Certificates Problems: Apple WWDRCA certificate "signed by an unknown authorith" - ios

I've been having trouble re-establishing my build environment. It's worked fine in the past, but in the midst of running archive processes, I've managed to throw myself back a couple of days.
I've done TN2250 patiently.
Everything goes smooth — except no matter what I do, the Apple WWDRCA.cer shows up in the login (default) keychain in my Keychain Access as "This certificate was signed by an unknown authority." I've tried getting the certificate from a link from Apple's iOS Provisioning Profile as well as hard links — not that it should matter, but I'm desperate at this point.
My developmer and distribution certificates appear to be fine — there are no errors next to their view in Keychain Access and they contain my private keys, as best as I can tell (click arrow, down it goes, there's my key.)
I notice this even before I add the certificate. I mean — it's coming from Apple? It's a file. Why would it not be signed correctly?
The errors vary with the various things I try. But the recurring one is
CSSMERR_TP_NOT_TRUSTED codesign failed with exit code 1
I've tried & referred to:
CSSMERR_TP_NOT_TRUSTED error
and the specific points in TN2250 here:
https://developer.apple.com/legacy/library/technotes/tn2250/_index.html#//apple_ref/doc/uid/DTS40009933-CH1-TNTAG19

Just seem to have figured this out. I haven't seen this answer anywhere, so I'll answer my own question. It seems as though my Keychain was missing a valid "Apple Computer, Inc. Root Certificate" and "Apple Inc. Root Certificate". As soon as I installed these, my certificates became "green" and valid.
I got these certificates from here: http://www.apple.com/certificateauthority/

Related

Nothing works for "The specified item could not be found in keychain"

I had been coding on an old Macbook Pro and was testing on an iPhone. I recently bought a new laptop and ever since then have not been able to test on my iPhone and therefore also won't be able to send to app store. I know the issue is with codesigning and I don't have my old private key so I revoked all certificates and started over from scratch and nothing has worked. I also have not been able to get any of my certificates to go to "My Certificates" in keychain access. They all go to "Certificates". Not sure if this is a problem. All my certificates are valid but still not working. Another note is that when I evaluate my certificates, I see under "Evaluation Status: No root certificate found" which may also be an issue.. All help is greatly appreciated!

Missing or invalid signature in iOS

I have not found any functional solution, between a great number of suggestion on internet. I don't know exactly where and when it stopped to work, but I have an app at Apple Store that is working fine and it is in the 1.7 version. One month ago, I have tried to implement Push Notification and, to this tool works, I have to create and manipulate some certificates (Apple Developer certificates, Keychain Access, etc). After that, when I try to upload a new version to Apple Store using Xcode, I receive the message “Upload Successful”. Some minutes after this, I receive this message in my email:
Dear developer,
We have discovered one or more issues with your recent delivery for "Habilidades Médicas". To process your delivery, the following issues must be corrected:
Missing or invalid signature -
The bundle 'com.IvanSinigagliaApps.ChkList' at bundle path 'Payload/HabMed.app' is not signed using an Apple submission certificate.
Once these issues have been corrected, you can then redeliver the corrected binary. Regards, The App Store team”
I really don`t know what I did. Maybe, I can have deleted a key (keychain) or deleted a certificate or both. All the posts I have found about “Missing or Invalid Signature” didn’t work for me; many don't push me to my issue and many other are out of date for Xcode 8.3. I will post some screens with some doubts I have to show most information I can and I hope they can work as clues to help me to fix it.
Fig 01: My Keychain Access: I can found to Certificates: 1) iPhone Developer: QRL…, and 2) iPhone Distribution: C3D….
Fig 02: Apple Developer Provisioning Profiles:
Fig 03: iOs Certificates
Fig 04: Xcode (Certificate iPhone Developer QRL… ) ???
Fig 05: Xcode: even when manual provisioning is set up (C3D…) it doesn’t work.
Fig 06: Uploading App (Signing identity Distribution C3D…
Fig 07: Uploading (C3D…)
Fig 08: Upload Successful
UPDATE #1
This is happening the same way to my 4 apps, that were loading fine before.
Still not working, but after following the instructions at Apple Developer Troubleshotings technical Note TN2318, section: Resolving Signature Verification Failure, I run the Terminal with these instructions:
codesign --verify -vvvv -R='anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.1] exists and (certificate leaf[field.1.2.840.113635.100.6.1.2] exists or certificate leaf[field.1.2.840.113635.100.6.1.4] exists)' /path/to/the.app
I receive this message: code object is not signed at all
Now, I will try to go on this clue.
Yes, it is done, after a lot of hard work.
I have a great help from Apple Developer technical Support and to short this issue what I did was trying to fix it editing my certificates. As the problems involved all my apps, it should be something with the certificates. So, the guy from Apple, John, told me to think about this information:
I see they were issuing an revoking their certificates throughout May
and created the latest Certificate on June 1st. It is currently the
only active certificate. When a Distribution/Development Cert is
revoked, the associated provisioning profiles are invalidated and the
apps will stop functioning. This is the expected behavior. Apps
distributed via the App Store are not subject to this behavior. Only
apps distributed using the Ad-Hoc distribution method.
So I went to my certificates, at Apple Developer site, and edited those that I had just revoked and edited them again. A new one was created for this particular app and I have downloaded it to my machine. I have done a new upload and now everything is working fine again, with all apps.
There was a big confusion with all my certificates and with all my apps that. This confusion came to create this issue. Now I have reorganized all this stuff and everything is fine.
That's my lesson from this issue: keep all your work organized.
I really hope someone with the same issue can fix them after reading all this post or at least find an orientation.
Thank you Apple Developer Support and everybody who has read this.

Xcode 6.3 - You already have a current iOS Development certificate or a pending certificate request

Xcode as of 6.3 is no longer allowing me to automatically perform device provisioning for a client. Has anyone else experienced this issue? I found no results when searching for this on Google...
This client has their own bundle ID and it's possible they also have their own provisioning profile for this device. So maybe Apple is matching up the bundle ID irrespective of the developer account being used for provisioning.
I was able to address the issue by modifying the app's bundle ID and manually going through the provisioning process, but I'm guessing this issue is extremely rare, so I'm not sure if this post will be of use to anyone.
When I am create new certificate from my Xcode 9.2 the error was appear
"You already have a current iOS Distribution certificate or a pending certificate request".
Just 2 step for fix this error.
Remove old certificate from developer.apple.com
Create new certificate from Xcode or developer.apple.com
My problem has been solved (I am using Xcode 9.2).
I just found that if I remove my account from Xcode, and then sign in again, it solved the issue. I did revoke my existing certificates and request new ones though as part of that process. I didn't import an existing profile.
My team has maxed out on release certificates, because apparently there is a quota.
We had to delete one of the existing release certificates.
This issue is actually more common than you think.
Some Solutions:
I usually find that opening Xcode's settings and signing out of my account and the signing in again resolves most of those issues.
You may have an older mac that already used up that one allotted development certificate. In that case you'll want to export the developer profile from that machine. If you no longer have access to that machine, it may be time to invalidate that certificate and simply request a new one.
Another option may be to double check your build settings in your project and ensure that it's looking for the right certificate. It's fairly common in my experience for these settings to make decisions on their own, and confirming that they're what you expect may help.
Background:
When dealing with provisioning, it's really easy to get caught up with the frustration of all of the steps you need to go through. The first thing to note is if the error you see is talking about a "Certificate" or a "Profile." In your case, it's a certificate. Good.
Certificates differ from provisioning profiles in a few ways. Certificates are usually only generated twice: once for development, and once for distribution. (Exceptions to this rule are if you decide to add support for some of the special features like push notification or for generating passbook passes on a server.)
The process for generating certificates is also a little more bureaucratic than profiles. You request a certificate from Apple's Member Center. You generate a provisioning profile.
The reason for the word request vs generate is because both Apple and your iOS team's admin need to approve certificate requests. This is because certificates identify you as part of your iOS developer team, and offer all the powers associated with that.
For the sake of completeness, I'll add that provisioning profiles are generated based on that certificate, and really only tell iOS what environment your app is meant to run in. (On any device via the store, specific devices, etc.)
Now, the important part for you is the request business. Most people don't pay much attention to this terminology, since indie developers and small teams (where the developers are admins) don't require developers to ask for permission.
Your error is talking about a previously generated certificate or request. You can only have one development certificate per developer. You either have one, or you've requested one and someone has to approve.
That's what's happening here.
This process is made simple with Xcode 8.3 and 9. Just delete one of your old certifcates in the "validate" interface and click the plus button to request new one, Xcode will request for you and add it in keychain. in my case, maximum number was reached, so I deleted one which was lost in a old Mac and created new one.
This error may also be occur if you reach your distribution certificate limit. After creating 3 iOS Distribution Certificates in an account, the following error message will be displayed when you try to create 4th one: "You already have a current Distribution certificate or a pending certificate request."
Open this link
https://developer.apple.com/account/resources/certificates/add
Press + icon in front of Certificate
Check Apple Distribution section if its show the red text as shown in image then you should revoke you existing certificates to generate new one because you have reached you limit.
Just 2 step for fix this error.
Remove old certificate from developer.apple.com
Create new certificate from Xcode or developer.apple.com
Delete old developer certificate from https://developer.apple.com/account/ios/certificate/ and try to create developer certificate from xcode
1) Remove old certificate from apple developer account.
2) Go to the 'Xcode' 3) Select 'Preferences' option and then Select the 'Account' Tab
3) Select apple id from left side and click on 'Manage Certificate'.
4) Click on '+' (add certificate) button.
5) Add 'Apple Distribution' Certificate.
Unfortunately, only a macbook restart resolved this for me.
Creating another Distribution certificate was not an option, because it had already reached the max. number of certificates.
I manually added an existing one (incl. its private key) to the Keychain …and still Xcode said "Not in Keychain". I then tried to trigger a refresh of the Xcode listing by removing & adding my developer account to Xcode, but that didn't work — neither did restarting Xcode.
So, when all else fails, you try to reboot your system.
When you have three active distribution certificates that were created on distinct machines, you'll see this issue. You can either ask for the private key of a previously made one or simply revoke any of them and make your own.

Xcode Code Sign error because of no Keys in Keychain

You might think, not again such a question where are already thousands of topics about. However, I've not been capable of finding the answer I needed to fix this problem.
None of these topics go as deep as the Keychain.
When I'm trying to deploy my app to an iPhone, I'm receiving the following message:
Code Sign error: The identity 'iPhone Developer: [Name] ([ID])' doesn't match any valid, non-expired certificate/private key pair in your keychains.
Now, as said, I have been looking for multiple guides or fixes, however, none of them seemed to fix this issue.
Things I've tried:
Use Apple's walkthrough for app deployment for countless of times
Searched the internet for guides for app deployment
Changed the content of the 'pbxproj' file inside the 'xcodeproj' package.
Retrieve all available profiles from Apple's server using the Refresh button in Xcode 4.6 (allows you to obtain automatically)
After trying all of these ways, I've still not been able to solve the issue. One problem I've seen is that at first hand, the certificate in the Keychain was showing an invalid status, which is now solved.
However, if I'm right, there are supposed to be two keys attached to the certificate. A public and private key, and these are not showing.
Neither are there any keys showing in the Keys tab in the Keychain Access.
Solution
(Thanks to nsgulliver)
Do everything what the post (marked as Solution) of nsgulliver says.
If you already have an active Certificate, click the Revoke button, this won't cause any trouble, you'll simply have to re-create the keys of which then will be generated a new certificate.
Make sure you have the WWDR of Apple installed to mark the certificate authority as valid.
Follow the default Provisioning Assistant guidelines.
Provisioning profiles installed on the devices or signed with for the target might not be valid, try to go to Organizer->Provisioning profile and see if the profiles have the valid status? if not try to delete & refresh them, if they appear valid after refreshing then it might solve your problem if not then you should remove all the entries from keychain and delete profiles on your provisioning portal and try to create from scratch, if you still face the problem then take help from step by step guide tutorial
You cannot re-create matching keys, that would defeat the whole purpose of them. You need to find the old keys or start the signing procedure from scratch.
Are you using the same machine that you generated the keys on? If not, go to the other machine, export the developer profile, then import it on the new machine.
Can you restore the keys from backups? If not, stop everything you are doing and configure your computer for backups before you do anything else.
If you are really stuck, you will have to follow the signing procedure right from the very beginning, where you request a certificate from a certificate authority. This will generate new keys, and you will have to create matching provisioning profiles, then set your application to be signed with these. Dlete the old provisioning profiles, they will be useless without the old keys.
You need to lock keychain. Please see screenshot:
Required reading when you're having code signing problems:
Technical Note TN2250: iOS Code Signing Troubleshooting
Nothing will help you more than really understanding what's in your certificates and what isn't, where the necessary pieces are kept, and how they're used. This isn't the last time that you'll have code signing issues, and this tech note provides a long checklist that should help you make sure that everything is in the right place to help you develop your app and ultimately sign and submit it to the app store.
When I've had this problem in the past I've just deleted everything on my local machine and started again. So:
Delete the keys associated with your developer account in Keychain access.
In XCode open the 'Organizer' (window->organizer)
In Devices (top menu) and Provisioning Profiles (left menu), select all of the profiles and delete them.
Now hit refresh. It will ask you to sign in and whether you want to generate new keys etc, select yes and wait.
I find that this is the quickest way to fix any provisioning / key problems, as you can spend hours finding that you've missed something small.
After removing all old provisioning profiles (~/Library/MobileDevice/Provisioning Profiles/) and updating xCode, the certificates can be found again.

Valid signing identity not found - works on one machine, not the other

I realise this is a common problem that people bump into, but I'd trawled all the answers I can find but have seen nothing better than "wipe everything, start again".
I'm hoping to do a little better than that. The problem is, I can only ever get my iOS provisioning to work on a single machine. I set it up on my Macbook Air and it stops working on my iMac. So I follow the 'wipe it all' including revocation of certificates and start from scratch on my iMac and it works, but breaks my Air.
There must be some fundamental piece of the jigsaw I'm missing.
I have downloaded and installed WWDR certificate.
I have downloaded and installed my developer certificate.
I have downloaded and installed my distribution certificate.
Everything should line up. I have all of my profiles in place, but they say "Valid signing identity not found".
What certificate is missing? What represents the signing identity? What is it that exists on one machine that doesn't on the other?
I'd really like to understand this and solve it properly.
I am not that clear on this concept too but i think the problem is that you dont have the proper certificates in your keychain access.
If you open up your keychain then you will find the private key certificate in one of the keychains on the left panel.
You will have to export the private key to get a .p12 file that you can open in other machines and download the .mobileprovision from the developer website to make it work on different machines.
Shout if anything is not clear to you.

Resources