missing private key in the distribution certificate on keychain - ios

I have the following problem which I could not find a solution for anywhere. Basically, we have a company developer account (not enterprise) and so in order to submit our app, I requested from our team lead to send me the distribution certificate and create and send me a distribution provisioning profile.
With the developer profile, everything works good, but when I installed the cert and the provisioning profile, I did not see the distribution profile on Xcode, and nor do I have a private key under the dist cert in the keychain.
Does anyone know how to solve this? I read in diff places that I will need to revoke the certificate and create a new one, but I can't really do that since we have a bunch of apps in the company and I can't revoke it for everyone.

Ahh this is a common issue, The solution is simple:
Who ever created the developer credentials originally needs to go to the keychain on their computer and right click on the key(s) for private and public and export the key to a file.
Then you just download that file on your computer and open it, and it will be added to your keychain.
You need to have both the private key (.pem file) and the certificate for your provisioning profiles.

As long as you still have access to the mac which was used to generate the original distribution certificate it's very simple.
Just use that mac's Keychain Access application to export both the certificate and the private key. Select both using shift or command and right click to export to a .p12 file.
Attached a screenshot to make it very clear.
On your mac, import that .p12 file and you are good to go (just make sure you have a valid provisioning profile).

To add on to others' answers, if you don't have access to that private key anymore it's fairly simple to get back up and running:
revoke your active certificate in the provisioning portal
create new developer certificate (keychain access/.../request for csr...etc.)
download and install a new certificate
create a new provisioning profile for existing app id (on provisioning portal)
download and install new provisioning profile and in the build, settings set the appropriate code signing identities

Delete the existing one from KeyChain, get and add the .p12 file to your mac from where the certificate was created.
To get .p12 from source Mac, go to KeyChain, expand the certificate, select both and export 2 items. This will save .p12 file in your location:

For person who are afraid on re-creating AppStore distribution certificate Apple documentation says:
Important: Re-creating your development or distribution certificates
doesn’t affect apps that you’ve submitted to the App Store nor does it
affect your ability to update them.
But it affects apps for Apple Developer Enterprise ecosystem.

I lost hours and hours to resolve this issue, but it's fixed by just restarting MAC...

In my case, I've lost all private keys in my keychain, new ones were imported correctly, but doesn't show the private key as well. The only thing that helped was generating new CertificateSigningRequest

After you changed a Mac which are not the origin one who created the disitribution certificate, you will missing the private key.Just delete the origin certificate and recreate a new one, that works for me~

When I try to upload iOS build to test flight then error was appear.
"Missing privacy key".
Just 2 step for fix this error.
Remove old certificate from developer.apple.com
Create new certificate from Xcode or developer.apple.com
My problem has been solved (I am using Xcode 9.4.1).
Please check, Xcode created new certificate.

If you are creating your own Distribution cert, not using someone else's then this could help.
Spent quite a bit of time on this today, issues from not being able to create a SigningRequest to generating a distribution cert and not having it attached to my private key in KeyChain Access. These steps helped solve this for me.
If you are still having issues, revoke your current cert and start fresh.
Creating a new signing request
The Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority is actually contextually aware of what you currently have selected when you launch it. Just to be sure that you aren't accidentally skewing your Request with some random selection, go to your Login Items and select the Apple Worldwide Developer item. Then launch the above Request and create the CertificateSigningRequest.certSigningRequest file.
Go to Apple Dev portal, add new distribution certificate, upload your CertificateSigningRequest.certSigningRequest file and download the newly created distribution certificate.
To import the distribution cert into your keychain, instead of just double clicking it, I recommend opening your keychain, go to "login/Certificates" area and drag and drop the cert here.
I had an issue where my cert would auto-install into the System area, instead of the login area where my private key existed and this caused my key not to be linked to the new cert.

At the Menu > Visual Studio (mac) > Preferences > Publishing > Apple Developer Accounts > [Select your apple id] > View Details > Create Certificate
To delete unused/invalid certificates, go to website: https://developer.apple.com/account/resources/certificates/list
delete any unwanted certificate there
Next is to create App ID (identifiers), go to website:
https://developer.apple.com/account/resources/identifiers/list
Next, go to website to create provisioning profiles:
https://developer.apple.com/account/resources/profiles/add
use the certificate to bind with your app id.
Next is to download the profiles:
At your mac > At the Menu > Visual Studio (mac) > Preferences > Publishing > Apple Developer Accounts > [Select your apple id] > View Details > Download All Profiles

I got into this situation ("Missing private key.") after Xcode failed to create new distribution certificate - an unknown error occurred.
Then, I struggled to obtain the private key or to generate new certificate. From the certificate manager in Xcode I got strange errors like "The passphrase you entered is wrong". But it did not even ask me for any passphrase.
What helped me was:
Revoke all not-working distribution certificates at developer.apple.com
Restart my Mac
After that, Xcode was able to create new distribution certificate and no private key was missing.
Lesson learned: Restart your Mac as much as your Windows ;)

I accessed that certificate on apple's developer website and after downloaded it I opened it. Likewise, at open I got a little window asking if I wanted to add the certificate to keychain. Just tapped "add" and the "missing private key" error was gone.

My problem was that for whatever reason, the login keychain was missing in the Keychain Access. Xcode created a new certificate and added it to the login keychain but could not use it. Restarting the computer solved my problem.

Just to shed some light on this.
After I deleted my p12 certificate from Keychain. I re-downloaded my own certificate from Apple developer portal.
I was only able to download the certificate. But to sign you need the private key as well. So you either:
export both private key and certificate from Keychain to get it.
Upload a Certificate Signing Request and generate new certificates
That certificate by itself has no value for signing purposes. My guess is that the private key is created by keychain the moment you 'request a certificate from a certificate authority' but isn't shown to you until you add its matching certificate.

Check whether you are using Login or not to add the certificates, if you are checking in System at top left hand side then we wont be able to see it.
So drag and drop the .cer into login then check you are able to get the private key or not.

I'm the creator of the key, but the key was attached to an expired Certificate.
To solve it I went to -> Xcode/Preferences/Accounts/"Account you use to archive"/Manage Certificates..
Then click on the dropdown menu with the "+" sign on the bottom left corner, and choose the type of certificate you need updated (mine was Apple Distribution).
This updated my new certificate with its key attached.

Contact with the creator of iOS Distribution key and tell to export certificate and private key, then just download and double click it to access in your keychain.

I assume you have switched device and trying to create a new certificate for your new device,
First revive the development certificate form the developers portal,
Go to xcode > preferences > accounts > select your apple id with the dev portal access > manage certificates > click on the team account > click on the little + button > click on apple distribution
Go to the apple developer portal , you can see a distribution certificate is created ,
Go to profiles create a new profile with the new certificate.
Download > install
done

An old XCode version will also cause this. I was on XCode10 (old for 2022). Updated to latest version, which resolved the issue.

I could resolve this problem by updating macOS and XCode.

Related

Distribution certificate / private key not installed

Using Xcode 9.1, after building an iOS app, I want to archive it and upload it to the appStore for beta-testing.
But I get the following issue after clicking the button Upload to the App Store... and choosing Automatically manage signing:
"My Name" has one iOS Distribution certificate but its private key is
not installed. Contact the creator of this certificate to get a copy of the private key.
I do not know why this "private key is not installed", but the Distribution certificate may have been created on a different computer or something. In any case:
What is the simplest way to retrieve the missing private key and install it? In order to make things work.
Up to date (January 2021) (Xcode 10 - 12)
Go to Xcode - Preferences - Accounts - Manage Certificates
Click on the + at the bottom left, then Apple Distribution
Wait a little, then click Done
That's all.
You may want to revoke the old certificate on developer.apple.com too.
Old answer
Step 1: Xcode -> Product -> Archives ->
Click manage certificate
Step 2: Add iOS distribution
You can only have one distribution certificate. It unites a public key, known to Apple, with a private key, which lives in the keychain of some computer. If this distribution certificate was created on another computer, then the private key is on the keychain of that computer. And this distribution certificate does not work without it.
So to use this distribution certificate on this computer, you must find that computer, open Keychain Access, locate and export the private key, mail it or otherwise get it to this computer, and import it into the keychain of this computer.
If you go into the Accounts pref pane in Xcode and double-click your Team, you'll see a dialog that gives you help with this. If you see your distribution certificate and it says Not In Keychain, you can control-click that certificate to get a menu item that lets you email whoever created the certificate and ask them to send it to you. That person can use this same import to choose Export Certificate and can email you exported certificate.
Either way, the private key or exported certificate will be passworded. You'll need to know the password in order to use it.
This answer is for "One Man" Team to solve this problem quickly without reading through too many information about "Team"
Step 1) Go to web browser, open your developer account. Go to Certificates, Identifiers & Profiles. Select Certificates / Production. You will see the certificate that was missing private key listed there. Click Revoke. And follow the instructions to remove this certificate.
Step 2) That's it! go back to Xcode to Validate you app. It will now ask you to generate a new certificate. Now you happily uploading your apps.
Add a new Production Certificate here, then download the .cer file and double click it to add it to Keychain.
All will be fine now, don't forget to restart Xcode!!!
EDIT: I thought that the other computer is dead so I'm fixing my answer:
You should export the certificate from the first computer with it's private key and import it in the new computer.
I prefer the iCloud way, backup to iCloud and get it in the new computer.
If you can't do it with some reason, you can revoke the certificate in Apple developers site, then let Xcode to create a new one for you, it'll also create a fresh new private key and store it in your Keychain, just be sure to back it up in your preferred way
People's answer here about having the key from the computer is generated are accurate. But if things are still failing, try restarting Xcode after installing a cert
revoke all distribution certificate for developer.apple.com and the validate your app in Xcode there will be the option to create a new distribution certificate after you can export key for further use.
This work for me.
Just for anyone else who goes through this, the answers above are correct but it can still be a bit confusing especially if you have multiple certificates. These were the steps that I took:
First take note of the date in the actual distribution certificate that is missing its private key. Then go to the keychain application on the other computer and type iOS in the search bar. It will show all of your iOS Developer and Distribution keys so you have to find the right one.
Click the right arrow of each iOS Distribution entry to reveal the certificate and find the one with the correct date and export that one by right clicking and selection export.
Then just import it in the keychain of the new computer and at least with Xcode 9.3 it immediately recognizes it and corrects the error so you can now upload your achieve.
If you are using the certificate in a new computer or not. The easiest thing to do would be to revoke the previous certificate relating to the project. Then re-upload to the store. Xcode will generate a new one.
In my case Xcode was not accessing certificates from the keychain, I followed these steps:
delete certificates from the keychain.
restart the mac.
generate new certificates.
install new certificates.
clean build folder.
build project.
again clean build folder.
archive now.
It works That's it.
i tried all mentioned solutions available on the internet but no solution working on my Mac, then i created a provisioning profile manually on apple developer website from certificates and identifiers. By importing that file manually app successfully uploaded on appStore follow below steps
On Developer website
1-go to this link https://developer.apple.com/account/resources/certificates
2- In profile Section create new profile by using app bundle identifier
3-Download it and save it an where
On Xcode
1-Go to Signing and certificates
2-Disable automatically manage signing
3- Select provisioning profile in its section
4- Archive the app
5-Click Distribute App ->ApStore connect ->Upload->Next-> Then Select Profile from XXXX-app section when it download it show inside this section and now upload it
Click on Manage Certificates->Apple Distribution->Done
In my case, after revoking the old certificate and creating a new one, Xcode was showing the same error (I've done a clean build and removed the derived data folder).
In that case, try to manually manage signing.
After that, check the second field and set the appropriate one.
Note: After uploading the build, I needed to wait for 15 min to see my build in the app store connect.
Adding to the above answers,
If you have admin access on this account create new certificate and use it to publish. I just did that and it passed.
1- Create new Certificate Signing Request (KeyChain Access > Certificate Assistant ) and save to the disk
https://help.apple.com/developer-account/#/devbfa00fef7
2- Login into your apple developer account > Certificates and Identifiers > Click + to add new certificate)
3- Upload the signing cert you created in step 1, click next and download the certificate
4- Double click the certificate to install it. Make sure it is trusted and showing "This certificate is valid".
5- Try to archive again now and choose automatic signing.
That should do it.
just click "manage certificates" -> "+" -> "iOS distribution"
go to this link https://developer.apple.com/account/resources/certificates/list
find certificate name in your alert upload then
Revoke certificate that
if you have certificate you download again
upload testflight again
If you are being stuck on this problem. After switch the computer and not able to upload your build to App Store. Simply click manage certificate on the error page, the + plus on the bottom left corner and create a new distribution certificate. Then you'll be good to go.
I am also facing the same issue in xCode (v12.4) and created two more distribution certificates but nothing get worked for me.
Solution : Restarting xCode seemed to do the trick for me.
I was facing the same problem with Xcode v11.3
Upgrading to Xcode 11.6 solved the problem for me
This can happen if your MacBook has a battery issue and powers out unexpectedly. Your date is reset to an old date and if you opened XCode, it probably recorded that date and that may have caused the signing issue with certificate.
THIS IS HOW I RESOLVED IT
Went to Settings and set the correct date and time.
Clicked on the XCode option on the top left.
Clicked on Quit XCode.
Restarted the MacBook.
I reopened XCode, archived my app and it had no issues with the signing certificate.
I hope it works for you. An upvote if it does.

How can I "revoke and request" my iOS Developer Profile?

I am trying to export an .ipa file from XCode 6, and I get an error like this:
The dialog says "revoke the current certificate and request one again", but I don't see a way to do that. The Apple Troubleshooting page for this issue suggests I should click the "Revoke and Request" button, but I don't see one.
How do I revoke the old developer certificate and request a new one?
I suppose that the certificate is a distribution one, not development one. It seems that you have installed your iOS Distribution certificate in another Mac. And, it seems again that you download this certificate from Apple portail and import to your new machine. Of course, the simple import is not valid. Cause a certificate requires a private key to be associated with.
Then, you have 2 solutions:
Export your certificate from old machine (include private key) then import to your new machine. I recommend it.
Revoke this certificate if you do not use anymore on old machine. Then, from new machine, create new request signning and request again the distribution certificate.
Visite your account, in distribution certificate section, click to the certificate to revoke, you will see "Revoke" button.
Beware that all provisioning profiles created with this certificate will be invalidated.
Just for info, you have only <= 2 distribution certificates to be created.

Xcode 6 App Store submission fails with "Your account already has a valid iOS distribution certificate"

I'm using the latest XCode (6.1) and I need to submit the app as soon as possible, but I can't seem to get around the "Your account already has a valid iOS distribution certificate" error.
I have the client's provisioning profile and I have his distribution certificate (which is valid) and his private key (I've checked using Keychain, it's definitely there). The bundle ID is also correct. I've deleted my provisioning profiles and certificates and reinstalled the client's many times now.
What could be causing this issue? I've seen a lot of topics here on SO with this problem, so I apologise beforehand for creating yet another clone, but I really don't know how to fix this.
edit: I'm running a brand new install of Yosemite by the way
Got it solved by editing the iOS Distribution Provision Profile in the Developer Member Center.
For some reason there were 2 certificates to choose from for the Distribution Provisioning Profile. I switched over to the other certificate and I could Validate and Submit my Archive build for beta testing.
So, you may have more than one certificate for signing your Provision profiles. Make sure you have the right one (by trying all of them) and hopefully that should work.
I tried many things like Exporting Developer profile from Xcode Accounts and importing it in the organizer, installing the provision profiles from the member center, adding them to my keychain. But none of those worked. It started working only after editing the appropriate Provisioning Profile manually.
You could also trying removing all your available Provisioning Profiles and let Xcode create new ones for you. This will work too.
I also had this issue, which turned out to be caused by an attempt to export for ad hoc deployment using a development provisioning profile instead of a distribution profile. It seems this is no longer supported in Xcode 6.1. Once I created an ad hoc profile and installed that the problem went away. A more useful error message would have saved me hours of work and would be greatly appreciated, Apple.
This thread was helpful:
xcode 6 beta 2 issue with exporting ipa "Your account already has a valid iOS distribution certificate"
Besides all the other answers, there's one more possibility after 2/15/2016: the old World Wide certificate expired and I guess everyone has already downloaded the new cert (or check this out). However, you'll be seeing this error if you haven't remove the expired one. You may need to choose View -> Show Expired Certificates to unhide expired certs. If the error is still there, try regenerate provisioning profile as advised by the others.
I was moving to new Mac when I faced this issue.
On your older Mac:
Go Preferences > Accounts > Select Account > Details.
In the dropdown right click on iOS Distribution (or whatever is the name of your distribution certificate).
Export...
Set a password for the .p12 file.
Move and install this .p12 in the new mac.
Try Again.
Another possible cause for the problem (at least in my case) was that in my Keychain Access, I had two certificates for the team I was working with. One was expired, and the other one was the one I wanted to use. Deleting the expired certificate in Keychain Access solved the issue.
I ran into this problem, and I wanted to avoid screwing up my push notifications.
The easy fix for me was to just go to developer.apple.com > project > certifications, ids, and profiles > profiles > create a new profile (for development or distribution)
Download the created profile, drag and drop the profile over the Xcode icon, and then in your project target, set the new profile as the provisioning profile.
This fixed my problem--it may provide further help in the future.
The error message could mean that you need to get the Distribution certificate and private key from the developer who created them.
This can happen if some other team member has pressed the enticing "Reset" button (which means revoke certificate and create a new one).
Here is a picture what the revoked certificate looks like:
You can export the valid certificate from the developer who created
it and import it to other team members keychains.
Go to "Keychain Access" app.
Click on the "Login" in the top left box
Click on the "Certificates" on the bottom left box
Check which team member has the valid certificate:
when clicking on the "iPhone Distribution" certificate
everyone else sees "This certificate is revoked" in red at the top.
(Maybe backup the deleted certificate to avoid doing anything irreversible)
delete the revoked certificates
Export the one valid certificate and distribute to team
Import the certificate file for everyone else
Today I was solve problem by delete from keychain old certificate Apple Worldwide Developer Relations Certification Authority and install new one (exp. in 2023)
I'll add to here because while the accepted answer got me on the right track it wasn't the solution. There was a second (automatically created by Xcode) distro cert which I revoked. After doing that a new error came up. ("An App ID with Identifier '' is not available"... it also wasn't helpful) Eventually this lead me to the fact that my App Id in the member portal didn't have entitlements matching the build.
I solved this issue by editing the provisioning profile in the member center which is used in my app and re-install the provisioning profile.
I recently changed computer.
The reason for me was that I had several developer certificates in the Apple Developer member portal.
The solution was :
Go to Apple Developer Portal
Go Under Certificates -> Production
Click on "Revoke" for the oldest certificates and keep the most recent one
Revoking certificates won´t affect your Apple Store apps :).
I had this happen to me when I accidentally reset the certificate on another mac. Here's my scenario.
Mac1 - Had working certificate.
Mac2 - I accidentally reset the iOS distribution certificate
Mac1 stopped working and I get the message "Your account already has a valid distribution certificate"
The fix was
On Mac2, Keychain access -> certificates -> iOS Distribution certificate (for you/your company) -> export to p12 file (it will ask you to set a password)
Copy the exported file to Mac1
On Mac1, Keychain access -> certificates -> iOS Distribution certificate (for you/your company) -> delete (this is the old one that does not work)
On Mac1, double click the p12 file (then enter your password).
You should see a new iOS distribution certificate (for you/your company) in the certificate section of Keychain access.
This fixed the issue for me on Mac1.
Got it solved by deleting the provisioning profile which is managed by Xcode
(XC iOS Ad Hoc: *) from the member center

Transferring Apple dev account & certificate to new machine

I've recently attempted to transfer my apple dev certificate to a new mac, however, the provisioning profiles are appearing as valid signing identity not found.
I imported my developer account into Xcode5 and when I deploy a build, I get the option to fix the issue of not having a valid signing - this generates an iOS team provisioning profile for the bundle id.
So far have found this is fine for testing - we distribute ourselves not using the app store.
If anyone would be able to give me a heads up on whether this is an okay method, or whether I will need to generate a new certificate for distribution in case we do use the app store for distribution.
If you still have access to your previous computer, you can export as p12 the private key you used to generate the Apple certificate.
Go to keychain, select the iOS certificate and right click to export it. Then import it to your new computer and you do not need to generate new certificates.
what you need to do is to remake the developer and distribution certificates for your new mac and install it then, you update your provision profile with the new certificate, reinstall it and everything works
PS: for remake your developer and distribution certificates you have to go in the keychan
Certificate Assistant > Request a Certificate From a Certificate Authority..
then add your email and common Name, check Saved to disk. Finally Into the developer web site you remove your old certificates and create the new one with the new file that you have in the disk.
Did you export from Xcode → Preferences → Accounts like Apple's guide suggests?
Did you also export your private key from the keychain? I have seen this issue before, and that was resolved by exporting and importing the private key.
If you do want to distribute on App Store later on you will definitely need to import a valid certificate, yes.
here you can find a solution or ask your problem to a developers Apple support:
https://developer.apple.com/support/
Other way you can call the developer support center here:
https://developer.apple.com/contact/phone.php

iPhone app signing: A valid signing identity matching this profile could not be found in your keychain

I'm pulling my hair out over this. I just downloaded the iPhone 3.0 SDK, but now I can't get my provisioning profiles to work. Here is what I have tried:
Delete all provisioning profiles
Delete login keychain
Create new "login" keychain, make it
default
Create a new certificate signing request
Create new developer and distribution
certificates in the Apple developer center
Download and install them
Download the WWDR certificate and install it
Create a new provisioning profile and
double click it to install
All the certificates report as valid, but Xcode still won't recognize them. What should I try next?
Edit:
I completely re-installed Mac OS X and from a fresh install installed the 3.0 SDK and still have the same problem.
I had the same problem: I first downloaded my certificates to my small MacBook while on the run. When trying to install the certificates on my iMac... then I ran into the problems described on this page.
After spending hours pulling my hair out like many of you, I performed the following steps to fix it:
Close all your stuff except your webpage that should be logged into App Dev center.
Open Xcode. Click WINDOW > ORGANIZER. Then click the Devices tab and select "Provisioning Profiles" on the left.
That should bring up your provisioning profiles. Highlight one by one (if more than 1), right click and delete profile. Yes, just do it! Delete them all! (I kept making a new one after a new one trying to make the thing work.)
From the first page you see after logging into the App Dev Center on the right side click "iOS PROVISIONING PORTAL" > (do not "launch assistant"). Instead click on the left side. Select CERTIFICATES. You will probably have just one line listed with your name/company - from there click on the right side REVOKE. Click OK to verify that's what you want to do.
On the same page click DEVICES. Click the box next to your device you are trying to provision and click REMOVE SELECTED. Again click OK to verify.
Wait about 2 minutes to let Apple do their thing.
Now click on "HOME" that is on the left side navigation.
Click "Launch Assistant"
create a new app ID - call it whatever you want. Just make sure it's unique enough to know that's the one you just created because the others you've been messing with all day will not be deleted from Apples Dev Center.
You should be able to follow the rest of the Assistant without troubles -- the main thing is you just had to delete your old provision profiles and start over.
Good Luck!
I encountered the same issue. This is because the private key of the certificate does not existing on your machine.
If you are now using a new machine and download the certificate from website:
You can export the certificate from the old machine and then import on the new machine.
If you share the developer account with someone:
You ask the account owner to send you an invitation and become a team member of that account. Then you can create your own certificate from scratch.
If you don't want to handle all these sh*t:
Just revoke the certificate on website and delete the copy on your local machine. Then request a new one. This should be the ultimate way for solving such issue.
Had the same problem yesterday. Now, after signing to the developer portal, for every invalid provisioning profile have a button "Renew". After renewing and downloading updated provisioning profile all seems to work as expected, so problem is definitely solved :)
Update: you may have to contact Apple to get a "Renew"-button, or they removed it -- and the solution is to just download it and add it to the keychain, no need to renew.
What I found was that I needed to drag the distribution_identity.cer file that I downloaded from the "Certificates -> Distribution" page on the developer program portal into the keychain access program, then this error went away.
I solved it by
a) go to provisioning profile page on the portal
b) Click on Edit on the provisioning profile you are having trouble (right hand side).
c) Check the Appropriate Certificate box (not checked by default) and select the correct App ID (my old one was expired)
d) Download and use the new provisioning profile. Delete the old one(s).
Apparently there are 4 different causes of this problem:
Your Keychain is missing the private key associated with your
iPhone Developer or iPhone
Distribution certificate.
Your Keychain is missing the Apple Worldwide Developer Relations
Intermediate Certificate.
Your certificate was revoked or has expired.
Online Certificate Status Protocol (OCSP) or Certificate
Revocation List (CRL) are turned on in
Keychain Access preferences
.
After carefully going through the thread here and checking all the solutions proposed by people, I can confidently claim this, after following the steps mentioned on Apple developer docs for creating CSR and mobile provision file, just do this!,
Launch Xcode.
Select window->Organizer
Click this refresh button and that filthy yellow bar will remove instantly.
http://img.skitch.com/20100820-1ngm8an14c6fm3dt7g6j51d2nx.jpg
Trust me, you only have to do this. There is no need to repeat the process again and again to make sure that you doing it the right way. Just press Refresh, enter your login credentials and it's done.
For me it only worked when the certificate and both keys were in the Login keychain. I had created a Development keychain before, but the Xcode Organizer wouldn't find the keys in there. So I moved them back to Login, quit the keychain tool - and voila, the error in Xcode Organizer went away! This was on Snow Leopard 10.6.2 with the 3.1.3 SDK.
For development certificates you can just create a new one and match it to a profile. However for distribution, like when your going to submit to Apple, you cannot do this and must use the distribution certificate the team agent created. The problem is you need the private key on your machine. It's very simple, however, for the team agent who created the certificate to copy the private key to you, below are the instructions from Apple, I hope this helps.
It is critical that you save your private key somewhere safe in the event that you need to develop on multiple computers or decide to reinstall your system OS. Without your private key, you will be unable to sign binaries in Xcode and test your application on any Apple device. When a CSR is generated, the Keychain Access application creates a private key on your login keychain. This private key is tied to your user account and cannot be reproduced if lost due to an OS reinstall. If you plan to do development and testing on multiple systems, you will need to import your private key onto all of the systems you’ll be doing work on.
To export your private key and certificate for safe-keeping and for enabling development on multiple systems, open up the Keychain Access Application and select the ‘Keys’ category.
Control-Click on the private key associated with your iPhone Development Certificate and click ‘Export Items’ in the menu. The private key is identified by the iPhone Developer: public certificate that is paired with it.
Save your key in the Personal Information Exchange (.p12) file format.
You will be prompted to create a password which is used when you attempt to import this key on another computer.
You can now transfer this .p12 file between systems. Double-click on the .p12 to install it on a system. You will be prompted for the password you entered in Step 4.
The best answer I got was exporting your key, instead of just trying to import the cert file.
When you export the key from the keychain that generated the request, you get a Certificates.p12 file, which rolls the keys you need together.
Then import this into the new computer.
With keys like this, it's probably good to keep a rolled, certificate package file, because many times the "public" key, or cert file, is not enough to restore things from.
In my case, I copied the project from my iMac to my Macbook Pro and found out I didn't have my private key installed on the Macbook. So I exported my private key, copied and installed it to the Macbook, and voila it works! I've documented the information here:
http://www.creatistblog.com/2009/09/iphone-developer-provisioning.html
Just a note with Xcode 4: in the organizer there are two different sections in the left pane:
Library > Provisioning profiles
Devices > your device > Provisioning profiles
I was always puttings my provisioning profiles into 2. and even after cleaning and installing properly it was not working. Then I discovered 1. and finally I found the refresh button. If you select 'Automatic device provisioning' in 1. and click on refresh, then everything got validated (no yellow warning in 2. anymore).
Was facing a similar issue yesterday with our CI server. The app extension could not be signed with the error
Code Sign error: No matching provisioning profiles found: No provisioning profiles with a valid signing identity (i.e. certificate and private key pair) matching the bundle identifier XXX were found.
Note: I had created my provisioning profiles myself from Developer portal (not managed by Xcode).
The error was that I had created the provisioning profiles using the Distribution certificate, but the build settings were set to use the developer certificate. Changing it to use Distribution certificate solved the issue.
Summary: Match the certificate used for creating the provisioning profile in build settings too.
Did you try rebooting your Mac and your device? Lame answer, but I always try that first.
I got it working after re-doing everything and then creating an empty project with XCode and building/running it to the device. XCode showed a window asking something like: Do you want to accept the developer certificate. I pressed "Always". Only after this step I got rid of the message "A valid signing identity matching this profile could not be found in your keychain" in Organizer.
Hey guys, I had heaps of trouble with this yesterday. I went through the whole process a few times, requesting a new certificate request from the authority with the assistant, clearing out everything in the portal, uploading the certificate, creating a new profile and downloading everything. No dice.
However, check this out.
First up clear out all the certificates on the portal to start fresh.
After creating the new certificate request with the assistant, press "Show in Finder", and double click that bad boy. You should get a popup for the Certificate Assistant with a screen showing "Please specify the issuing Certificate Authority", etc. If you don't, just close it and double click again.
Now just proceed through the dialog choosing
"Request a certificate from an existing CA" - Continue
Request is "Saved to disk" - Continue
Save it where ever you like, even override the file.
At the end you should see the magic "Creating key pair"
Run over to the KeyChain access and you'll see your keys in there! Upload this certificate to the apple portal and then go through their wizard as normal, everything should work great now.
There are two different certificates for two different provisioning profiles (development and distribution). You have to install BOTH certificates in keychain. In the iPhone Developer Program Portal:
Certificates -> Development -> Download
Certificates -> Distribution -> Download
Double click both certificates. After that both certificates must appear in Keychain.
The answer is this revoke your Current Development Certificate and make a new one. follow the instructions on apples site on how to do so. Its that simple!! I had this exact problem.
Simple steps to get this done:
Start from keychain (which contains your dev key already) on your computer and create a request for certificate. Upload the request to dev site and create the certificate.
Create a profile using the certificate.
Download the profile and drop it on Xcode.
Now all the dots are connected and it should work. This works for both dev and distribution.
I logged into developer account and revoked the development certificate. After revoking and downloading the development certificate i double clicked the newly downloaded certificate and this time Private Key was there under development certificate in KeyChain Access.
A good way to ensure that this happens cleanly is to clean your login keychain completely first.
Also, a really important step is to unlock your keychain before you import the private key and public key
security unlock-keychain -p password ~/Library/Keychains/login.keychain
Import private key into login keychain :
security import PrivateKey.p12 -k ~/Library/Keychains/login.keychain
1 identity imported.
Import public key into login keychain :
security import PublicKeyName.pem -k ~/Library/Keychains/login.keychain
1 key imported.
I had this same problem but, it was due to my setting up "FileVault" on my Mac. I went into my keychain and set "login" to be my default and that fixed it.
"This was a bug on the Apple portal site. They were missing a necessary field in the provisioning profile. They fixed this bug late on 6/16/09. "
I don't know whether they really skipped it or if my eyes were just glazing over but....
Just in case anybody else is overlooking the same things that I did....
just as when you were developing and testing...
1) You need a DISTRIBUTION << CERTIFICATE >>
2) You need a DISTRIBUTION << PROVISIONING PROFILE >>
That is TWO STEPS on the portal in order to get the thing signed.
There I was, having created the developer CERTIFICATE and copied it to the Mobile Provisions folder, wondering why it didn't work.
As soon as I had the provisioning profile in place
* BINGO *
I had the exact same problem and tried everything. For whatever reason the solution was that all my certificates had migrated to a keychain called "microsoft_intermediate_certificates". As it probably happened during an Xcode upgrade I have absolutely no idea why, but it may help somebody.
I moved all content of the Microsoft keychain to the login keychain and everything went back to normal.
I finally got this to work after, like, 4 separate tries after incurring the same problem that was originally posted. So here's what happened, I am not sure if this is an old issue now (2009-07-09), but I will post anyway in case it is helpful to you. What worked for me... might work for you...
start anew and delete the old private keys, public keys, and certificates in the keychain
go through the whole process, request a certificate from a certificate authority, get a new public key, a new private key, and a new certificate. Note: when it worked I had exactly one private key, one public key, and one certificate
Make a new provisioning profile (which utilizes the certificate that you just made) and put that in your organizer window in Xcode. Delete all the old BS.
Run it.
Hopefully this helps.
Everyone here is very wrong. All you need is to follow the steps that Apple provides in Managing Your Digital Identities.
It instructs you to export your certificates through Xcode and reimport through Xcode. It works great, but make sure your username is the same on both computers or it will fail.
I just spent several hours on this fershlugginer issue, which cropped up after renewing my development license. To reiterate, everything was working without a hitch, then (thank you Apple!) it all got screwed up and stayed screwed up. None of the Apple official troubleshooting steps (linked to above) or possible resolution steps mentioned here resolved the issue for me.
What finally did it for me was to delete both my development and distribution certificates, revoke them in the provisioning portal, and then let Xcode AUTOMATICALLY refresh/issue them. Nothing else, in any order, was able to get both required certificates into my keychain with the private key correctly attached.
Here is what I did.
Make sure your certificates have not expired, make sure you delete all the expired ones. Get new ones etc, Once you have make sure all that is the way it should be, then focus on your project files.
in finder , go to your .xcodeproj files then show package contentes.
open project.pbxproj in xcode or textedit.
find every refrense to PROVISIONING_PROFILE and remove the GUID, just leave empty ""
Depending on your project you should have about 12+ refrences, remove all of the GUIDS.
Save file, then reopen your project in XCODE
Re select the correct provision profiles for all possible code signings( they should not all be the same)
Build your project and you should be good to go.
I think Xcode gets confused some how, and removing all the Provision Profiles from the project.pbxproj and then reselecting a valid profile will set it striaght.
If you have new mac you can go to
IOS developer center --> Provisioning Portal --> Certificates --> Development --> Revoke and create new certificate. My problem solved. My error is "Code Sign error: The identity 'iPhone Developer' doesn't match any valid, non-expired certificate/private key pair in your keychains"
What you need:
1) A private and a public key.
They have this symbol in your keychain:
2) A certificate made from the signing request of those keys
3) A provisioning profile linked to that certificate
Let's say you change computers and want to set up Xcode with provisioning profiles again. How do you do it?
Open Xcode, press ctrl + O to open the Organizer, and delete all provisioning profiles you might have installed already.
Open keychain access, and create a signing request which you save to file (when you create the request, a private and public key is created in your keychain).
Create/Update a certificate in the provisioning portal by sending apple this signing request
Download and install the newly created certificate.
Revoke your provisioning profiles and update them with the new certificate.
Download and install the newly updated provisioning profiles.

Resources