I have to sign a BlackBerry application so that I can load it onto the device, but the system that the signature keys I got from RIM are installed on got formatted. Now I am trying to install the signature keys on another system, but the server prompts me for this:
"Unable to register client '2909103544' because there are no more registration attempts. If you have already registered with this server, then you must contact RIM to register additional user."
Can we install these keys on only one single computer? Do I now have to purchase new keys?
you have to re purchase the keys, since they are for single developer, single pc
BlackBerry JDE Plug-in for Eclipse Users:
Save all 3 .csi files in the same directory (each one will be sent in a separate email message).
Start Eclipse.
Click on the BlackBerry menu and choose Install Signature Keys.
Select one of the 3 .csi files saved in step 1 and click Open.
Click "Yes" to create a new key pair file.
Type a password for your private key of at least 8 characters, and type it again to confirm. This is your private key password, which protects your private key. Please remember this password as you will be prompted for it each time signing is attempted or a signature key is installed.
Move your mouse to generate date for a new private key.
In the Registration PIN" field, type the PIN number that you supplied on the signature key order form.
In the Private Key password field, type the password created in step 6.
Click Register .
Click Exit .
Repeat this process for the other csi files.
Related
I had a lot of trouble getting through this because much of the information out there was out of date. I figured I'd post my own Q and A.
1) Login to developer.apple.com with your membership ID and go to Certificates, Identifiers and Profiles
2) Go to the keys section
3) Click add, give the key a memorable name and enable APNs
4) Pay attention to the Key ID (note it)
5) Download the .p8 file that gets created, open it in textedit (or some editor) and copy the key that's inside. Mine had -----BeginRequest ----EndRequest... I just ignored that and copied the key itself
6) You will also need your app id. Usually goes com.company.ProductName
7) You will also need your team id. You can get this from your Membership Details Page (go back to main account page and choose Membership, then look for TeamID)
8) Finally, go to Azure Notification Hubs and configure APNs.
9) Enter the key id that you noted from the key you generated
10) Enter the app id in App Name field (I know this seems weird but trust me). Example com.Company.Product
11) Enter the team id in the App Id field. (Yes, this is a little strange)
12) Finally take the token you copied from the contents of .p8 file and paste that in token field.
13) Select whether its a Sandbox (debug) or Production and you are all set.
If it works without error you are ready to go. If you get an error you probably didn't enter the information correctly for one of the steps. Pay close attention to App Name and App Id because they are misleading. Follow the above instructions closely.
The OP has already figured it out, but in case someone's wondering in the future, there's an official blog post about it: Token-based (HTTP/2) Authentication for APNS with screenshots and property name mapping.
In an attempt to build an iOS project (in XCode), I need to import my colleague's public and private keys for the code signing identity, but I am unable to do so because I get an error in Keychain Access that says "An error has occurred. Unable to import an item. / The contents of this item cannot be retrieved"
FULL DETAILS:
I have got two keys from my colleague's computer, exported them from his Keychain as two files:
Roomer Inc.p12 (the private key)
Roomer Inc.pem (the public key)
When he exported these, he left the password blank (Although we also tried with a password of "test" and got the same results).
When I double-click Roomer Inc.p12 (for the private key), it opens in Keychain Access and promts me to choose the keychain ("login" is selected by default)
I click "Add" and then I am prompted for the password to the keychain (which I leave blank)
Next I always see this message in Keychain access:
However, despite this message appearing, when I click OK, I see a new private key entry for "Roomer Inc". Note that this entry is a private key in the "login" key chain as I would expect, but has no expiration date (should it?)
Next, for the Roomer Inc.pem file (the public key) I am asked to choose the keychain ("login") and I click Add
Then, I also get the "An error has occurred. Unable to import an item. / The contents of this item cannot be retrieved" message for the public key as well. In this case however (unlike the Private key), I do not see any entry corresponding for what I just added.
So, it appears that the private key entry may or may not be OK (I have no way to verify), and the public key entry for Roomer cannot be installed in the keychain without this error message. Please note that I also tried using the security import command to import the public key :
$ security import Roomer\ Inc.pem -f pkcs12 ~/Library/Keychains/login.keychain
1 key imported.
When I do this, although the command returns "1 key imported" I do not see a public key for "Roomer Inc" in my Keychain Access window (I closed out Keychain Access and re-opened it).
Either way, we have identified that this is our blocker. (The symptom of course is that the XCode project won't build for the AdHoc provisioning profile to be used with TestFlight). I have left off the additional steps regarding the XCode build and TestFlight setup, because we believe the core problem has to do with importing the keys as explained above.
We figured out our problem, and I am posting my answer here so that others may find it helpful.
The problem is really a UX problem with Keychain Access. Let me back up and give a little context: when you create a distribution certificate with Apple, you create it based on a PRIVATE KEY and App-based permissions.
In Keychain Access, the distribution certificate is listed as a child below the name of the private key that it was created from. Here's the catch: When you use the search box in Keychain access (in my case we were typing in "Roomer" because that's the name on our distribution certificate), it won't look for a certificate with that name, it will look for a certificate attached to a private key for that name.
So my colleague had create a distribution certificate based on a private key that was named "Jorge Davila" (his name), even though the distribution certificate was named "iPhone Distribution: Roomer Inc."
When he searched for "Roomer" in Keychain Access, the correct one was NOT displayed in the search results because the key this certificate was created from was named "Jorge Davila" not "Roomer". Thus, he was exporting the wrong certificate and didn't realize because there were others (some expired) with that name.
Here's how the correct one looks:
This is a relatively nuanced problem with the UX of Keychain Access and the fact that the search tool doesn't give you the results you expect it to. I am posting this answer in the hope that others may find it useful.
When creating ad hoc provisional profile, it asks for Certificate Signing Request.
It seems it would yet create a new set of public/private key pair? Can I use an existing one?
Below is the instruction given. The step I have in question is "create a name for your private key". I already have two key pairs I wish to use existing ones.
To manually generate a Certificate, you need a Certificate Signing
Request (CSR) file from your Mac. To create a CSR file, follow the
instructions below to create one using Keychain Access. Create a CSR
file.
In the Applications folder on your Mac, open the Utilities folder and
launch Keychain Access.
Within the Keychain Access drop down menu, select Keychain Access >
Certificate Assistant > Request a Certificate from a Certificate
Authority.
In the Certificate Information window, enter the following information:
In the User Email Address field, enter your email address.
In the Common Name field, create a name for your private key (e.g., John Doe Dev Key).
The CA Email Address field should be left empty.
In the "Request is" group, select the "Saved to disk" option.
Click Continue within Keychain Access to complete the CSR generating process.
You don't need to create Separate Certificate Signing Request (CSR) each time. You can use the same CSR as many time as you can. No problem on using same CSR each time. i use same CSR for creating certificates.
But you have to create at least one time
I have taken a project created by someone else on another machine.
I have filled in the signed keys form and had my keys emailed to me.
I have double clicked on each to install them: I then go to the signature tool in the vmTools folder. selected my .cod file (built today).
I then get the list of cod files with 'not registered' next to them in the status column.
I hit the request button and get the error. 'unable to request signatures until this application has been registered with all signing authorities. what am I missing?
It sounds like the signing server may be down, you can check the current status of the signing server here:
isthesigningserverdown.com
It is always a quick and easy start to troubleshooting signatures.
Please see this blackberry.com reference.
To prevent this being lost to link rot, I pasted the important content below.
Note: if you're using the Eclipse plugin, not the old JDE, then you would go to the BlackBerry menu, select Sign, and either Install New Keys or Import Existing Keys. You must use all three files that BlackBerry (RIM) gave you. For example, to install brand new keys:
client-RBB-12341231.csi
client-RCR-12341231.csi
client-RRT-12341231.csi
or for an Import of existing keys:
sigtool.csk
sigtool.db
Problem
In certain situations, when you attempt to sign your application using the SignatureTool application, you receive the following error:
Unable to request signatures until this application has been registered with all signing authorities required.
Cause
You are attempting to request code-signing signatures for your application but the SignatureTool is not registered with all the required signing authorities.
There are two types of RIM Code Signing framework signatures:
Required Signatures - This is specified by the .csl file associated with the .cod file. A required signature is necessary to load your application on the device.
Optional Signatures - This is specified by the .cso file associated with the .cod file. An optional signature indicates that the system may perform a runtime signature check on the application. If the application is not signed, it is not allowed to execute the intended method.
The SignatureTool prevents you from signing the application since it waits until all required signatures are in place. Required signatures are necessary for the application to load successfully on the device.
Resolution
There are several different scenarios where the SignatureTool is not registered with the required code-signing servers.
Scenario 1 - Not Registered with Public Signing Authorities
There are three public-signing authorities (RBB, RRT, and RCR) that represent different sections of the controlled application programming interface (API). When you receive code-signing keys, you receive three .csi files representing the three code-signing servers. It is important to register with all three servers. To determine which signature keys have been successfully installed and/or missing, please review this article
Scenario 2 - Attempting to use a Controlled Signing Authority
There is an additional public-signing authority, the Certicom™ Crypto (RCC) signing authority, that controls access to Certicom cryptography functions on the device. Go to Certicom for more information on accessing the Certicom API’s on the device.
Scenario 3 - Attempting to use an Inaccessible Signing Authority
Research In Motion® maintains its own internal signing authorities for the protection of API’s that are not exposed or data that is not public. It is not possible to gain access to these signing authorities and any reference to Research In Motion internal methods or data should be removed from your application to allow the SignatureTool to sign your application.
Note: JDE 4.1 allows you to turn on code-signing warnings under Preferences. This determines the areas of your application that are attempting to use signatures from each signing authority.
Here's one more useful guide on the BlackBerry website
Occasionally RIM's signing server fails. I've seen it down for hours at a time.
I want to sign a BlackBerry application with the 3 CSI files I have. When I install new keys, I give the associated user id and password, but I am getting this error:
Unable to register a client bearing no
175534 because there are no more
registration attempts. If you have
already registered with this server
then you must contact RIM to register
additional users.
Can anybody tell what is next step that I need to do?
The error message seems pretty clear on the next step:
.. you must contact RIM to register additional users.
The official response from blackberry support:
Hello,
Thank you for contacting BlackBerry Application Development Support.
This error means the keys have already been registered so cannot be registered again. To have this issue resolved a new set of signature keys will need to be issued and installed. Please note that signature keys are now completely free and issued several times a day, so the fastest way to get a new set would be to place a new order:
https://www.BlackBerry.com/SignedKeys
Prior to installing this new set of keys please first delete all present CSI files as well as the sigtool.* (DB, CSK, SET) files that will reside in the sub-directories of all development tools. Make sure to write down the PIN used to place the order as well, it will be needed when installing the keys.
After registering your keys and verifying that they are able to sign I would recommend backing them up some place safe in case anything should happen to your development environment:
http://supportforums.blackberry.com/t5/Testing-and-Deployment/Backup-and-Restore-BlackBerry-Code-Signing-Keys/ta-p/837925
Go to the first URL and request a new set of keys. You should get an order confirmation email right away. In about 1-2 hours you will get 3 more emails. Each one will have a CSI key attached. (The keys are free to generate)
To avoid this issue in the future, you can back up the keys, according to the instructions in the second link (above).
Good luck!