Exporting iOS distribution certificate - ios

I created distribution certificate on one machine and I want to now run App on another machine. Only solution I found is to export and then import distribution certificate (Unable to create ipa in xcode 6?).
But currently I don't have access to my first machine. Is there any alternate way? May be to export from developer.apple.com. IF not then why apple is not giving that flexibility?

If you requested the distribution certificate from one machine, then that is the only place that private key exists. The only options are to export the complete certificate (private and public keys) from that machine, or to create a new distribution certificate.
You can download the certificate from Apple as Ahmed mentioned above, but it will not contain the private key needed to sign your app.

Its not possible to use a certificate without the private key. This key is only available on your previous machine.
You need this private key to sign the ipa through xcode.
The only options for you is to generate new certificate and provisioning profile (if you do not have access to previous machine).

You can download them from developer.apple.com and import them.
Xcode has also the ability to sign in into your account and
re-download them.
Here are steps that need to be followed for #2:
Go to Xcode;
Select "Preferences";
Choose "Account".

Related

Certificate added but It shows missing private key

Right now I'm developing apps on a brand new macbook. I have downloaded the certSigninRequest
Now I have added both the ios distribution certificate and the private key which is (certSigninRequest)
But whenever I try to export my app it keeps saying missing private key. I have added to my Keychain already
For your case, the appropriate way to use the Distribution Certificate to be legal on other machine(s) is to export it from the current machine that uses the certificate.
To do this:
Navigate the the keychain access.
Go to the targeted certificate, expand it and select both the certificate and the private key:
Right click and select "Export 2 items...".
Obviously, you should fill the required info, such as the name of the exported file and a password.
The output of the above steps would be a .p12 file, which should be installed on the other machine(s). Note that revoking the original certificate will also makes this exported file to be invalid.
Do not request a new distribution certificate for the new machine, it will automatically revoke the previous one (which leads to make the first machine's certificate to be invalid). This thing is you would generate only one Distribution Certificate -by generating a "CertificateSigningRequest" file from the current machine- and then export it to be able to install it on the other machines, which means that all machines use the same distribution certificate.
Also, the following questions might be related to your case:
missing private key in the distribution certificate on keychain
How can I add private key to the distribution certificate?

Transferring Apple dev account & certificate to new machine

I've recently attempted to transfer my apple dev certificate to a new mac, however, the provisioning profiles are appearing as valid signing identity not found.
I imported my developer account into Xcode5 and when I deploy a build, I get the option to fix the issue of not having a valid signing - this generates an iOS team provisioning profile for the bundle id.
So far have found this is fine for testing - we distribute ourselves not using the app store.
If anyone would be able to give me a heads up on whether this is an okay method, or whether I will need to generate a new certificate for distribution in case we do use the app store for distribution.
If you still have access to your previous computer, you can export as p12 the private key you used to generate the Apple certificate.
Go to keychain, select the iOS certificate and right click to export it. Then import it to your new computer and you do not need to generate new certificates.
what you need to do is to remake the developer and distribution certificates for your new mac and install it then, you update your provision profile with the new certificate, reinstall it and everything works
PS: for remake your developer and distribution certificates you have to go in the keychan
Certificate Assistant > Request a Certificate From a Certificate Authority..
then add your email and common Name, check Saved to disk. Finally Into the developer web site you remove your old certificates and create the new one with the new file that you have in the disk.
Did you export from Xcode → Preferences → Accounts like Apple's guide suggests?
Did you also export your private key from the keychain? I have seen this issue before, and that was resolved by exporting and importing the private key.
If you do want to distribute on App Store later on you will definitely need to import a valid certificate, yes.
here you can find a solution or ask your problem to a developers Apple support:
https://developer.apple.com/support/
Other way you can call the developer support center here:
https://developer.apple.com/contact/phone.php

How to build iOS app using 3rd party distribution provisioning profile

I developed an iOS app that my client is going to use internally. They sent me their enterprise distribution provisioning profile. When I add it to XCode it says "Valid signing identity not found". How do I build the app so that my client can run it on their devices?
Your computer is unable to sign with the distribution profile, since you don't have the private key for this certificate.
Alternative 1
Apple intends that building a project for distribution will only take place on a single machine - the machine that the certificate was originally created on. So, in their eyes, you should ask your clients to build the project internally (for distribution only - for development you should have no problems building yourself).
Alternative 2
There is a way to override it.. and it involves exporting the private key from that special distribution machine and emailing it to you.
These are the steps (also outlined here):
Access the computer where the certificate was created, open the "Keychain Access" program on the computer
In "Category" panel, select "Certificates"
Find the correct distribution certificate and expand it
Highlight both the iPhone distribution certificate line and the private key line under it.
Right click and select "Export 2 items"
Save the .p12 file, choose a password that can share, you will need it to import this file later
Email the saved file to you
Once you import this and type in the password from step 6, you will have the private key on your computer too and all will be good.
Alternative 3
There's a chance that when you ask your clients to export the private key, they will have no idea what you're talking about and no idea where the machine that created it is (this is what actually happened to me). This is usually the case if they are not regularly building for distribution on their own.
In this case, you can simply delete the certificate and create a new one (for the distribution profile). If you create the certificate on your machine, then you will have the private key. You should also export it to them just in case (using the same steps of alternative 2).. so they have the ability to build without you if need be.
Each provisioning profile is paired with a certificate. If you subscribe to the Apple developer service, you should have access to create and download a development cert (tied to the apple ID) and a distribution cert (tied to the organization). The enterprise distribution provisioning profile needs to be paired with the distribution cert. So in order to use their provisioning profile, you will have to get the distribution certificate from them. This will also involve you getting their private key, which they might not be so fond of. Alternatively, they can set you up as a developer on their portal, then you can distribute through the machine that already has the distribution cert installed on it.

missing private key in the distribution certificate on keychain

I have the following problem which I could not find a solution for anywhere. Basically, we have a company developer account (not enterprise) and so in order to submit our app, I requested from our team lead to send me the distribution certificate and create and send me a distribution provisioning profile.
With the developer profile, everything works good, but when I installed the cert and the provisioning profile, I did not see the distribution profile on Xcode, and nor do I have a private key under the dist cert in the keychain.
Does anyone know how to solve this? I read in diff places that I will need to revoke the certificate and create a new one, but I can't really do that since we have a bunch of apps in the company and I can't revoke it for everyone.
Ahh this is a common issue, The solution is simple:
Who ever created the developer credentials originally needs to go to the keychain on their computer and right click on the key(s) for private and public and export the key to a file.
Then you just download that file on your computer and open it, and it will be added to your keychain.
You need to have both the private key (.pem file) and the certificate for your provisioning profiles.
As long as you still have access to the mac which was used to generate the original distribution certificate it's very simple.
Just use that mac's Keychain Access application to export both the certificate and the private key. Select both using shift or command and right click to export to a .p12 file.
Attached a screenshot to make it very clear.
On your mac, import that .p12 file and you are good to go (just make sure you have a valid provisioning profile).
To add on to others' answers, if you don't have access to that private key anymore it's fairly simple to get back up and running:
revoke your active certificate in the provisioning portal
create new developer certificate (keychain access/.../request for csr...etc.)
download and install a new certificate
create a new provisioning profile for existing app id (on provisioning portal)
download and install new provisioning profile and in the build, settings set the appropriate code signing identities
Delete the existing one from KeyChain, get and add the .p12 file to your mac from where the certificate was created.
To get .p12 from source Mac, go to KeyChain, expand the certificate, select both and export 2 items. This will save .p12 file in your location:
For person who are afraid on re-creating AppStore distribution certificate Apple documentation says:
Important: Re-creating your development or distribution certificates
doesn’t affect apps that you’ve submitted to the App Store nor does it
affect your ability to update them.
But it affects apps for Apple Developer Enterprise ecosystem.
I lost hours and hours to resolve this issue, but it's fixed by just restarting MAC...
In my case, I've lost all private keys in my keychain, new ones were imported correctly, but doesn't show the private key as well. The only thing that helped was generating new CertificateSigningRequest
After you changed a Mac which are not the origin one who created the disitribution certificate, you will missing the private key.Just delete the origin certificate and recreate a new one, that works for me~
When I try to upload iOS build to test flight then error was appear.
"Missing privacy key".
Just 2 step for fix this error.
Remove old certificate from developer.apple.com
Create new certificate from Xcode or developer.apple.com
My problem has been solved (I am using Xcode 9.4.1).
Please check, Xcode created new certificate.
If you are creating your own Distribution cert, not using someone else's then this could help.
Spent quite a bit of time on this today, issues from not being able to create a SigningRequest to generating a distribution cert and not having it attached to my private key in KeyChain Access. These steps helped solve this for me.
If you are still having issues, revoke your current cert and start fresh.
Creating a new signing request
The Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority is actually contextually aware of what you currently have selected when you launch it. Just to be sure that you aren't accidentally skewing your Request with some random selection, go to your Login Items and select the Apple Worldwide Developer item. Then launch the above Request and create the CertificateSigningRequest.certSigningRequest file.
Go to Apple Dev portal, add new distribution certificate, upload your CertificateSigningRequest.certSigningRequest file and download the newly created distribution certificate.
To import the distribution cert into your keychain, instead of just double clicking it, I recommend opening your keychain, go to "login/Certificates" area and drag and drop the cert here.
I had an issue where my cert would auto-install into the System area, instead of the login area where my private key existed and this caused my key not to be linked to the new cert.
At the Menu > Visual Studio (mac) > Preferences > Publishing > Apple Developer Accounts > [Select your apple id] > View Details > Create Certificate
To delete unused/invalid certificates, go to website: https://developer.apple.com/account/resources/certificates/list
delete any unwanted certificate there
Next is to create App ID (identifiers), go to website:
https://developer.apple.com/account/resources/identifiers/list
Next, go to website to create provisioning profiles:
https://developer.apple.com/account/resources/profiles/add
use the certificate to bind with your app id.
Next is to download the profiles:
At your mac > At the Menu > Visual Studio (mac) > Preferences > Publishing > Apple Developer Accounts > [Select your apple id] > View Details > Download All Profiles
I got into this situation ("Missing private key.") after Xcode failed to create new distribution certificate - an unknown error occurred.
Then, I struggled to obtain the private key or to generate new certificate. From the certificate manager in Xcode I got strange errors like "The passphrase you entered is wrong". But it did not even ask me for any passphrase.
What helped me was:
Revoke all not-working distribution certificates at developer.apple.com
Restart my Mac
After that, Xcode was able to create new distribution certificate and no private key was missing.
Lesson learned: Restart your Mac as much as your Windows ;)
I accessed that certificate on apple's developer website and after downloaded it I opened it. Likewise, at open I got a little window asking if I wanted to add the certificate to keychain. Just tapped "add" and the "missing private key" error was gone.
My problem was that for whatever reason, the login keychain was missing in the Keychain Access. Xcode created a new certificate and added it to the login keychain but could not use it. Restarting the computer solved my problem.
Just to shed some light on this.
After I deleted my p12 certificate from Keychain. I re-downloaded my own certificate from Apple developer portal.
I was only able to download the certificate. But to sign you need the private key as well. So you either:
export both private key and certificate from Keychain to get it.
Upload a Certificate Signing Request and generate new certificates
That certificate by itself has no value for signing purposes. My guess is that the private key is created by keychain the moment you 'request a certificate from a certificate authority' but isn't shown to you until you add its matching certificate.
Check whether you are using Login or not to add the certificates, if you are checking in System at top left hand side then we wont be able to see it.
So drag and drop the .cer into login then check you are able to get the private key or not.
I'm the creator of the key, but the key was attached to an expired Certificate.
To solve it I went to -> Xcode/Preferences/Accounts/"Account you use to archive"/Manage Certificates..
Then click on the dropdown menu with the "+" sign on the bottom left corner, and choose the type of certificate you need updated (mine was Apple Distribution).
This updated my new certificate with its key attached.
Contact with the creator of iOS Distribution key and tell to export certificate and private key, then just download and double click it to access in your keychain.
I assume you have switched device and trying to create a new certificate for your new device,
First revive the development certificate form the developers portal,
Go to xcode > preferences > accounts > select your apple id with the dev portal access > manage certificates > click on the team account > click on the little + button > click on apple distribution
Go to the apple developer portal , you can see a distribution certificate is created ,
Go to profiles create a new profile with the new certificate.
Download > install
done
An old XCode version will also cause this. I was on XCode10 (old for 2022). Updated to latest version, which resolved the issue.
I could resolve this problem by updating macOS and XCode.

iOS and XCode: Issue with certificates

I've search the web but couldn't find a solution exactly for my problem. I've created a Development Provisioning Profiles in iOS Provisioning Portal and added it to my iMac. I can successfully deploy applications to my iPhone.
Now I'm trying to deploy the same application from my MacBook Pro. I've installed the profile but gets an error:
XCode could not find a valid private certificate/valid key-pair for this profile in your keychain
I think that I need a private key from my iMac which I have to import to my MacBook Pro. Right? My question is, where can I find that private key?
When you have generated your certificate, Apple requires you to use Keychain Access for generating a certificate signing request (CSR). When you've done this, a private key has been generated in your keychain.
You got the error above because you don't have transfered this private key between your Macs.
Here is the guide to do so (the link is for mac, but it's the same manipulation). From your iMac :
Open Keychain Access in the /Applications/Utilities folder.
Select the signing certificates you want to export.
Choose File > Export items.
Choose Personal Information Exchange (.p12) as the file format and click Save.
Enter a password and click OK when done.
Transfer the p12 on your macbook, and :
Double-click the exported file that has a .p12 extension.
Extracted from :
http://developer.apple.com/library/mac/#documentation/ToolsLanguages/Conceptual/OSXWorkflowGuide/CodeSigning/CodeSigning.html#//apple_ref/doc/uid/TP40011201-CH7-SW17
Revoke the current certificate then follow the prompts regarding keychain Access when you go create new and then you should be fine.
You can still use your keychain to create the CSR, and then upload it on the new provisioning portal. Just did it the other day.

Resources