One mac to create 2 certificates - ios

Is it possible to create more then one ios distribution certificate on one mac machine?
When I double click the certificate it does not create the key in my keychain until.
Thanks

You can ask for a new one, however that is not the equivalent of creating two. I dont believe you can create two on one machine as it is a distinct secret pair from your computer to their service. What you can do though if you need to export your development certificate to another computer is export from XCode a provisioning profile and install that on the other computer.

The certificate doesn't create the key, you do. When you perform the first step in Keychain Access when you request a certificate from a certificate authority, this generates the key and gives you a file Apple can use to sign it. When you install the certificate, it merely gets attached to the key that was there already.
In order to have more than one distribution certificate, you will have to create two keys and ask Apple to sign each one. You will then receive a certificate for each one. However I don't believe under normal circumstances Apple will sign more than one key.

Related

Certificate added but It shows missing private key

Right now I'm developing apps on a brand new macbook. I have downloaded the certSigninRequest
Now I have added both the ios distribution certificate and the private key which is (certSigninRequest)
But whenever I try to export my app it keeps saying missing private key. I have added to my Keychain already
For your case, the appropriate way to use the Distribution Certificate to be legal on other machine(s) is to export it from the current machine that uses the certificate.
To do this:
Navigate the the keychain access.
Go to the targeted certificate, expand it and select both the certificate and the private key:
Right click and select "Export 2 items...".
Obviously, you should fill the required info, such as the name of the exported file and a password.
The output of the above steps would be a .p12 file, which should be installed on the other machine(s). Note that revoking the original certificate will also makes this exported file to be invalid.
Do not request a new distribution certificate for the new machine, it will automatically revoke the previous one (which leads to make the first machine's certificate to be invalid). This thing is you would generate only one Distribution Certificate -by generating a "CertificateSigningRequest" file from the current machine- and then export it to be able to install it on the other machines, which means that all machines use the same distribution certificate.
Also, the following questions might be related to your case:
missing private key in the distribution certificate on keychain
How can I add private key to the distribution certificate?

Client wants me to upload to apple store without admin and without key

I made an application for a client. He added me as a team member, but without admin/agent rights. In order to upload the application to apple store, I need a distribution provisioning profile, the distribution certificate associated with it, and the key that was used to create the certificate, exported from the mac where it was created. As I know, there is no way to use the distribution provisioning profile without both distribution certificate and the key. The client doesn't want to give me the key but he also doesn't want to give me admin.
There is a 3rd solution, to create my own distribution certificate on his account using a private key from my mac, but I noticed that the maximum number of distribution certificates is 3, and the client already has 3.
I doubt there is any problem security wise for providing my distribution certificate in there. Is there?
I also am not sure if the client should accept my own distribution certificate to be used for uploading the application. Should he?
Also, assuming that all 3 distribution certificates slots are taken and there is no way to obtain a free slot, what should I ask the client to do, in order to assure him that all is safe and good.
Also, is there any other way to upload his application without him giving me admin or key?
If they are touchy about this, which they don't need to be, they could provide you with the cert and its key and, once you have uploaded the app, revoke the cert. meaning you wouldn't be able to do anything with it. They can then just generate a new one as and when they need it.

certificate selected by provision profile is incorrect

I have created certificate & provisioning profile related to my iphone app.
but when I run app it shows doesn't match any valid certificate/private key pair in the default keychain
& then I realize that it is not certificate which i have created.
what should I do now?
I have tried to delete previous certificate but it does also not working it again came back.
You should have the private key used to create the certificate present in your keychain app for you to be able to code sign your app. Start fresh, create a new certificate, this time make sure to store the private key as .p12 file.
You have not installed the .p12 file. Please go through the Apple docs for Certificate/Provisioning-profile creation process. That will help you to understand the whole process of signing an iOS app.
You can always verify certificate, which provision created with.
Provision profile have public key encoded in base64. You can compare hash sums or finger print with private key on your mac.
Here is example code how to export certificate from provision in ruby gist.gitgub

How to build iOS app using 3rd party distribution provisioning profile

I developed an iOS app that my client is going to use internally. They sent me their enterprise distribution provisioning profile. When I add it to XCode it says "Valid signing identity not found". How do I build the app so that my client can run it on their devices?
Your computer is unable to sign with the distribution profile, since you don't have the private key for this certificate.
Alternative 1
Apple intends that building a project for distribution will only take place on a single machine - the machine that the certificate was originally created on. So, in their eyes, you should ask your clients to build the project internally (for distribution only - for development you should have no problems building yourself).
Alternative 2
There is a way to override it.. and it involves exporting the private key from that special distribution machine and emailing it to you.
These are the steps (also outlined here):
Access the computer where the certificate was created, open the "Keychain Access" program on the computer
In "Category" panel, select "Certificates"
Find the correct distribution certificate and expand it
Highlight both the iPhone distribution certificate line and the private key line under it.
Right click and select "Export 2 items"
Save the .p12 file, choose a password that can share, you will need it to import this file later
Email the saved file to you
Once you import this and type in the password from step 6, you will have the private key on your computer too and all will be good.
Alternative 3
There's a chance that when you ask your clients to export the private key, they will have no idea what you're talking about and no idea where the machine that created it is (this is what actually happened to me). This is usually the case if they are not regularly building for distribution on their own.
In this case, you can simply delete the certificate and create a new one (for the distribution profile). If you create the certificate on your machine, then you will have the private key. You should also export it to them just in case (using the same steps of alternative 2).. so they have the ability to build without you if need be.
Each provisioning profile is paired with a certificate. If you subscribe to the Apple developer service, you should have access to create and download a development cert (tied to the apple ID) and a distribution cert (tied to the organization). The enterprise distribution provisioning profile needs to be paired with the distribution cert. So in order to use their provisioning profile, you will have to get the distribution certificate from them. This will also involve you getting their private key, which they might not be so fond of. Alternatively, they can set you up as a developer on their portal, then you can distribute through the machine that already has the distribution cert installed on it.

New iOS team member: no valid signing identity

This is getting frustrating. I have two identities, one old, one new, and the latter should be used to deploy iOS apps to the App Store.
I've created the new user, granted him admin access, then I created the app name and provisioning profiles. However, in the Organizer I see that the Dev provision works flawlessly, while the Deploy profile shows me the dreaded error:
Valid signing identity not found.
How can it be?
Well, I see that in the Certificates section in the iOS Provisioning Portal, there is only one distribution certificate, the one belonging to my company.
Is there a way to enable the new user to create apps without accessing the uberadmin's Xcode?
Thanks & Cheers!
You need the key that was used to create the Distribution Certificate for your company.
Remember when you created your developer certificate? Then you went to keychain -> certificate assistant -> Request a certificate from ...
When you did this, your Mac paired your certificate request to a key in your keychain. Once your developer certificate was processed and you downloaded it to your computer, it could be accessed by your computer through that key.
But if you did not create the Distribution Certificate that your company has, you don't have the key on your computer.
Take a look at your certificates in keychain:
Go to 'Certificates' and expand your developer certificate - it will have a little key with your name.
Now try to expand your distribution certificate - it will not have a key, right?
If this is the case, you have two options:
Ask the person who created the Distribution Certificate to export it from his keychain. This will create a file that includes both certificate and key.
Delete the current Distribution Certificate, and create a new Certificate Signing Request from your computer, which will connect it to a key that you have.
First method require access to "Uberadmins" computer. The second require admin access to your teams Apple account. There is usually no downside in using method 2, because creating a new certificate is necessary from time to time anyway. It will not affect already published apps, just coming releases and updates need to use a the latest certificate.
Once all this is done, you need to create a distribution provisioning profile for App Store and connect to the Distribution Certificate that you are going to use. (if you went with option 1, you might already have done this).
Download the profile to your computer, install it, and then in your app, select to build with this profile for distribution builds.
According to Apple's documentation:
A team’s distribution certificate allows a developer to build an app for distribution. If your team wants to use another Mac to create a distribution build, you need to transfer a copy of the distribution certificate as described in, “Safeguarding and Transferring Your Signing and Provisioning Assets” in Tools Workflow Guide for iOS. (from Managing a Distribution Certificate)
So, in order to have multiple users able to create & submit App Store builds, you must share a private key between them.
Create a new private key for the team, and then send that private key to everyone who needs it. Follow the instructions under Generating a Certificate Signing Request with Keychain Access.
See also: Any concern to share private key for distribution certificate among different group under a team account in itune provisioning portal

Resources