I've generated distribution provisioning profile for my ios app, but I cannot sign my application with it, I get this error:
profile doesn't match any valid certificate/private key pair in the default keychain
The developer certificates works well, I can upload my apps to my tests devices,
but I've noticed this warning for distribution profile: Valid Signing identity not found
Can this be a source of my problems for distribution provisioning profile or is this expected warning?
and I suspect that it forbid me from signing the app for the app store upload
I'm pretty sure that I've made all my bundle (app?) identifiers consistent
There are two sets of public and private keys you need to have in your keychain.
One of them will be prefixed with "iPhone Developer:" and the other "iPhone Distribution:".
Make sure both are in your keychain by opening the Keychain Access application within your "/Application/Utilities" folder. If you don't see both, then there's your problem (and you'll need to import your keys from another machine that does have the keys installed).
Don't Lose you keys!
If you bought a new computer and did not export your keys and you don't have the computer your S.O.L. you have to start the process all over again.
Related
I'm trying to develop my first iOS App on my mac (OS 10.8), the application contains a push notification service. I followed the below steps to create my App ID:
Give a name to the APP ID
Set the Bundle ID.
Check the Push Notification checkbox
Create App ID
Generate a certificate, by uploading the request created by key chain access, then downloading and installing it on key chain access, exporting into .p12 file.
Create Provision Profile, Download and install on my Xcode organiser (XCode 4 updated version) and on my device to test.
The project work well on the simulator (except get the token and that's normal). However when installing the provisioning profile on the Xcode Organizer it gave me :"valid identity is not found".
Checked and tested Many Solutions:
Delete Cert from Dev Center and Key Chain Access.
Delete Provision profile recreate it.
Install provision profile directly from Xcode.
Delete Created Keys from key chain and create new ones.
Many suggestion has been provided:
Your Keychain is missing the private key associated with your iPhone Developer or iPhone Distribution certificate.
Your Keychain is missing the Apple Worldwide Developer Relations Intermediate Certificate.
Your certificate was revoked or has expired.
Online Certificate Status Protocol (OCSP) or Certificate Revocation List (CRL) are turned on in Keychain Access preferences
None of the above fixed the problem.
Would you please provide a solution for this problem and thank you in advanced.
i had discover my problem. i work in a company and there is my partner have generate the developpements certificate on his own mac. i work on a different mac. so what i need, he must export the key and the certificate from his key chain access and give it to me.
that's it.
beginner's problem :d
First of all make sure your Bundle Identifier match with the bundle Identifier included in the provisioning profile. And you have correctly added your iPhone's UDID to the developer account under devices and then add the bundle identifier and device to the provisional profile. Also make sure you have requested the certificate from your own Mac and then installed the certificate after downloading it from the developer account. And there will be a key under your certificate.
Many things may go wrong, so simply try these steps, even if you've done them before.
Make sure your Bundle identifier is the same at both in Xcode and in iTunes Connect, it's a good practice to fill it manually instead of Xcode's template, as it IS case-sensitive.
Check that your testing device's UDID is listed on the Devices list at developer.apple.com.
Create a new provisioning profile with a new unique name, for your app's bundle ID, make sure, again, that it's the same bundle ID (case sensitive) and make sure you have your newly-added device UDID (or the existing one if you had it correct before) in on the provisioning profile. Take a note of the developer certificate that the provisioning profile is bound to.
Download the newly created provisioning profile AND the development certificate that the provisioning profile is for. Clean your project's build folder (open Product menu from the menu bar, press and hold down the option button on your keyboard, and select 'Clean Build Folder...', exit Xcode.
Open both your provisioning profile and certificate. One should open in Xcode, the latter, in Keychain access.
In Keychain access, make sure you have the private key to your non-expired, non-revoked developer certificate. (if not, you need to either find its private key (e.g. in another keychain or in another Mac. It should be on the Mac that the CSR is created on, or if none are available, revoke it and create a new certificate, and start over this process)
In Xcode, make sure you are using the provisioning profile, NOT overriding it (e.g. you've selected a different value under 'Debug' or 'Release' options by mistake).
In Xcode, make sure you are using the correct development certificate (the one that is bound to the provisioning profile) and not overriding it under Code-signing identity section's Debug or Release, or in 'Any iOS SDK' sub-item underneath them. If everything worked, Xcode should offer you the correct certificate for your provisioning profile.
Your project should build. Seriously, I can't think of anything else.
The client has given me the distribution profiles, how can i add the profiles in xcode 5?
As far as i know distribution certificates are responsible for distribution profiles. Importing distribution certificate enables and add all the distribution profiles in xcode. Without certificate distribution profiles can't be used.
Please correct me if i am wrong and suggest the work around for importing profiles in xcode 5.
Deployment phase is new for me.
Thanks
Importing the profiles is just double clicking on them. You can't use the profile without the private key for the certificate that was used to generate the profiles. This need to be exported from the keychain (usually as a p12 file) and imported onto your development machine.
It is possible that the client exported a package containing all of this info using Xcode, then double clicking should install everything required.
Importing distribution certificate enables and add all the distribution profiles in xcode
No, importing one doesn't automatically import the other.
There are no workarounds, you need to be supplied with both the certificate (private key) and the profiles.
A distribution profile is basically a way to make a trust relationship between a particular distribution certificate (which identifies your organisation as a registered Apple development organisation), a particular app or group of apps (identified by an AppID like com.foo.bar.myawesomegame), a set of valid devices where the app can be installed (in the case of ad-hoc distribution; in the case of App Store distribution this is not required), and a set of enabled services, like In-App Purchases.
In your particular situation, if the client wants to test your app, and you are provided with a valid distribution provisioning profile (a file with .mobileprovisioning extension), you also need to install a valid distribution certificate on your computer. The client can download this certificate from http://developer.apple.com (Member Center) and send it to you so you can import it on your machine with a double click on the .cer file.
To enable external users test an app, there's a simpler process, providing that your organisation is a registered Apple development organisation: First, you generate a distribution certificate from http://developer.apple.com. Then, you create a distribution (ad-hoc) provisioning profile and add the distribution certificate and the UUIDs of the iPhones the client wants to use for testing. The client can get the UUIDs from the iTunes app, for example. Then, you can download both the certificate and the distribution profile to your computer, double click to import them into Xcode, and finally sign the app (.ipa file) so that the client can test it on their own devices. You can do that by choosing Product, Archive in Xcode and selecting your distribution certificate and provisioning profile.
Ok, I am completely pulling my hair out on this one.
Back in July I created a provisioning profile so I could test on my iPad.
Then at the end of August I tried submitting my first App to the iTunes Store. The process was a complete nightmare, and I struggled. A lot. In the end I found a tutorial with relatively recent information in it, and only by following it step by step could I actually get anywhere with this. Unfortunately the result of this was that I created a new provisioning profile.
Now when I try to test on my iPad I get the following error in Xcode:
Certificate identity 'iPhone Developer: MyName' appears more than once in the keychain. The codesign tool requires there only be one.
I check the keychain, and sure enough there are the two provisioning profiles for development, one from July and the one I used to submit to the iTunes Store in August.
Now what I want to do is get rid of the old one, and then connect my iPad up to the new one. I can get rid of the old one fine, but I cannot connect my iPad to the new one, it insists on using the old profile, even to the point of re-attaching it to the keychain after Ive deleted it.
Can anyone tell me:
How to connect my iPad to the new provisioning profile?
And while we are at it, can anyone shed any light on why this entire process is so convoluted and difficult? Considering that so much of Apples interface is so well designed and fluid, this process of registering certificates and applying them to different devices and Apps seems so backwards. I initially suspected this was just me, but googling for these error messages reveals that there are many who are struggling at various points along this process.
This has nothing to do with Xcode and everything to do with keychain.
Open keychain.
Find the signing certificates that are tied to your provisioning profiles.
Delete one. You probably want to keep the newer one, so look at the expiration dates and remove the one that expires first.
Restart Xcode
You may need to update your provisioning profile if it isn't tied to the new certificate, but it won't be as painful as creating a new certificate.
Here's a broad overview of how code signing in Xcode works. It a bit much but will explain what's wrong with your configuration, and how you can fix it.
There are three parts to the mechanism that ensures that you are who you say you are and that your app is allowed to run where it wants to.
You've got a pair of keys, one public and one private. Your public key matches your private key, which identifies you.
Your keys are used to generate certificates. Generally, you'll have one certificate for development and one for distribution,either on the App Store or via Ad Hoc distribution. These certificates permit you to provision your apps.
Each certificate is used to generate provisioning profiles. The profiles must be attached to either a development or a distribution certification. A distribution profile either works on the App Store, or it contains a list of device IDs which may run apps signed with that profile.
If your certificate is expired, the provisioning profiles that are created with it are going to be invalid. In this case, replace both the certificate and the profiles. Generate a certificate signing request (CSR) from Keychain Access and upload it to the developer portal.
If you have multiple certificates in your keychain, Xcode won't know which one to use. This may happen if you renew your certificate and don't remove the old one. (It may also happen if you exported your developer profile and then imported it later. Your old certificates will carry over.)
If your provisioning profile is expired or invalid, you can renew it in the developer portal without generating a new CSR. You can just attach it to an existing valid certificate.
Certificates can't be carried over from one machine to another without moving the original key pair that requested it. Exporting the certificate from Keychain will export the keys as well.
Delete the old one, and start build with new.
One more way you can try , set code signing identity with profile you want to run in both target as well as project build setting.
Hope it will help you.
Otherwise you have to delete old one.
Is my understanding regarding the provisioning profiles, certificates correct (during development)?
Apps are signed with a developer certificate from xcode when installing on the device? The certificate should exist in the provisioning profile (stored in the IPad/IPhone) and the deviceid of the installing device should also be present in the provisioning profile.
So when you click on an app when the device is not connected to your developer mac, the app's signed certificate should match one in the provisioning profile (which exists on the device) and the device id should also match one in the provisioning profile, only then the app would run.
When the device is connected to mac running the xcode and you want to debug, then the public+private key stored in the keychain comes into play, xcode tries to unlock the public+private key stored in the keychain using the certificate and hence identifies the mac, and also executes the bullet above and if that is true as well, then you can successfully debug
First of all, selecting a provisioning profile in Xcode is misleading; building in Xcode actually has nothing to do with the profiles whatsoever! What actually happens is Xcode just matches the public key certificate in the profile to one in your keychain, then uses the private key to sign the executable. That's bog-standard Mach-O executable signing. This is also why they've changed it in Xcode 5 to be clearer. That's also where the errors on the profiles (Signing identity not found) come from - it means Xcode couldn't find a private key corresponding to any of the public keys in the profile.
Your personal developer certificate is standard PKI stuff; your Mac sends a request to Apple for a certificate in a way that Apple doesn't know your private key (similar to SSL certificate requests). Apple generates the certificate and the keychain matches it up with the original request, giving you the public and private keys for the cert. When a profile is created for an individual developer, that developer's public key is listed. When a team profile is created, the public keys for all the chosen team members are included. This allows the team members to sign the executable, but the name of the signer will be the team name instead of the individual.
When iOS goes to launch any executable, it first checks the signature. If the signature is signed by Apple App Store, then it runs.
If not, it then checks the installed provisioning profiles. The profiles include:
1. A list of developer certificates
2. An app ID
3. Entitlements to grant (e.g. iCloud, Game Center, etc)
4. A list of device UDIDs
5. The whole thing is wrapped up and signed by Apple.
The profile is checked to ensure it was signed by Apple's key (using Apple's public key). It then validates that the current device's UDID is in the list. It also validates that the application ID matches (though wildcards are allowed). Then it checks the Mach-O signature against the list of valid developer certificate public keys. If any of them match, the executable runs and is granted the listed entitlements. If not, it is blocked.
I highly suggest opening up a .mobileprovision file in a text editor; you'll learn a lot!
I got an ios app, whe i trying to build it on device, XCode shows me this error:
Code Sign error: The identity 'iPhone Developer' doesn't match any valid, non-expired certificate/private key pair in the default keychain
Any ideas? What is the reason?
Except for the provisioning profile, you need also the private key/certificate exported from the keychain of the creator of the provisioning profile.
Look here
You will have to buy a development certificate in order to run your developments on your device.
Of course you can use the simulator free of charge.
To get a valid certificate - you need the user that issued the development certificate for this app to export the certificate files physically from his Mac. This means opening Keychain Access, right clicking the certificate and selecting "Export...". Then when you get this certificate, just open it and it will be added to your chain.
I just delete all profiles from Key-chain. And the create new profiles in developer.apple.com