigabytes of data from their device through iTunes for each person, and it's a few hundred people.
My problem is, my certificate I used to sign the app is also expiring around the same time (in March).
I happened to have another certificate and an associated provisioning profile, I had generated on a different mac which expires in 2019, and I tried to use it to update the expiring provisioning profile on MaaS360 for this app in question, and I get this error
So what has me a little terrified is, I'm back on the mac where I originally created and deployed the app... if I need to renew my existing certificate (which I assume means revoking it and replacing it with a new one), in order to create a new provisioning profile, aren't I going to run into this dialog again, claiming that my certificates don't match, because I'll now have a new one, hence I can't update the profile.
If the only way to update my expiring provisioning profile is with my soon-to-be-expired-but-also-identical certificate which originally created the profile, that still means my profile is going to expire as scheduled because my original certificate will have expired too.
Is there a way out of this dilemma?
You can have two certificates active at the same time. So I would generate a new certificate using the same key you used to generate the original one. To do this on the Apple developer portal, you will need the cert signing request. Most developers don't save this when they generate their certificate the first time. The good news is, if you have the private key that was used for your distribution certificate, you can use that to generate the CSR. To find out if you have the private key, you can use this post for how to locate it in the Keychain app. https://stackoverflow.com/a/33651921/3708242
Once you have verified that you have the private key used for the certificate for the app store distribution, you can generate the a CSR using the following procedure: https://stackoverflow.com/a/7111454/3708242
Once you have the CSR, go to Apple's developer portal and generate a new distribution certificate for "In-House and Ad Hoc" distribution. As long as you only have one out there, you should be able to create a second without having to revoke the existing one. Once you've done that, you will likely need to provide that certificate to the MaaS360 service (I'm not familiar with how that works, but somehow the Maas360 server must have the private key and certificate that the apps were built with, as it is clearly checking that when you push the build of your app and the certs don't match). So download the new cert and provide that to MaaS360.
Then, generate a new distribution profile using the new certificate. Or you can update the existing one to use the new cert by clicking the edit button on the provisioning profile, then changing the radio button to the new cert which should expire several years out. Note that this won't prevent any existing apps built using the profile from running in the meantime (revoking the certificate, however, would immediately cause the apps to stop working, which you don't want). Save and download the new profile, and use it to rebuild the app.
The app will then be built with the new certificate, that won't expire any time soon. I do think you are missing the part of the process where you will have to provide the new cert to MaaS360. I can't really help you with that part, but hopefully there is some documentation from IBM that can help you out there. But, you will need to fix it, because once the cert expires, non of the apps built with it will work. Good luck and let me know if any of this is not clear enough.
I work for a large, spread out (all over the country) company.
We have a paid iOS Dev Center account and I've been using it to develop iOS apps on phones for months now.
I've now returned to an iOS project after some weeks and it appears that while I was away the existing Development Certificate (the one you use to test and debug on phones, not the Distribution Certificate for the App Store) expired, and someone renewed it.
And now when I download that certificate, it doesn't match the private/public key pair on my system. My guess is that whoever did it generated a new key pair (whether or not they needed to do this I don't know).
So now I guess I need to hunt down the person who did this (it's in the name of the person who signed up for the account but that's not necessarily who did it) so I can get them to export their key pair.
Or I could revoke the certificate and make a new one.
If I do that, will it screw up anyone who's working with the (now revoked) certificate/key pair?
Anybody else who is developing with the new profile should also have the newly created new keys. so you don't necessarily have to hunt down the original person who revoked the old cert.
But if even that is problem then i suggest you revoke and send out the new .p12 to everybody who might need it. And as long as it does not affect the old apps (which it wont) you should be ok.
But on a sidenote your company needs a system to be able to do this efficiently.
I'm pretty sure - if you revoke his certificate, it will simply not be valid and clients will receive errors about unsigned / revoked signing on the app.