I have a business account/profile that I used for app1. I put out app1 on the market and it is currently online. I then started a personal app2 with another dev account and finished app2 and tried to put it on the market. I got an error that I can only have one distribution certificate in the keychain so I removed my business one and was able to submit my personal app2. So now I am trying to make some changes on app1 but now I am getting a "valid signing identity not found" warning. So I tried re-downloading my distribution certificate and whatnot, tried creating new profiles, nothing is working. In the keychain I can view the certificate and there is no private key associated with it. I've read about everyone else who has encountered the "valid signing identity not found" problem and it seems the common solution is to revoke the certificate and create a new one. Except that I read that if you revoke the current certificate then my app will stop working on all devices & I can't have that happening. Please tell me apple didn't just screw me over (again).
I found this link, which answers the question: What, if any "screw it up permanently" situations are there in the App Store certificate/key-pair code signing process?
A Distribution certificate is used only for submission to iTunes Connect (and Ad Hoc stuff). Once approved, Apple signs the app with a different non-expiring certificate before putting the app in the App store, so the state of the developer's Distribution certificate no longer matters.
Related
In our iPad application user has to enter his details for registration. After the user enters his details we save those details in the Device's keychain.
So next time the user launched the app user can use the app without registering again. Since we save it in the keychain even the app reinstall by deleting is also worked fine.
One of our clients uses their MaaS360 MDM to distribute this app to their users. But when the user installs it through the MDM app and after the next day, keychain data got lost and ask the user to do device registration again.
Initially, we thought this is due to one of the policies they have included. But no luck. Can someone please tell me what has happened here and how to solve this issue.
There are two possible scenarios:
First scenario:
It's a configuration issue of MaaS360 MDM server. Please look at these config examples.
Second scenario:
It's not a MaaS360 MDM issue, it's rather a certificate issue. Probably, your client gets the similar error when he/she is distributing an app:
"Could not find a valid private-key/certificate pair for this profile in your keychain."
Apple documentation says the following about that:
This error message indicates that your system’s Keychain is missing either the public or private key for the certificate you are using to sign your application. This often happens when you are trying to sign and build your application from a different system than the one you originally used to request your code signing certificate. It can also happen if your certificate has expired or has been revoked. Ensure that your app’s provisioning profile contains a valid code signing certificate, and that your system’s Keychain contains that certificate, the private key originally used to generate that certificate, and the WWDR Intermediate Certificate.
Please read Code Signing instructions to find out how to get rid of that issue.
I've been using Xcode with a free Apple ID, and signing a App with a free provisioning profile.
However, after I signed the App with another Mac, the certificate on the first Mac I used to sign the App with does not work anymore.
I received this error message when I tried to run it on my iPhone:
Please verify that your device's clock is properly set, and that your signing certificate is not expired. (0xE8008018).
After generating a new certificate via Xcode > Preferences > View Details... > iOS Distribution > Create, I got this error instead:
The identity used to sign the executable is no longer valid.
After deleting the App from my iPhone, I tried to run the App again and received this error message instead. This also caused my phone to freeze for a while:
dyld: Library not loaded: #rpath/libswiftCore.dylib
Referenced from: /var/mobile/Containers/Bundle/Application/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/Test.app/Test
Reason: no suitable image found. Did find:
/private/var/mobile/Containers/Bundle/Application/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/Test.app/Frameworks/libswiftCore.dylib: mmap() errno=1 validating first page of '/private/var/mobile/Containers/Bundle/Application/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/Test.app/Frameworks/libswiftCore.dylib'
(lldb)
Update: I'm using Free Provisioning Profile, thus I don't have access to iTunes Connect. I also can't import the certificate from my 2nd Mac as it was it was reset.
Update 2: I've also visited Keychain App and found 2 certificates - one expired and one valid. I deleted the expired one and tried to run the App on my phone again, but the error persists.
Update 3: I've tried to revoke all my certificates in developer.apple.com, but there isn't a certificates management. Only 'Programs & Add-ons' and 'Your Account' sections are available in the nav, which allows me to enrol into Apple Developer Program.
Update 4: I've also restarted my Xcode to no avail.
The main problem is that I'm not sure why I cannot revoke and regenerate a new certificate.
How can I solve this problem?
Generate a New CSR from your Keychain and download new certificate using this CSR. Include this certificate in your provisional profile and download it. Make sure you remove all expired certificates from Keychain. Good luck.
You don't need iTunes Connect to manage your certificates, IDs and provisioning profiles. iTunes Connect is used for managing your app store releases, which as you know you can't do with a free account.
You need to go to developer.apple.com and log in with your free account to the member center. You will be able to see the certificates and provisioning profiles under your developer account.
Since you don't have anything in the store (you can't with a free account), I would go into the developer's member center, revoke and delete any certificates that are out there, and delete all provisioning profiles. Start from scratch and generate a new certificate using a brand new CSR. Then generate a new provisioning profile using the existing app ID and the newly created certificate. Download the profile update your project settings to use the new signing identity and profile, and you're back in business.
Also, this is assuming that you are not sharing this developer account. If you are, doing the above instructions will make it so other developers will not be able to build with the signing identity unless you give them the private key for the certificate.
I managed to fix this problem by renaming the App name, and recompiling the App. I think that by renaming the App, a new certificate is generated, thus it would work.
Even though, it's not really a great solution, but it solved my problem as I wanted to rename the App in the first place.
Thanks everyone for providing answers!
I had to create a new Apple ID and it worked. Not the ideal solution but without access to certificates its the only solution that worked for me.
I have managed to get my Development and Distribution certificates in something of a mess (started with separate one for each App and more)
I'd like to start again with just one, generic, cert for each of Development and Distribution.
There are lots of tutorials on re-creating deleted or expired certificates but I can't find any confirmation that I can delete everything and start afresh (and, presumably, then use the new cert for new apps and/or updates to old ones?)
Has anyone actually gone through the steps of cancelling/deleting all Apple certificates and starting again? If so, any advice on steps and things to avoid will be appreciated.
thanks
Many thanks for the suggestions which I have now implemented.
I do now have just one each Development and Distribution certificate (although Xcode re-created the dozens of provisioning profiles I was trying to get rid of - I guess I will have to live with that long list for ever...).
An interesting result is the error message I received when I uploaded a new version of an App:
"Potential Loss of Keychain Access - The previous version of software has an application-identifier value of ['xxxxxxxxx.com.jeffmaynard.eurosceptic'] and the new version of software being submitted has an application-identifier of ['yyyyyyyyyy.com.jeffmaynard.eurosceptic']. This will result in a loss of keychain access."
Although the App has gone to review I am not sure of the consequences of this error message which I assume results from the certificate updates?
You have to clear your certificates in 2 places:
Keychain
Follow these steps to navigate and clear the certificates:
Open LaunchPad
Keychain Access
Select your Keychain
Select My Certificates
Now here you need to delete every certificate that starts with iPhone Developer or iPhone Distribution
Apple Developers Members Center
Login to Apple Developers
Go to Member Center
Click: Manage your certificates, App IDs, devices, and provisioning profiles
You have 2 tabs to interact Certificates and Provisioning Profiles
Remove all of them (Remember you can't delete those Provisioning Profiles, that are already in App Store).
Then you need to create it from the beginning: Follow my answer here
XCode has started generating this message when I try to refresh the profiles:
"No iOS Distribution Certificate Found. No iOS Distribution certificate was found. However, there is already a certificate request pending. An Agent or Admin must approve this request before you can download your certificate".
However there are no certificates pending approval displayed on the provisioning portal. What's more, I myself am an agent so even if there were a certificate pending approval I would be able to approve it.
What's the best way of getting Xcode / the portal out of this state?
At the moment I can't even compile because of this. Shouldn't I at least be able to develop even if there is no distribution profile?
Did you happen to recently change your keychain password and maybe blow away the keychain that the CSR was signed with? It will show up as the same keychain name but will be signed differently. I only ask since I accidentally did the same not too long ago.
EDIT:
If you don't see your keychain with a private key associated with it like the bottom two certs below you've got a keychain issue on your development box. The top cert is someone else from my team who I obviously don't have their private key.
I am a contractor, building an app that will be published by another company. I have been using a Development profile to test with my device, and an Ad-hoc Distribution profile to share the app with a group of testers via TestFlight. This all works fine.
I am having trouble submitting the app to Apple. I tried creating an IPA signed with their App Store profile, but they were unable to submit it with Application Loader (this is their usual work flow). They shared their iTunes Connect admin login with me so I could try submitting it from Xcode.
Both approaches give the same error: Application failed codesign verification. The signature was invalid, contains disallowed entitlements, or it was not signed with an iPhone Distribution Certificate.
What are my options here? I have tried deleting and remaking the App Store profile.
I figured it out with the help of Apple. I just had to revoke my certificate, issue a new certificate signing request, and recreate all my provisioning profiles. I changed my Apple ID's email address recently, so it was probably related to that.
More details on starting fresh here https://developer.apple.com/legacy/library/technotes/tn2250/_index.html#//apple_ref/doc/uid/DTS40009933-CH1-TNTAG6