We have already published an iOS App in the AppStore. When we try to update the App, We identified that the Signing Certificate and Provisional Profile are expired. One of my team mate recreated a PROD certificate and gave me the .p12 file. I updated the expired Provisional Profile in Apple Developer center with the new Signing certificate and configured the .p12 file in AppCenter with the newly updated Provisional Profile. But AppCenter throws an exception "Provisioning profile "XXXX" includes newer version of signing certificate "XXXX"
Not Sure how to solve the issue. Any Help is appreciated.
Tried SO search, can't find anything relevant.
I just had a similar error when I was building an iOS app with App Center.
My problem was that when I exported the P12 I didn't export the keys correctly, either didn't include the key or I selected the wrong key. Similar to the photo below:
In order to fix this issue, you need to do the following:
Go to your Keychain Access
Select login keychain
Select My Certificates tab
If you haven't imported your .cer certificate into your keychain yet, then you need to import it. You can do that by dragging your .cer file into the keychain and entering the password. What I also did is remove the imported certificate and re-imported it.
Now that it's imported, you need to export the certificate as P12 format, in order to do that you need to select the certificate and it's key (important) just like in the image below
Last, you need to right click the selected certificates -> click Export 2 items -> Select save location -> Enter Password -> That's all.
You should be able to use the P12 certificate and creating builds.
I accidentally deleted private keys and my iOS certificates from the keychain Access.
So i revoked my certificates from the iOS member center and creates new ones (with new CSR) plus new provisioning profile for my app and downloaded them.
in Xcode when i try to sign the app with the new provisioning profile its marked as ineligible and my new certificate is missing private key.
Any idea to fix this problem can i match a private key manually ?
I probably screwed up the Keychain Access on my MacBook when I accidentally deleted some of the items from there. I was not able to create the archive (.ipa) for ad-hoc distribution purpose because the certificates were not error-free (were not trusted, in red text). I repeated the steps without success - such as clicking "Request a Certificate from Certificate Authority" and creating new development and distribution certificates/profiles, deleting files from /Library/MobileDevice/Provisioning Profiles folder, /Users/owner/Library/Developer/Xcode/DerivedData folder.
I then -
(1) deleted all the keys and certificates that I had created before,
(2) downloaded the "Intermediate Signing Certificate" by clicking the link (see below), and double clicked this certificate to install it on the login keychain,
(3) I then followed the normal steps (i.e. clicking "Request a Certificate from Certificate Authority", then using this to create new development and distribution certificates, and then corresponding provisional profiles from my developer portal).
Now the certificates are free from errors (now have green check marks on the Keychain). I can now successfully make the archive (.ipa file) for distribution. Hope this helps.
P.S. My desktop Mac was fine all along, only my MacBook was screwed up.
P.S. Do not worry about the yellow warning signs on com.apple.kerberos.kdc and com.apple.systemdefault certificates found in the System keychain that said "This certificate has not been verified by a third party."
I am trying to create a development provisioning profile for my application.
I have a valid certificate in the app center and in my MacBook it also shows that certificate as valid.
I have also added my device in the app center.
I have created a development profile related to the certificate that I created before and it shows up as valid in the app center. When I refresh the provisioning profiles page in the organizer however, the provisinging profile shows the status "Valid Signing Identity not Found". I have deleted and created the profile multiple times but the same problem is repeating.
What am I doing wrong?
Make sure that you have the private key that is paired with the certificate you have.
Open Keychain Access and see if you can expand the certificate.
If you can't, it means you don't have the private key. If you don't know where the private key is, you'll have to revoke the current certificate and re-generate one, which will give you the private key.
I have the following problem which I could not find a solution for anywhere. Basically, we have a company developer account (not enterprise) and so in order to submit our app, I requested from our team lead to send me the distribution certificate and create and send me a distribution provisioning profile.
With the developer profile, everything works good, but when I installed the cert and the provisioning profile, I did not see the distribution profile on Xcode, and nor do I have a private key under the dist cert in the keychain.
Does anyone know how to solve this? I read in diff places that I will need to revoke the certificate and create a new one, but I can't really do that since we have a bunch of apps in the company and I can't revoke it for everyone.
Ahh this is a common issue, The solution is simple:
Who ever created the developer credentials originally needs to go to the keychain on their computer and right click on the key(s) for private and public and export the key to a file.
Then you just download that file on your computer and open it, and it will be added to your keychain.
You need to have both the private key (.pem file) and the certificate for your provisioning profiles.
As long as you still have access to the mac which was used to generate the original distribution certificate it's very simple.
Just use that mac's Keychain Access application to export both the certificate and the private key. Select both using shift or command and right click to export to a .p12 file.
Attached a screenshot to make it very clear.
On your mac, import that .p12 file and you are good to go (just make sure you have a valid provisioning profile).
To add on to others' answers, if you don't have access to that private key anymore it's fairly simple to get back up and running:
revoke your active certificate in the provisioning portal
create new developer certificate (keychain access/.../request for csr...etc.)
download and install a new certificate
create a new provisioning profile for existing app id (on provisioning portal)
download and install new provisioning profile and in the build, settings set the appropriate code signing identities
Delete the existing one from KeyChain, get and add the .p12 file to your mac from where the certificate was created.
To get .p12 from source Mac, go to KeyChain, expand the certificate, select both and export 2 items. This will save .p12 file in your location:
For person who are afraid on re-creating AppStore distribution certificate Apple documentation says:
Important: Re-creating your development or distribution certificates
doesn’t affect apps that you’ve submitted to the App Store nor does it
affect your ability to update them.
But it affects apps for Apple Developer Enterprise ecosystem.
I lost hours and hours to resolve this issue, but it's fixed by just restarting MAC...
In my case, I've lost all private keys in my keychain, new ones were imported correctly, but doesn't show the private key as well. The only thing that helped was generating new CertificateSigningRequest
After you changed a Mac which are not the origin one who created the disitribution certificate, you will missing the private key.Just delete the origin certificate and recreate a new one, that works for me~
When I try to upload iOS build to test flight then error was appear.
"Missing privacy key".
Just 2 step for fix this error.
Remove old certificate from developer.apple.com
Create new certificate from Xcode or developer.apple.com
My problem has been solved (I am using Xcode 9.4.1).
Please check, Xcode created new certificate.
If you are creating your own Distribution cert, not using someone else's then this could help.
Spent quite a bit of time on this today, issues from not being able to create a SigningRequest to generating a distribution cert and not having it attached to my private key in KeyChain Access. These steps helped solve this for me.
If you are still having issues, revoke your current cert and start fresh.
Creating a new signing request
The Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority is actually contextually aware of what you currently have selected when you launch it. Just to be sure that you aren't accidentally skewing your Request with some random selection, go to your Login Items and select the Apple Worldwide Developer item. Then launch the above Request and create the CertificateSigningRequest.certSigningRequest file.
Go to Apple Dev portal, add new distribution certificate, upload your CertificateSigningRequest.certSigningRequest file and download the newly created distribution certificate.
To import the distribution cert into your keychain, instead of just double clicking it, I recommend opening your keychain, go to "login/Certificates" area and drag and drop the cert here.
I had an issue where my cert would auto-install into the System area, instead of the login area where my private key existed and this caused my key not to be linked to the new cert.
At the Menu > Visual Studio (mac) > Preferences > Publishing > Apple Developer Accounts > [Select your apple id] > View Details > Create Certificate
To delete unused/invalid certificates, go to website: https://developer.apple.com/account/resources/certificates/list
delete any unwanted certificate there
Next is to create App ID (identifiers), go to website:
https://developer.apple.com/account/resources/identifiers/list
Next, go to website to create provisioning profiles:
https://developer.apple.com/account/resources/profiles/add
use the certificate to bind with your app id.
Next is to download the profiles:
At your mac > At the Menu > Visual Studio (mac) > Preferences > Publishing > Apple Developer Accounts > [Select your apple id] > View Details > Download All Profiles
I got into this situation ("Missing private key.") after Xcode failed to create new distribution certificate - an unknown error occurred.
Then, I struggled to obtain the private key or to generate new certificate. From the certificate manager in Xcode I got strange errors like "The passphrase you entered is wrong". But it did not even ask me for any passphrase.
What helped me was:
Revoke all not-working distribution certificates at developer.apple.com
Restart my Mac
After that, Xcode was able to create new distribution certificate and no private key was missing.
Lesson learned: Restart your Mac as much as your Windows ;)
I accessed that certificate on apple's developer website and after downloaded it I opened it. Likewise, at open I got a little window asking if I wanted to add the certificate to keychain. Just tapped "add" and the "missing private key" error was gone.
My problem was that for whatever reason, the login keychain was missing in the Keychain Access. Xcode created a new certificate and added it to the login keychain but could not use it. Restarting the computer solved my problem.
Just to shed some light on this.
After I deleted my p12 certificate from Keychain. I re-downloaded my own certificate from Apple developer portal.
I was only able to download the certificate. But to sign you need the private key as well. So you either:
export both private key and certificate from Keychain to get it.
Upload a Certificate Signing Request and generate new certificates
That certificate by itself has no value for signing purposes. My guess is that the private key is created by keychain the moment you 'request a certificate from a certificate authority' but isn't shown to you until you add its matching certificate.
Check whether you are using Login or not to add the certificates, if you are checking in System at top left hand side then we wont be able to see it.
So drag and drop the .cer into login then check you are able to get the private key or not.
I'm the creator of the key, but the key was attached to an expired Certificate.
To solve it I went to -> Xcode/Preferences/Accounts/"Account you use to archive"/Manage Certificates..
Then click on the dropdown menu with the "+" sign on the bottom left corner, and choose the type of certificate you need updated (mine was Apple Distribution).
This updated my new certificate with its key attached.
Contact with the creator of iOS Distribution key and tell to export certificate and private key, then just download and double click it to access in your keychain.
I assume you have switched device and trying to create a new certificate for your new device,
First revive the development certificate form the developers portal,
Go to xcode > preferences > accounts > select your apple id with the dev portal access > manage certificates > click on the team account > click on the little + button > click on apple distribution
Go to the apple developer portal , you can see a distribution certificate is created ,
Go to profiles create a new profile with the new certificate.
Download > install
done
An old XCode version will also cause this. I was on XCode10 (old for 2022). Updated to latest version, which resolved the issue.
I could resolve this problem by updating macOS and XCode.
I am developing an application for a company, they gave me the admin role so I can edit provisioning files. I am getting "Valid signing identity not found for distribution file" and "Profile doesn't match any valid certificate/private-key pair in the default keychain" error on XCode, normally I would revoke the distribution profile by creating a key chain from my mac, but the company have other applications and I can not risk revoking it because clicking revoke gives the following warning.
"Revoking this certificate may invalidate one or more Provisioning Profiles in the Program Portal. Provisioning Profiles already installed on devices will continue to run until the provisioning profile expires."
Is there a way to add a new key pair without revoking the distribution certificate, would revoking the current certificate effect other applications or are there any other solutions to this problem?
You need the private key associated with the distribution certificate.
Request the person who created the distribution certificate for the company for the private key associated with the distribution certificate. Get him to export the private key from his keychain! Ask him to remember to select both the distribution certificate and private key together before right clicking and exporting it as .p12 Select both the distribution certificate and private key together before right clicking and exporting it as .p12
Once you open the .p12 it should pair up with the distribution certificate (the .cer file you should already have in your keychain). Your provisioning profile should work fine then!
Let me know if it works!
I came across the same issue and for some bizarre reason the method clearwater82 suggested didn't work.
But I found out this documentation on apple developer site. Might be helpful for someone else. It's just two simple steps.
FIRST STEP : Exporting Your Code Signing Assets to Your File System
SECOND STEP : Importing Your Code Signing Assets from Your File System
Hope this helps someone!