I am a contractor, building an app that will be published by another company. I have been using a Development profile to test with my device, and an Ad-hoc Distribution profile to share the app with a group of testers via TestFlight. This all works fine.
I am having trouble submitting the app to Apple. I tried creating an IPA signed with their App Store profile, but they were unable to submit it with Application Loader (this is their usual work flow). They shared their iTunes Connect admin login with me so I could try submitting it from Xcode.
Both approaches give the same error: Application failed codesign verification. The signature was invalid, contains disallowed entitlements, or it was not signed with an iPhone Distribution Certificate.
What are my options here? I have tried deleting and remaking the App Store profile.
I figured it out with the help of Apple. I just had to revoke my certificate, issue a new certificate signing request, and recreate all my provisioning profiles. I changed my Apple ID's email address recently, so it was probably related to that.
More details on starting fresh here https://developer.apple.com/legacy/library/technotes/tn2250/_index.html#//apple_ref/doc/uid/DTS40009933-CH1-TNTAG6
Related
I've been using Xcode with a free Apple ID, and signing a App with a free provisioning profile.
However, after I signed the App with another Mac, the certificate on the first Mac I used to sign the App with does not work anymore.
I received this error message when I tried to run it on my iPhone:
Please verify that your device's clock is properly set, and that your signing certificate is not expired. (0xE8008018).
After generating a new certificate via Xcode > Preferences > View Details... > iOS Distribution > Create, I got this error instead:
The identity used to sign the executable is no longer valid.
After deleting the App from my iPhone, I tried to run the App again and received this error message instead. This also caused my phone to freeze for a while:
dyld: Library not loaded: #rpath/libswiftCore.dylib
Referenced from: /var/mobile/Containers/Bundle/Application/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/Test.app/Test
Reason: no suitable image found. Did find:
/private/var/mobile/Containers/Bundle/Application/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/Test.app/Frameworks/libswiftCore.dylib: mmap() errno=1 validating first page of '/private/var/mobile/Containers/Bundle/Application/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/Test.app/Frameworks/libswiftCore.dylib'
(lldb)
Update: I'm using Free Provisioning Profile, thus I don't have access to iTunes Connect. I also can't import the certificate from my 2nd Mac as it was it was reset.
Update 2: I've also visited Keychain App and found 2 certificates - one expired and one valid. I deleted the expired one and tried to run the App on my phone again, but the error persists.
Update 3: I've tried to revoke all my certificates in developer.apple.com, but there isn't a certificates management. Only 'Programs & Add-ons' and 'Your Account' sections are available in the nav, which allows me to enrol into Apple Developer Program.
Update 4: I've also restarted my Xcode to no avail.
The main problem is that I'm not sure why I cannot revoke and regenerate a new certificate.
How can I solve this problem?
Generate a New CSR from your Keychain and download new certificate using this CSR. Include this certificate in your provisional profile and download it. Make sure you remove all expired certificates from Keychain. Good luck.
You don't need iTunes Connect to manage your certificates, IDs and provisioning profiles. iTunes Connect is used for managing your app store releases, which as you know you can't do with a free account.
You need to go to developer.apple.com and log in with your free account to the member center. You will be able to see the certificates and provisioning profiles under your developer account.
Since you don't have anything in the store (you can't with a free account), I would go into the developer's member center, revoke and delete any certificates that are out there, and delete all provisioning profiles. Start from scratch and generate a new certificate using a brand new CSR. Then generate a new provisioning profile using the existing app ID and the newly created certificate. Download the profile update your project settings to use the new signing identity and profile, and you're back in business.
Also, this is assuming that you are not sharing this developer account. If you are, doing the above instructions will make it so other developers will not be able to build with the signing identity unless you give them the private key for the certificate.
I managed to fix this problem by renaming the App name, and recompiling the App. I think that by renaming the App, a new certificate is generated, thus it would work.
Even though, it's not really a great solution, but it solved my problem as I wanted to rename the App in the first place.
Thanks everyone for providing answers!
I had to create a new Apple ID and it worked. Not the ideal solution but without access to certificates its the only solution that worked for me.
I've been trying to publish my app (on ios for the first time) for a few days now. Every time I try to submit, I usually get an error in the application loader telling me that the provisioning profile doesn't line up with the signing identity. I can't figure this out! Here is what I've done:
created an iOS Distibution signing identity via Xcode account management
created an App ID (wildcard) via apple dev portal
created an app store (distribution) provisioning profile (associated with said App ID and iOS signing ID) and installed it on my mac
Using RoboVM tools, I generate an IPA with said signing identity and distribution provisioning profile. (Because this is a LibGdx game)
created an App in itunes connect (bundle ID being that of the one used for my app ID)
When I try to send to itunes connect via application loader, I get an error reading "The executable must be signed with the certificate that is contained in the provisioning profile." This is driving me insane so I thought I would see if I could find help here. Thanks in advance!
EDIT: Turns out my mac was mixing up delicately named signing identities. I deleted them all and redid the process. works now!
Check the following things:
Do you select the right certificate in the profile?
Do you select the right profile in the Xcode?
Certificate and profile are valid.
enter image description hereI am trying to submit my updated version of app to app store in my machine.
While exporting I am getting the error "Your account already has a valid iOS distribution certificateā.
Previously it was done by another person in one another machine, but i am not having the old certificate and provisioning profile.
I created the certificate and provisioning profiles, so all my code signing identities are on my machine. I'm able to run the app in device with the same certificate, I can create ipa in my machine and install the ipa in iPad its working fine, but unable to submit to app store.
I am using Xcode 6.3.2, Please anyone guide me on this.
Sounds like you may have created an additional distribution certificate. Login to your developer account manually and check this. If you do have two, then delete the older one (which I will assume was created by the previous developer).
I have invited one TestFlight user from iTunes to test my app. The app is currently under review status. When that user tried to install the app, at the time of launching in iTunes, it throws the following error :
Could not install XXXX.
The app couldn't be installed because the developer's certificate is no longer valid. To resolve the issue, contact the developer.
Anyone can provide brief explanation what could be the reason for this and how it can be resolved.
I encountered this error because the build was signed using a provisioning profile whose certificate had been revoked.
When i checked in the developer center, the provisioning profile was marked as "Invalid".
I just clicked "Edit", selected the new developer certificate and regenerated the provisioning profile. When the new build was uploaded on testflight signed with the new provisioning profile, the error went away.
However, i do think Apple should be checking if the provisioning profile is still valid rather than developers finding it out after build is already approved by TestFlight and testers complain about this error.
It simply means that the developer account from which this app is uploaded is expired OR the development/distribution certificates of the app are expired or revoked. It can be resolved by activating the certificates of the app on apple's developer portal.
We have uploaded a version to apple-test flight and apple approved app for external testers. Now we're trying to download and is not working, got same message.
But if we run app from dev phone push notification works so P12 still valid. And distributed with old test flight process works.
We're trying to upload another version and see if works.
I try and try again until I read a comment on the apple forum:
This XC profile will be acceptable for upload, but is incompatible with Testflight
When you have to check provisioning profile, be sure any "XC" provisioning profile is selected (you can change it by clicking on the right arrow)
more details on the "goldstee" answer : https://forums.developer.apple.com/thread/18446
The error CLearly states what is wrong, your Certificate needs to be renewed, as your certificate may have expired or revoked, Try to create the Certificate again along with the provisioning profiles, and it will work fine
I had a slightly different issue which was a bit more puzzling as everything was 'valid'. I encountered the issue when I needed a production push certificate (which I already set 2-3 months before and tested!).
This is what I've done to resolve the issue:
Check xocde - both Code Signing and Provisioning Profile:
I had the correct settings (they matched what I was expecting and what I used for a previous build).
Check my apple developer account - it stated that my 'prod' profile was 'Active'
Check xcode -> prefrences -> provisioning profiles - I found the profile I could see in apple developer. It had the same expiry date too!
Wet back to my Apple Developer account, clicked on the profile, downloaded it and double clicked on it.
That fixed the problem for me.
If you encounter any issues, I suggest you check Parse guide (yes, I know they are shutting down but their doc is very good!). It covers more than just profiles but you can choose the step you are having an issue with.
In my case, I found everything is fine, both provisioning profile and certificates were valid.
What I did wrong is, I upload the build to TestFligth using Transporter app, which usually needs an .ipa for same but choose adHoc type instead of AppStore while exporting the binary in the organiser.
Which somehow allow the build to upload to TestFlight but didn't authorised to install on the user's device.
So make sure you're choosing the right option while exporting the build.
I have a business account/profile that I used for app1. I put out app1 on the market and it is currently online. I then started a personal app2 with another dev account and finished app2 and tried to put it on the market. I got an error that I can only have one distribution certificate in the keychain so I removed my business one and was able to submit my personal app2. So now I am trying to make some changes on app1 but now I am getting a "valid signing identity not found" warning. So I tried re-downloading my distribution certificate and whatnot, tried creating new profiles, nothing is working. In the keychain I can view the certificate and there is no private key associated with it. I've read about everyone else who has encountered the "valid signing identity not found" problem and it seems the common solution is to revoke the certificate and create a new one. Except that I read that if you revoke the current certificate then my app will stop working on all devices & I can't have that happening. Please tell me apple didn't just screw me over (again).
I found this link, which answers the question: What, if any "screw it up permanently" situations are there in the App Store certificate/key-pair code signing process?
A Distribution certificate is used only for submission to iTunes Connect (and Ad Hoc stuff). Once approved, Apple signs the app with a different non-expiring certificate before putting the app in the App store, so the state of the developer's Distribution certificate no longer matters.