iOS and XCode: Issue with certificates - ios

I've search the web but couldn't find a solution exactly for my problem. I've created a Development Provisioning Profiles in iOS Provisioning Portal and added it to my iMac. I can successfully deploy applications to my iPhone.
Now I'm trying to deploy the same application from my MacBook Pro. I've installed the profile but gets an error:
XCode could not find a valid private certificate/valid key-pair for this profile in your keychain
I think that I need a private key from my iMac which I have to import to my MacBook Pro. Right? My question is, where can I find that private key?

When you have generated your certificate, Apple requires you to use Keychain Access for generating a certificate signing request (CSR). When you've done this, a private key has been generated in your keychain.
You got the error above because you don't have transfered this private key between your Macs.
Here is the guide to do so (the link is for mac, but it's the same manipulation). From your iMac :
Open Keychain Access in the /Applications/Utilities folder.
Select the signing certificates you want to export.
Choose File > Export items.
Choose Personal Information Exchange (.p12) as the file format and click Save.
Enter a password and click OK when done.
Transfer the p12 on your macbook, and :
Double-click the exported file that has a .p12 extension.
Extracted from :
http://developer.apple.com/library/mac/#documentation/ToolsLanguages/Conceptual/OSXWorkflowGuide/CodeSigning/CodeSigning.html#//apple_ref/doc/uid/TP40011201-CH7-SW17

Revoke the current certificate then follow the prompts regarding keychain Access when you go create new and then you should be fine.

You can still use your keychain to create the CSR, and then upload it on the new provisioning portal. Just did it the other day.

Related

ios Provisioning profile shows invalid

I have xamarin.ios app on app store and it was uploaded a 7 months ago.Now I am trying to create an update to existing app. The mac machine used for developing the app was changed now.I logged in the apple account in xcode and try to download the certificates using "Manage certificate button".It will download all certificates.
But I am getting an error in xcode says :
Provisioning profile "XXXXX" doesn't include signing certificate
"Apple distribution: XXXXXXX"
I try to re download all certificates from xcode.But it didn't solved.
When I logged in my apple developer account under Profiles sections.It shows like this
I saw in some articles says that we can revoke and extend the expiration. But when I try to edit,it shows like this.
What Should I do exactly to resolve this issue? I need to update the existing app.Please help me to resolve the issue.
First , you need to check whether use the self-created Distribution Certificates in Mac .You can not use other people generated CSR file or Development generated CSR file to generate a Distribution Certificates .
Second , if certificates is in System Group , you can copy it to Login Group . Then it will show private keys . A private keys will show valid in Visual Studio .
Have a look at this discussion : Xamarin iOS 16.5: certificate is "Not in Keychain"

Distribution certificate / private key not installed

Using Xcode 9.1, after building an iOS app, I want to archive it and upload it to the appStore for beta-testing.
But I get the following issue after clicking the button Upload to the App Store... and choosing Automatically manage signing:
"My Name" has one iOS Distribution certificate but its private key is
not installed. Contact the creator of this certificate to get a copy of the private key.
I do not know why this "private key is not installed", but the Distribution certificate may have been created on a different computer or something. In any case:
What is the simplest way to retrieve the missing private key and install it? In order to make things work.
Up to date (January 2021) (Xcode 10 - 12)
Go to Xcode - Preferences - Accounts - Manage Certificates
Click on the + at the bottom left, then Apple Distribution
Wait a little, then click Done
That's all.
You may want to revoke the old certificate on developer.apple.com too.
Old answer
Step 1: Xcode -> Product -> Archives ->
Click manage certificate
Step 2: Add iOS distribution
You can only have one distribution certificate. It unites a public key, known to Apple, with a private key, which lives in the keychain of some computer. If this distribution certificate was created on another computer, then the private key is on the keychain of that computer. And this distribution certificate does not work without it.
So to use this distribution certificate on this computer, you must find that computer, open Keychain Access, locate and export the private key, mail it or otherwise get it to this computer, and import it into the keychain of this computer.
If you go into the Accounts pref pane in Xcode and double-click your Team, you'll see a dialog that gives you help with this. If you see your distribution certificate and it says Not In Keychain, you can control-click that certificate to get a menu item that lets you email whoever created the certificate and ask them to send it to you. That person can use this same import to choose Export Certificate and can email you exported certificate.
Either way, the private key or exported certificate will be passworded. You'll need to know the password in order to use it.
This answer is for "One Man" Team to solve this problem quickly without reading through too many information about "Team"
Step 1) Go to web browser, open your developer account. Go to Certificates, Identifiers & Profiles. Select Certificates / Production. You will see the certificate that was missing private key listed there. Click Revoke. And follow the instructions to remove this certificate.
Step 2) That's it! go back to Xcode to Validate you app. It will now ask you to generate a new certificate. Now you happily uploading your apps.
Add a new Production Certificate here, then download the .cer file and double click it to add it to Keychain.
All will be fine now, don't forget to restart Xcode!!!
EDIT: I thought that the other computer is dead so I'm fixing my answer:
You should export the certificate from the first computer with it's private key and import it in the new computer.
I prefer the iCloud way, backup to iCloud and get it in the new computer.
If you can't do it with some reason, you can revoke the certificate in Apple developers site, then let Xcode to create a new one for you, it'll also create a fresh new private key and store it in your Keychain, just be sure to back it up in your preferred way
People's answer here about having the key from the computer is generated are accurate. But if things are still failing, try restarting Xcode after installing a cert
revoke all distribution certificate for developer.apple.com and the validate your app in Xcode there will be the option to create a new distribution certificate after you can export key for further use.
This work for me.
Just for anyone else who goes through this, the answers above are correct but it can still be a bit confusing especially if you have multiple certificates. These were the steps that I took:
First take note of the date in the actual distribution certificate that is missing its private key. Then go to the keychain application on the other computer and type iOS in the search bar. It will show all of your iOS Developer and Distribution keys so you have to find the right one.
Click the right arrow of each iOS Distribution entry to reveal the certificate and find the one with the correct date and export that one by right clicking and selection export.
Then just import it in the keychain of the new computer and at least with Xcode 9.3 it immediately recognizes it and corrects the error so you can now upload your achieve.
If you are using the certificate in a new computer or not. The easiest thing to do would be to revoke the previous certificate relating to the project. Then re-upload to the store. Xcode will generate a new one.
In my case Xcode was not accessing certificates from the keychain, I followed these steps:
delete certificates from the keychain.
restart the mac.
generate new certificates.
install new certificates.
clean build folder.
build project.
again clean build folder.
archive now.
It works That's it.
i tried all mentioned solutions available on the internet but no solution working on my Mac, then i created a provisioning profile manually on apple developer website from certificates and identifiers. By importing that file manually app successfully uploaded on appStore follow below steps
On Developer website
1-go to this link https://developer.apple.com/account/resources/certificates
2- In profile Section create new profile by using app bundle identifier
3-Download it and save it an where
On Xcode
1-Go to Signing and certificates
2-Disable automatically manage signing
3- Select provisioning profile in its section
4- Archive the app
5-Click Distribute App ->ApStore connect ->Upload->Next-> Then Select Profile from XXXX-app section when it download it show inside this section and now upload it
Click on Manage Certificates->Apple Distribution->Done
In my case, after revoking the old certificate and creating a new one, Xcode was showing the same error (I've done a clean build and removed the derived data folder).
In that case, try to manually manage signing.
After that, check the second field and set the appropriate one.
Note: After uploading the build, I needed to wait for 15 min to see my build in the app store connect.
Adding to the above answers,
If you have admin access on this account create new certificate and use it to publish. I just did that and it passed.
1- Create new Certificate Signing Request (KeyChain Access > Certificate Assistant ) and save to the disk
https://help.apple.com/developer-account/#/devbfa00fef7
2- Login into your apple developer account > Certificates and Identifiers > Click + to add new certificate)
3- Upload the signing cert you created in step 1, click next and download the certificate
4- Double click the certificate to install it. Make sure it is trusted and showing "This certificate is valid".
5- Try to archive again now and choose automatic signing.
That should do it.
just click "manage certificates" -> "+" -> "iOS distribution"
go to this link https://developer.apple.com/account/resources/certificates/list
find certificate name in your alert upload then
Revoke certificate that
if you have certificate you download again
upload testflight again
If you are being stuck on this problem. After switch the computer and not able to upload your build to App Store. Simply click manage certificate on the error page, the + plus on the bottom left corner and create a new distribution certificate. Then you'll be good to go.
I am also facing the same issue in xCode (v12.4) and created two more distribution certificates but nothing get worked for me.
Solution : Restarting xCode seemed to do the trick for me.
I was facing the same problem with Xcode v11.3
Upgrading to Xcode 11.6 solved the problem for me
This can happen if your MacBook has a battery issue and powers out unexpectedly. Your date is reset to an old date and if you opened XCode, it probably recorded that date and that may have caused the signing issue with certificate.
THIS IS HOW I RESOLVED IT
Went to Settings and set the correct date and time.
Clicked on the XCode option on the top left.
Clicked on Quit XCode.
Restarted the MacBook.
I reopened XCode, archived my app and it had no issues with the signing certificate.
I hope it works for you. An upvote if it does.

Build & Archive Failed in XCode 7.3 for the imported XCode Project

I'm new to the Mac platform - using Mac OS X El Capitan and installed XCode few days back. There is this iOS Application that was developed by a freelance person and now we have the source code of that. I'm trying to generate an .ipa file by building & archiving the application but it's failing regularly with below error:
No code signing identities found: No valid signing identities (i.e. certificate and private key pair) matching the team ID “E3NXR7ESXS” were found.
List of steps that I did to Build this Application:
Double-clicked on the .xcodeproj file, it opened the project on the XCode
Tried to Archive the Project but this icon was disabled so looked over the web and found that under the Menu Items select the Product
-> Destination -> Generic iOS Device (Since no device is attached to the Mac) and then the Archive option was available.
First clicked on the Build and it said the Build is successful
Second tried to archive it and it failed with the error:
No code signing identities found: No valid signing identities (i.e.
certificate and private key pair) matching the team ID “E3NXR7ESXS”
were found.
So I checked over the web and found many answers but I'm not sure
where to proceed as most of them talks about exporting/importing a
developer profile OR link the developer profile with the application
and since I don't have both so its a mess for me right now. Also there
are answers like deleting old certificates/profiles but when I checked
under the preferences there aren't any and nether any of my account is
linked with the developer profile.
The only thing that I want is to generate an .ipa file so that it can
be further used.
Note : My Mac is totally new, installed the latest version of XCode and after importing a project I need to Archive it to generate an .ipa file. Also there is no device attached
It's been a 2 days since I'm struggling in this. Please help me out or
give me a direction from where I can see the list of steps (like if I can generate a new certificates or link my account with this application) for what to do with the imported project and generate the .ipa file from it.
You need to get the private key from the freelance developer. The certificate can be downloaded from the apple developer site.
If they do not have the private key or you cannot reach them, you will need to generate a new certificate and private key pair to sign your application.
If you need to generate a new certificate, here is a good guide. Note, in order to not get in this same situation when the certificate expires or if your Mac dies, make sure you backup the private key from your keychain (select it and export it, save it to a network drive somewhere safe), and the cert signing request (.csr) file. The CSR will allow you to generate a new certificate that uses the same private key. You can always generate a new CSR from the private key, so the private key, usually exported as a .p12 file, is the most critical one to back up.
Note that if you invalidate a certificate, any apps built with the certificate will stop working.

Transferring Apple dev account & certificate to new machine

I've recently attempted to transfer my apple dev certificate to a new mac, however, the provisioning profiles are appearing as valid signing identity not found.
I imported my developer account into Xcode5 and when I deploy a build, I get the option to fix the issue of not having a valid signing - this generates an iOS team provisioning profile for the bundle id.
So far have found this is fine for testing - we distribute ourselves not using the app store.
If anyone would be able to give me a heads up on whether this is an okay method, or whether I will need to generate a new certificate for distribution in case we do use the app store for distribution.
If you still have access to your previous computer, you can export as p12 the private key you used to generate the Apple certificate.
Go to keychain, select the iOS certificate and right click to export it. Then import it to your new computer and you do not need to generate new certificates.
what you need to do is to remake the developer and distribution certificates for your new mac and install it then, you update your provision profile with the new certificate, reinstall it and everything works
PS: for remake your developer and distribution certificates you have to go in the keychan
Certificate Assistant > Request a Certificate From a Certificate Authority..
then add your email and common Name, check Saved to disk. Finally Into the developer web site you remove your old certificates and create the new one with the new file that you have in the disk.
Did you export from Xcode → Preferences → Accounts like Apple's guide suggests?
Did you also export your private key from the keychain? I have seen this issue before, and that was resolved by exporting and importing the private key.
If you do want to distribute on App Store later on you will definitely need to import a valid certificate, yes.
here you can find a solution or ask your problem to a developers Apple support:
https://developer.apple.com/support/
Other way you can call the developer support center here:
https://developer.apple.com/contact/phone.php

missing private key in the distribution certificate on keychain

I have the following problem which I could not find a solution for anywhere. Basically, we have a company developer account (not enterprise) and so in order to submit our app, I requested from our team lead to send me the distribution certificate and create and send me a distribution provisioning profile.
With the developer profile, everything works good, but when I installed the cert and the provisioning profile, I did not see the distribution profile on Xcode, and nor do I have a private key under the dist cert in the keychain.
Does anyone know how to solve this? I read in diff places that I will need to revoke the certificate and create a new one, but I can't really do that since we have a bunch of apps in the company and I can't revoke it for everyone.
Ahh this is a common issue, The solution is simple:
Who ever created the developer credentials originally needs to go to the keychain on their computer and right click on the key(s) for private and public and export the key to a file.
Then you just download that file on your computer and open it, and it will be added to your keychain.
You need to have both the private key (.pem file) and the certificate for your provisioning profiles.
As long as you still have access to the mac which was used to generate the original distribution certificate it's very simple.
Just use that mac's Keychain Access application to export both the certificate and the private key. Select both using shift or command and right click to export to a .p12 file.
Attached a screenshot to make it very clear.
On your mac, import that .p12 file and you are good to go (just make sure you have a valid provisioning profile).
To add on to others' answers, if you don't have access to that private key anymore it's fairly simple to get back up and running:
revoke your active certificate in the provisioning portal
create new developer certificate (keychain access/.../request for csr...etc.)
download and install a new certificate
create a new provisioning profile for existing app id (on provisioning portal)
download and install new provisioning profile and in the build, settings set the appropriate code signing identities
Delete the existing one from KeyChain, get and add the .p12 file to your mac from where the certificate was created.
To get .p12 from source Mac, go to KeyChain, expand the certificate, select both and export 2 items. This will save .p12 file in your location:
For person who are afraid on re-creating AppStore distribution certificate Apple documentation says:
Important: Re-creating your development or distribution certificates
doesn’t affect apps that you’ve submitted to the App Store nor does it
affect your ability to update them.
But it affects apps for Apple Developer Enterprise ecosystem.
I lost hours and hours to resolve this issue, but it's fixed by just restarting MAC...
In my case, I've lost all private keys in my keychain, new ones were imported correctly, but doesn't show the private key as well. The only thing that helped was generating new CertificateSigningRequest
After you changed a Mac which are not the origin one who created the disitribution certificate, you will missing the private key.Just delete the origin certificate and recreate a new one, that works for me~
When I try to upload iOS build to test flight then error was appear.
"Missing privacy key".
Just 2 step for fix this error.
Remove old certificate from developer.apple.com
Create new certificate from Xcode or developer.apple.com
My problem has been solved (I am using Xcode 9.4.1).
Please check, Xcode created new certificate.
If you are creating your own Distribution cert, not using someone else's then this could help.
Spent quite a bit of time on this today, issues from not being able to create a SigningRequest to generating a distribution cert and not having it attached to my private key in KeyChain Access. These steps helped solve this for me.
If you are still having issues, revoke your current cert and start fresh.
Creating a new signing request
The Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority is actually contextually aware of what you currently have selected when you launch it. Just to be sure that you aren't accidentally skewing your Request with some random selection, go to your Login Items and select the Apple Worldwide Developer item. Then launch the above Request and create the CertificateSigningRequest.certSigningRequest file.
Go to Apple Dev portal, add new distribution certificate, upload your CertificateSigningRequest.certSigningRequest file and download the newly created distribution certificate.
To import the distribution cert into your keychain, instead of just double clicking it, I recommend opening your keychain, go to "login/Certificates" area and drag and drop the cert here.
I had an issue where my cert would auto-install into the System area, instead of the login area where my private key existed and this caused my key not to be linked to the new cert.
At the Menu > Visual Studio (mac) > Preferences > Publishing > Apple Developer Accounts > [Select your apple id] > View Details > Create Certificate
To delete unused/invalid certificates, go to website: https://developer.apple.com/account/resources/certificates/list
delete any unwanted certificate there
Next is to create App ID (identifiers), go to website:
https://developer.apple.com/account/resources/identifiers/list
Next, go to website to create provisioning profiles:
https://developer.apple.com/account/resources/profiles/add
use the certificate to bind with your app id.
Next is to download the profiles:
At your mac > At the Menu > Visual Studio (mac) > Preferences > Publishing > Apple Developer Accounts > [Select your apple id] > View Details > Download All Profiles
I got into this situation ("Missing private key.") after Xcode failed to create new distribution certificate - an unknown error occurred.
Then, I struggled to obtain the private key or to generate new certificate. From the certificate manager in Xcode I got strange errors like "The passphrase you entered is wrong". But it did not even ask me for any passphrase.
What helped me was:
Revoke all not-working distribution certificates at developer.apple.com
Restart my Mac
After that, Xcode was able to create new distribution certificate and no private key was missing.
Lesson learned: Restart your Mac as much as your Windows ;)
I accessed that certificate on apple's developer website and after downloaded it I opened it. Likewise, at open I got a little window asking if I wanted to add the certificate to keychain. Just tapped "add" and the "missing private key" error was gone.
My problem was that for whatever reason, the login keychain was missing in the Keychain Access. Xcode created a new certificate and added it to the login keychain but could not use it. Restarting the computer solved my problem.
Just to shed some light on this.
After I deleted my p12 certificate from Keychain. I re-downloaded my own certificate from Apple developer portal.
I was only able to download the certificate. But to sign you need the private key as well. So you either:
export both private key and certificate from Keychain to get it.
Upload a Certificate Signing Request and generate new certificates
That certificate by itself has no value for signing purposes. My guess is that the private key is created by keychain the moment you 'request a certificate from a certificate authority' but isn't shown to you until you add its matching certificate.
Check whether you are using Login or not to add the certificates, if you are checking in System at top left hand side then we wont be able to see it.
So drag and drop the .cer into login then check you are able to get the private key or not.
I'm the creator of the key, but the key was attached to an expired Certificate.
To solve it I went to -> Xcode/Preferences/Accounts/"Account you use to archive"/Manage Certificates..
Then click on the dropdown menu with the "+" sign on the bottom left corner, and choose the type of certificate you need updated (mine was Apple Distribution).
This updated my new certificate with its key attached.
Contact with the creator of iOS Distribution key and tell to export certificate and private key, then just download and double click it to access in your keychain.
I assume you have switched device and trying to create a new certificate for your new device,
First revive the development certificate form the developers portal,
Go to xcode > preferences > accounts > select your apple id with the dev portal access > manage certificates > click on the team account > click on the little + button > click on apple distribution
Go to the apple developer portal , you can see a distribution certificate is created ,
Go to profiles create a new profile with the new certificate.
Download > install
done
An old XCode version will also cause this. I was on XCode10 (old for 2022). Updated to latest version, which resolved the issue.
I could resolve this problem by updating macOS and XCode.

Resources