certificate selected by provision profile is incorrect - ios

I have created certificate & provisioning profile related to my iphone app.
but when I run app it shows doesn't match any valid certificate/private key pair in the default keychain
& then I realize that it is not certificate which i have created.
what should I do now?
I have tried to delete previous certificate but it does also not working it again came back.

You should have the private key used to create the certificate present in your keychain app for you to be able to code sign your app. Start fresh, create a new certificate, this time make sure to store the private key as .p12 file.

You have not installed the .p12 file. Please go through the Apple docs for Certificate/Provisioning-profile creation process. That will help you to understand the whole process of signing an iOS app.

You can always verify certificate, which provision created with.
Provision profile have public key encoded in base64. You can compare hash sums or finger print with private key on your mac.
Here is example code how to export certificate from provision in ruby gist.gitgub

Related

Export push notification certificate as P12

Normally, I can export the certificate from the keychain that I download from the apple member center as a p12 file. However, it seems that Apple may have changed something?!
I require it as a p12 to import it into Amazon's SNS service. I have tried converting to PEM files but it's producing an error on the console.
The solution I have found has been posted here: https://stackoverflow.com/a/19502944/1198404
I copy and paste the answer: Turns out all you have to do is select "My Certificates" on the left panel and it enables the .p12 option.
You can't export to a .p12 because you don't have the private key installed on your machine (if you did, you would have an "expand" arrow next to the certificate like your iPhone Distribution certificate has.) You will need to get the private key from the machine that generated the certificate before you export.
If the accepted answer doesn't apply to you (e.g., because you created the CSR from the same Mac, and should have the private key on this Mac), here's one more possibility:
When you happen to have selected the wrong keychain (like if you accidentally had single clicked on the System keychain rather than Login keychain), you may run into the same problem. If the cert signing request came from that machine, it would associate the private key with the Login keychain (at least, that seems to be the default). So if you somehow then downloaded and imported the certificate into another keychain like the System keychain (or iCloud keychain, as some comments have mentioned), Keychain Access would not find the matching private key and would not put the cert under "My certificates", and so it cannot export a p12. It would be similar to the case of importing to the keychain on a different Mac.
Make sure the import is into the keychain associated with the private key. Often this would be the Login keychain.
You don't have the private key.
So the solution is you have to revoke the previous certificate and create a new APNS profile again.
You can export from Cert just like below.

One mac to create 2 certificates

Is it possible to create more then one ios distribution certificate on one mac machine?
When I double click the certificate it does not create the key in my keychain until.
Thanks
You can ask for a new one, however that is not the equivalent of creating two. I dont believe you can create two on one machine as it is a distinct secret pair from your computer to their service. What you can do though if you need to export your development certificate to another computer is export from XCode a provisioning profile and install that on the other computer.
The certificate doesn't create the key, you do. When you perform the first step in Keychain Access when you request a certificate from a certificate authority, this generates the key and gives you a file Apple can use to sign it. When you install the certificate, it merely gets attached to the key that was there already.
In order to have more than one distribution certificate, you will have to create two keys and ask Apple to sign each one. You will then receive a certificate for each one. However I don't believe under normal circumstances Apple will sign more than one key.

missing private key in the distribution certificate on keychain

I have the following problem which I could not find a solution for anywhere. Basically, we have a company developer account (not enterprise) and so in order to submit our app, I requested from our team lead to send me the distribution certificate and create and send me a distribution provisioning profile.
With the developer profile, everything works good, but when I installed the cert and the provisioning profile, I did not see the distribution profile on Xcode, and nor do I have a private key under the dist cert in the keychain.
Does anyone know how to solve this? I read in diff places that I will need to revoke the certificate and create a new one, but I can't really do that since we have a bunch of apps in the company and I can't revoke it for everyone.
Ahh this is a common issue, The solution is simple:
Who ever created the developer credentials originally needs to go to the keychain on their computer and right click on the key(s) for private and public and export the key to a file.
Then you just download that file on your computer and open it, and it will be added to your keychain.
You need to have both the private key (.pem file) and the certificate for your provisioning profiles.
As long as you still have access to the mac which was used to generate the original distribution certificate it's very simple.
Just use that mac's Keychain Access application to export both the certificate and the private key. Select both using shift or command and right click to export to a .p12 file.
Attached a screenshot to make it very clear.
On your mac, import that .p12 file and you are good to go (just make sure you have a valid provisioning profile).
To add on to others' answers, if you don't have access to that private key anymore it's fairly simple to get back up and running:
revoke your active certificate in the provisioning portal
create new developer certificate (keychain access/.../request for csr...etc.)
download and install a new certificate
create a new provisioning profile for existing app id (on provisioning portal)
download and install new provisioning profile and in the build, settings set the appropriate code signing identities
Delete the existing one from KeyChain, get and add the .p12 file to your mac from where the certificate was created.
To get .p12 from source Mac, go to KeyChain, expand the certificate, select both and export 2 items. This will save .p12 file in your location:
For person who are afraid on re-creating AppStore distribution certificate Apple documentation says:
Important: Re-creating your development or distribution certificates
doesn’t affect apps that you’ve submitted to the App Store nor does it
affect your ability to update them.
But it affects apps for Apple Developer Enterprise ecosystem.
I lost hours and hours to resolve this issue, but it's fixed by just restarting MAC...
In my case, I've lost all private keys in my keychain, new ones were imported correctly, but doesn't show the private key as well. The only thing that helped was generating new CertificateSigningRequest
After you changed a Mac which are not the origin one who created the disitribution certificate, you will missing the private key.Just delete the origin certificate and recreate a new one, that works for me~
When I try to upload iOS build to test flight then error was appear.
"Missing privacy key".
Just 2 step for fix this error.
Remove old certificate from developer.apple.com
Create new certificate from Xcode or developer.apple.com
My problem has been solved (I am using Xcode 9.4.1).
Please check, Xcode created new certificate.
If you are creating your own Distribution cert, not using someone else's then this could help.
Spent quite a bit of time on this today, issues from not being able to create a SigningRequest to generating a distribution cert and not having it attached to my private key in KeyChain Access. These steps helped solve this for me.
If you are still having issues, revoke your current cert and start fresh.
Creating a new signing request
The Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority is actually contextually aware of what you currently have selected when you launch it. Just to be sure that you aren't accidentally skewing your Request with some random selection, go to your Login Items and select the Apple Worldwide Developer item. Then launch the above Request and create the CertificateSigningRequest.certSigningRequest file.
Go to Apple Dev portal, add new distribution certificate, upload your CertificateSigningRequest.certSigningRequest file and download the newly created distribution certificate.
To import the distribution cert into your keychain, instead of just double clicking it, I recommend opening your keychain, go to "login/Certificates" area and drag and drop the cert here.
I had an issue where my cert would auto-install into the System area, instead of the login area where my private key existed and this caused my key not to be linked to the new cert.
At the Menu > Visual Studio (mac) > Preferences > Publishing > Apple Developer Accounts > [Select your apple id] > View Details > Create Certificate
To delete unused/invalid certificates, go to website: https://developer.apple.com/account/resources/certificates/list
delete any unwanted certificate there
Next is to create App ID (identifiers), go to website:
https://developer.apple.com/account/resources/identifiers/list
Next, go to website to create provisioning profiles:
https://developer.apple.com/account/resources/profiles/add
use the certificate to bind with your app id.
Next is to download the profiles:
At your mac > At the Menu > Visual Studio (mac) > Preferences > Publishing > Apple Developer Accounts > [Select your apple id] > View Details > Download All Profiles
I got into this situation ("Missing private key.") after Xcode failed to create new distribution certificate - an unknown error occurred.
Then, I struggled to obtain the private key or to generate new certificate. From the certificate manager in Xcode I got strange errors like "The passphrase you entered is wrong". But it did not even ask me for any passphrase.
What helped me was:
Revoke all not-working distribution certificates at developer.apple.com
Restart my Mac
After that, Xcode was able to create new distribution certificate and no private key was missing.
Lesson learned: Restart your Mac as much as your Windows ;)
I accessed that certificate on apple's developer website and after downloaded it I opened it. Likewise, at open I got a little window asking if I wanted to add the certificate to keychain. Just tapped "add" and the "missing private key" error was gone.
My problem was that for whatever reason, the login keychain was missing in the Keychain Access. Xcode created a new certificate and added it to the login keychain but could not use it. Restarting the computer solved my problem.
Just to shed some light on this.
After I deleted my p12 certificate from Keychain. I re-downloaded my own certificate from Apple developer portal.
I was only able to download the certificate. But to sign you need the private key as well. So you either:
export both private key and certificate from Keychain to get it.
Upload a Certificate Signing Request and generate new certificates
That certificate by itself has no value for signing purposes. My guess is that the private key is created by keychain the moment you 'request a certificate from a certificate authority' but isn't shown to you until you add its matching certificate.
Check whether you are using Login or not to add the certificates, if you are checking in System at top left hand side then we wont be able to see it.
So drag and drop the .cer into login then check you are able to get the private key or not.
I'm the creator of the key, but the key was attached to an expired Certificate.
To solve it I went to -> Xcode/Preferences/Accounts/"Account you use to archive"/Manage Certificates..
Then click on the dropdown menu with the "+" sign on the bottom left corner, and choose the type of certificate you need updated (mine was Apple Distribution).
This updated my new certificate with its key attached.
Contact with the creator of iOS Distribution key and tell to export certificate and private key, then just download and double click it to access in your keychain.
I assume you have switched device and trying to create a new certificate for your new device,
First revive the development certificate form the developers portal,
Go to xcode > preferences > accounts > select your apple id with the dev portal access > manage certificates > click on the team account > click on the little + button > click on apple distribution
Go to the apple developer portal , you can see a distribution certificate is created ,
Go to profiles create a new profile with the new certificate.
Download > install
done
An old XCode version will also cause this. I was on XCode10 (old for 2022). Updated to latest version, which resolved the issue.
I could resolve this problem by updating macOS and XCode.

Profile doesn't match any valid certificate/private-key pair in the default keychain

I am developing an application for a company, they gave me the admin role so I can edit provisioning files. I am getting "Valid signing identity not found for distribution file" and "Profile doesn't match any valid certificate/private-key pair in the default keychain" error on XCode, normally I would revoke the distribution profile by creating a key chain from my mac, but the company have other applications and I can not risk revoking it because clicking revoke gives the following warning.
"Revoking this certificate may invalidate one or more Provisioning Profiles in the Program Portal. Provisioning Profiles already installed on devices will continue to run until the provisioning profile expires."
Is there a way to add a new key pair without revoking the distribution certificate, would revoking the current certificate effect other applications or are there any other solutions to this problem?
You need the private key associated with the distribution certificate.
Request the person who created the distribution certificate for the company for the private key associated with the distribution certificate. Get him to export the private key from his keychain! Ask him to remember to select both the distribution certificate and private key together before right clicking and exporting it as .p12 Select both the distribution certificate and private key together before right clicking and exporting it as .p12
Once you open the .p12 it should pair up with the distribution certificate (the .cer file you should already have in your keychain). Your provisioning profile should work fine then!
Let me know if it works!
I came across the same issue and for some bizarre reason the method clearwater82 suggested didn't work.
But I found out this documentation on apple developer site. Might be helpful for someone else. It's just two simple steps.
FIRST STEP : Exporting Your Code Signing Assets to Your File System
SECOND STEP : Importing Your Code Signing Assets from Your File System
Hope this helps someone!

Add private key to certificate or vice versa

the problem is, that I want to create a new private/public key pair for a new App.
So i followed the documentation (http://developer.apple.com/ios/manage/certificates/team/howto.action) and it said to first created a new key pair.
Ok, than i got a certificate signing request file, which i had to upload to the developer homepage (Certificate > Developement).
There I found out, that (and because) we allready have an app in the appstore, there is allready a certificate. So i downloaded the existing one and doubleclicked it in the finder. The keychain opended, but didn't append the certificate to the newly created private key (as i expacted).
What did I do wrong? What do i have to do, to activate this key pair?
Can someone help me in this issue?
Thanks
Br
Nic
Every certificate will have a public and private key. And also if you are talking about the developer certificate, every developer account can have only one certificate.
What you get to download from the apple website is only your public key. You need the private key to sign the apps. Your private key will be in the machine where you generated the CSR.
Check the "Saving your Private Key and Transferring to other Systems" section in http://developer.apple.com/ios/manage/certificates/team/howto.action to find out how to export your private key from that machine and use it in a different machine.
If you cannt get the machine where you generated the CSR, then you can revoke the existing one and generate a new one. But remember that this will make the existing profiles generated from this certificate invalid.
I was having the same problem and I had to delete all my provisioning profiles and existing certificates and then I followed the step-by-step instructions from this article:
Creating Your Signing Certificates by Apple and it had me up and running in 5 minutes after hours of banging my head!

Resources