SWIFT: Failed with exit code 1 (WHY?) [duplicate] - swift
I am trying to add new provisioning profile to my Xcode, to test an app on the device. Here are the steps I followed:
Deleted all certificates and provisioning profiles
Create/Add IOS Dev Certificate
Add My IOS Device Online
Create IOS Provisioning Profile
Add IOS Provisioning Profile
Clean App
Build Then Run App
Set Codesigning nd Provisioning Profile In Build Settings
Lots of Googling > to no successes
Here is the error I get:
CSSM_SignData returned: 800108E6
/Users/alexpelletier/Library/Developer/Xcode/DerivedData/MyExpense-efnqzvoqwngzcmazaotyalepiice/Build/Products/Debug-iphoneos/MyExpense.app: errSecInternalComponent
Command /usr/bin/codesign failed with exit code 1
Open Keychain Access, then in the File menu select Lock All Keychains.
Then go back to Xcode and clean and rebuild. It will prompt you for your password again to unlock the keychain.
After this, assuming you have no other compile issues, it will succeed!
This occurs when the login keychain is locked. To unlock the login keychain, run:
security unlock-keychain login.keychain
If your keychain is password-protected, specify the password using the -p option:
security unlock-keychain -p PASSWORD login.keychain
If you're using a continuous integration system, you'll likely want to inject the password via an environment variable/token, which most CI systems offer in their settings.
The error code in question is described in Apple's docs as an internal error, so it's entirely possible this occurs in other cases too.
It seems like a bug in the code signing mechanism, restarting your mac should solve the problem
Had the same issue on High Sierra/Xcode 9.4.1, all attempts to sign ended in errSecInternalComponent
Go to Keychain Access
Go to the login keychain
Select the category "My Certificates"
Find the certificate you're signing with and expand it to see the key.
Double click the key
Go to the "Access control" tab.
Update key access control to "Allow all applications to access this item"
Alternatively:
run codesign command on mac terminal and "Always allow" /usr/bin/codesign access to key
If trying to sign from ssh/CI you also need to run
security unlock-keychain login.keychain
before trying to sign app bundle
I have met the same problem, I restart my macOS,and it works.
In China,we have a saying between developers:
Little problems,just restart.Big problems,should reinstall.
Sometimes,the above saying will greatly help you!
In case it helps someone else, I encountered an errSecInternalComponent error with codesign because I was running it over an ssh session to my macOS machine. Running the same command from a terminal window on the macOS machine itself worked.
Presumably this is because codesign needs access to the private key from the login keychain.
Running security unlock-keychain login.keychain (as explained by cbracken's answer) from the same session also should work.
As pointed out by #Equilibrium in one of the comments, if you are in command line env. like Jenkins(my case), you might need to pass the password to the security-unlock command mentioned in the solutions.
So instead of using,
security unlock-keychain login.keychain
use:
security unlock-keychain -p <login-keychain-password> <path-to-login-keychain>
where path-to-login keychain can be $HOME/Library/Keychains/login.keychain(my case) or simply login.keychain
for anyone that encountered this issue from jenkins and ssh:
high possibility that you have not granted access to the private key in keychain, i tried but not sure why all of these are not working:
security import .p12 file with -A or -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k #{password} #{keychainPath}
change all provisioning profile to [UUID].mobileprovision and copy them to '~/Library/MobileDevice/Provisioning\ Profiles' on jenkins server
clean derived data and reboot jenkins server
make sure default keychain is login keychain and unlocked it.
finally resolved by:
1.ssh [user]#[jenkinsServerIP] -L 5900:localhost:5900, log into jenkins server
2.open 'vnc://localhost'
this will launch a remote screen, if your jenkins server allow this...
then open keychain.app to grant access of /usr/bin/codesign to the private key
good luck
Nothing work for me from the above Solution.
Fallowing Solution Work for me...
First Open Keychain Access
Then Select Login And click Certificates
Double click Apple Worldwide Developer Relations Certificate Authority
Open trust section, and set to "Use System Defaults" from "Always Trust"
Clean the build folder and run
I ran security unlock-keychain login.keychain and my login password didn't work. So I rebooted, and then just ran Xcode again and it worked. Running the command works as well. Strange issue.
If trying to sign from ssh run command:
security unlock-keychain login.keychain
before trying to sign app bundle
or from UI
Update key access control to "Allow all applications to access this item"
Thx to #Equilibrium and #Jon McClung
I had the same issue Found out the problem is with code signing the app.
Opened the developer account and accepted the updated agreement and it worked.
Right clicking on the private key associated with the codesigning cert in the keychain, and then clicking on 'allow all applications' instead of relying on a prompt fixed it for me, since the build was happening via ssh.
I had to:
1) delete the certificate associated to the project
2) Back to the Xcode and revoke the app certificate
3) The Xcode require a new certificate
4) Lock all KeyChain
5) Clean the project
6) Rebuild
That's it. Hope it helps to anyone.
If you get errSecInternalComponent after
Warning: unable to build chain to self-signed root for signer …
, you might have the wrong Apple World Wide Developer Relations root certificate in your keychain. In this case, make sure that you import the WWDR certificate with which your developer certificate was signed. I imported the WWDR certificate expiring in 2023 and two hours later finally realized that it didn't work because my developer certificate had been signed with the WWDR certificate expiring in 2030 (AppleWWDRCAG3.cer). Download page: https://www.apple.com/certificateauthority/
Posting a work-around that we finally had to resort to, in case someone else is running out of things to try...
After installing a new Apple Distribution certificate in our "login" keychain, our Jenkins job suddenly started to fail singning iOS apps with the same errSecInternalComponent error:
Command /usr/bin/codesign failed with exit code 1
Our build pipeline calls security unlock-keychain, and we have no problems with our Enterprise Distribution cert (which was coincidentally updated and installed in the same Keychain just a few weeks prior), where the unlocking works as expected.
After trying all the usual things mentioned in this thread and elsewhere, we ended up running codesign manually as the Jenkins user in a new Terminal window, taking the exact same command as found in the Jenkins log: /usr/bin/codesign --force --sign...
This prompted entering the password to unlock the Keychain, which we did, and then selected "Always Allow".
After that Jenkins manages to sign (as expected).
This is obviously a bit of a work-around since we might have to do this again when the cert has expired, and it's really strange that unlocking works for Enterprise certs, but not the cert used for distributing through App Store... They literally share the same pipeline.
Just try it once using mac terminal but not from ssh session
security unlock-keychain login.keychain
And choose always allow in the prompted dialog.
And then you could xcodebuild in the remote session.
The above methods are useless to me.
I resoled it by:
Open keychain access.
Click Login Menu.
Remove all personal certificates.
Clean the project.
Rebuild.
That's it. Hope it helps to anyone.
In my case, this solved.
xcode -> preferences -> accounts -> select the account -> manage certificate -> (+) in bottom left -> Apple development
Ref: https://stackoverflow.com/a/62646138/234110
In my case BUCK was trying to sign the IPA for development, but there were not any development certificates installed. Changing the build config to release (this is what I needed - to build for iTunes) fixed it for me.
Just wanted to callout if someone face similar issue what I did. In my case my apple dev and distribution certificates, keys and provisioning profiles where upto date. My iOS code build was working in user mode without any issue however it does not work due to code sign issue when the code build runs with root privileges i.e. % sudo or invoking the Xcode using sudo through command line.
So, I copied the corresponding working certificates and keys the login to the system location in the keychain tool. Then it started working without any code sign issue.
Similarly, we can export the required certificates, keys for build from the working machine and import those into non working machine's keychain tool may solve the issue.
For me, I was able to sign files when using the Mac directly or via VNC, but not via ssh. I figured it must be something to do with access to the certificate within the keychain. I was already doing a security unlock-keychain [keychain name] but this didn't appear good enough.
What finally fixed it for me was (within a direct/VNC connection, not ssh):
Make sure the keychain in which your certificate resides is locked. Close Keychain Access.
Open Terminal
Do not run security unlock-keychain [keychain name].
Run a signing process using codesign tool. You will be challenged for a password to the keychain.
Enter the password and click "Always allow"
From now on I was able to use codesign via ssh, so long as I included security unlock-keychain [keychain name] before the command.
If you have a code signing certificate with the same name in the keychain, make sure you remove it. I had one which XCode reported as "Missing private key". I had to remove it via Keychain Access before the correct certificate was used by codesign.
Related
Code Signing on Mac "error: The specified item could not be found in the keychain"
I'm attempting to sign an application on macOS Sierra, but my Developer ID certificate(s) cannot be found. Can anyone clarify what I'm doing wrong? Thank you! Here's my flow: I downloaded an "Application" and "Installer" Developer ID certificate from Apple I installed both to my System keychain, they show "This certificate is valid" I open Terminal and change directories to my application folder I try codesign --deep --force --verbose --sign "<identity>" "<appName>" but I get the following "error: The specified item could not be found in the keychain" Some things I've tried: a. Using custom settings for the certificates by setting Code Signing to "Always Trust" b. Using the certificate's entire Common Name for the identity instead of the value inside the parentheses c. Running security find-identity -p codesigning, I get the following "Policy: Code Signing Matching identities 0 identities found Valid identities only 0 valid identities found" d. Deleting the certificates and reinstalling them to the login keychain
You didn't mention the private key you used to generate the cert in the first place. I purchased a new Mac Mini build machine to replace an old one. The old one had the signing certs. Just importing the signing certs downloaded from Apple didn't work, I also needed the original private key from which the certificate request was formed. So I followed https://stackoverflow.com/a/34063997/28190 to export a new keychain from the old machine, imported to a new one, and then I was able to use that. You need to customise your `unlock-keychain' calls to point to the imported keychain.
Any Issue With Revoking Certificate Regularly
Is there any issue, if I revoke my development certificate regularly (10 times / month) ? Let consider I'm developing 3 application using different systems with 1 development certificate and 3 provisioning profiles. Regularly I'm adding new devices to all our provisional profiles . When installing provisioning profile in other 2 machines, Xcode Organizer shows an warning as "A valid signing identity matching this profile could not be found in your keychain " . So i just revoked my earlier certificate and generated new certificate request from the same machine keychain. After downloaded the new certificate, all things seems to be ok. However other machines Xcode organizers will display the same warning when try to modify and download the provisioning profiles. So always I will fix the issue this way (revoking & regenerating new one). So I would like to know, is there any issue, if I revoke my development certificate regularly (like account ban/block etc)?
There is no need to revoke your certificate every time. On the system where the development certificate is installed, go to Key Chain Access and select the both certificate and key, right click to get the option to export, and then export as a file to your desktop. Now send that .p12 file to another Mac where you can double click that .p12 file to have it install in in that system's Key Chain Access. You install the certificates in just the same way, and once you have done that it will not show that message.
Getting the app onto the phone... certificate signing and identities
The error I received on build attempt was: Code Sign error: The identity 'iPhone Developer' doesn't match any valid certificate/private key pair in the default keychain Anyone know how to resolve this? Thanks // :)
Are you a paid up developer ? Have you created a provisioning profile for your application ? Have you installed a provisioning profile via the Organizer? if you have, then you need to go to the KeyChain utility, ensure that Login is the default Keychain, and that iPhone Developer:yournamehere certificate is installed along with the public and private keys of your dev certificate. if you haven't, then you need to follow the steps in the provisioning utility http://developer.apple.com/iphone/manage/overview/index.action
This took me about 3 hours to figure out but I found that when you send the request for the certificate, if you have multiple profiles on your computer you might have to request it from your name from the keys in KeyChain Access... just doing it from the drop down menu wasn't binding the certificate to the private key...
Sounds stupid simple, but it worked for me: Restart your Mac I know, what is this, Windows? But really, I just upgraded xcode 3.2.5 with ios 4.2 and same problem running new xcode. After banging my head around a bit, just restarted my Mac, came back into xcode, and bingo! Hope its that easy for everyone ;)
/usr/bin/codesign failed with exit code 1
I am attempting to deploy my first development iPhone app, and am running into some problems. I have successfully went though the online Provisioning Assistant, but now I am stuck. No matter what I do, I always get the following error. /usr/bin/codesign failed with exit code 1 Anyone have any ideas why this is happening?
Update: The Technical Note in my original answer is now deprecated. Apple posted a collection of code signing problems (and some solutions) in a new document: Technical Note TN2407 Code Signing Troubleshooting Index Check the CODE_SIGN_IDENTITY property in your build settings. Is your provisioning profile selected there? You also need to enter a valid bundle identifier in your apps .plist. The identifier has to match the one you provided when generating the profile. Apple has a technote about that here.
I just came across this error, and here's what I found out in case this helps anyone: I discovered that you can right click the error message in Xcode and choose expand to get more details, including a description of the problem. In my case, I had two copies of my developer certificate with the same name in different keychain files, and Xcode couldn't figure out which one to use.
It might be strange answer for codesign issue in Xcode 9.0. I was receiving this error too and did not know what to be done, because everything was correct. I went to the keychain, I had the login option "unlocked". I locked it and compiled my build again. Xcode itself asked me to open access keychain. I gave access and it worked. Steps were: Go to keychain Lock it Archive the code, build the project again
I had the exact same error, and tried everything under the sun, including what was elsewhere on this page, with no success. What the problem was for me was that in Keychain Access, the actual Apple WWDR certificate was marked as "Always Trust". It needed to be "System Defaults". That goes for your Development and Distribution certificates, too. If any of them are incorrectly set to "Always Trust", that can apparently cause this problem. So, in Keychain Access, click on the Apple Worldwide Developer Relations Certificate Authority certificate, select Get Info. Then, expand the Trust settings, and for the combo box for "When using this certificate:", choose "System Defaults". Others have commented that you may have to do this in System and login keychains for these errors.
There could be a lot of reason when you get this kind of error: Check whether you have selected a provisioning profile which includes the valid Code Signing Identity and a valid Bundle Identifier in Settings. (Goto Build Settings->Signing->Provisioning Profile). Open Keychain Access and click on lock icon at top left, so it will lock the login keychain and then again click to unlock. Goto File->Project Settings->Derived Data and delete your project build folder. After that clean and build your app.
I had the same problem the distribution build. It just happened all of sudden. In fact I did not have this problem a few days ago and I had my Ad-Hoc version compile right. This issue came up because my certificate just expired today. So I went create a new provisional following Apple's guidance: (http://developer.apple.com/ios/manage/distribution/index.action). After spending hours on the net and made sure I had not fallen for what could go wrong. Here is what save me as suggested by Tobias and Dan Ray: "...discovered that you can right click the error message in Xcode to view details". "...the issue was an expired certificate on my System keychain. Keychain Access doesn't, by default, show expired certs". The detailed information told me about ambiguous matching two certificates. One of them happened to be an expired certificate in the System key chain. So I deleted the expired one then it worked! I also had a concern about what to enter in the "common name" when create the distribution certificate using the keychain utility: my name or my company name. In my case, I entered my name. I am guessing it is the same as the title that addressed by the developer's auto responder email. Great help. Thanks.
If the error immediately preceding the codesign error says something like 'resource fork, Finder information, or similar detritus not allowed' Then navigate to the .app file in Terminal and type: xattr -cr < path_to_app_bundle > ref: https://developer.apple.com/library/content/qa/qa1940/_index.html
What worked for me was adding --deep to Other Code Signing Flags in Build Settings. More information here: Codesign of Dropbox API fails in Xcode 4.6.3: "code object is not signed at all" Unfortunate that this ambiguous error condition has 400 different solutions, but I digress.
I had the same problem. In the end it turned out that my private key did not allow codesign to access it. One can see this in the info dialog in keychain application.
I have to agree with Tobias. The error is too generic. When the same thing happened to me I dug into the error message and realized I'd screwed up something in the build properties, but not the code signing. So yeah, I'd dig in to the details.
In my case error was due to the fact that I had two keys on the keychain with the same name. I deleted the old one and that solved the issue. Going to the detail message show the real problem to me.
after hours of googling and trying out different things, this is what fixed it for me: Make sure there are no certificates in the System > Certificates tab on Keychain Access. Remove all duplicate certificates from there. Install the WWDR intermediate certificate under certificates from the provisioning portal, in addition to the developers certificates and make sure you see it in the Login > Certificates tab on Keychain Access. hope this helps some of you!
Same issue with ambiguous (matches "iPhone Developer: [me] " and /// tweetdeck's library privatedata file. Fixed it by moving file to the trash and re-logging into Tweetdeck, setting up passwords again. What a pain.
I had the same problem but also listed in the error log was this: CSSMERR_TP_CERT_NOT_VALID_YET Looking at the certificate in KeyChain showed a similar message. The problem was due to my Mac's system clock being set incorrectly. As soon as I set the correct region/time, the certificate was marked as valid and I could build and run my app on the iPhone
I was also getting this error ("/usr/bin/codesign failed with exit code 1"), and when I looked in Keychain Access my developer certificates were marked as "This certificate was signed by an unknown authority". I had recently upgraded to Mac OS 10.8 and have had a couple of other XCode (4.5.2) issues since then. It turns out I did not have the WWDR intermediate certificate installed. I downloaded that from the iOS Provisioning Portal, installed that in Keychain Access, and my project builds again!
When I got this error I wasn't even trying to sign the app. I was writing a test app and didn't care about signing. In order to get rid of this message I had to select "Don't Code Sign" from Build Settings under Code Signing.
Sometimes your build folder simply needs cleaning - it certainly worked for me. Thanks to loafer-project for the solution.
One possible cause is that you doesn't have permission to write on the build directory. Solution: Delete all build directory on your project folder and rebuild your application.
I just came across this error and it was because I was trying to write the build file to a network drive that was not working. Tried again from my desktop and it worked just fine. (You may have to "Clean" the build after you move it. Just choose "Clean all Targets" from the "Build" drop-down menu). Tobias is correct though, dig into the details on the code by right-clicking it to see what your specific problem is.
One thing that you'll want to watch out for (it's a stupid mistake on my part, but it happens), is that the email address attached to the CSR needs to be the same as the email connected to your Apple Dev account. Once I used a new CSR and rebuilt all the certs and provisioning profiles, all was well in applesville.
Another reason, Check your Developer account is connected with xCode
Kinda old question, but still happens it seems. Another solution: Occurred for me after reverting a branch in git. Tried cleaning, cleaning builds, deleting derived and restarting Xcode, but no luck. Try rebooting the comp.
I had the same unknown error from codesigning that you mentioned. Similar to the answer provided (but a little different), I just locked my keychain access and unlocked it, and I was able to build and run to my device again. If anyone has the same issue, perhaps try that first before going through the trouble of modifying the keychain password.
Throwing my comments into the ring, I just came across this after attempting to refresh my development environment after clicking DENY accidentally on one of the application requests, after searching around I found a number of things that didn't seem to work. This is the full order in which I've attempted the fixes and whether there was a success: 1) Attempted to clear the DerivedFiles and restart XCode - no dice 2) Attempted to Log and Unlock the Keychain, then restart XCode - no dice 3) Attempted to refresh my developer account within XCode - no dice 4) Bit the bullet and just reset my entire keychain, after doing so my developer account was signed out (signed back in), then restarted XCode - no dice 5) Found an article on here that said that we needed to set the [login|local|System]/certificate/Apple Worldwide Developer Relations Certificate Authority to "System default". But in my case it was already set to system default - no dice 6) Then I looked at my actual developer certificate login/my certificates/Mac Developer: and when I looked in there it was correctly set to Confirm before allowing access BUT there was no entries in the lower section. There should be [Xcode, codesign, productbuild]. I deleted the certificate entry and restarted XCode - bingo The certificate was added and I was then prompted. So what did I do, I pressed "always allow" and then just boned myself. I had to go back and delete the certificate again, then go through about 20 allow dialogs during a clean build. Once completed, I was able to build completely.
In My Case, after a fews days of research, All I did to revolve is listed below: delete all the certificate on your keychain. goto your apple account. a) download the specify certificate your want to install on your keychain. b)(Optional) Also create and download the require profile. in Xcode, clean your project. This may take some time. Build your project. This should work for similar codesign issues. Note, during this process the OS would ask for your credential validation.
I use Xamarin and for me this is what worked after trying everything else. In Visual Studio for Mac I've opened a .xib file so it opens the project in Xcode. Went to the project settings > Signing and Capabilities, selected the team and then fixed the Signing Certificate.
I think the issue is with the Keychain Access and certificate trust. Try adding the following certificate Apple Worldwide Developer Relations Certification Authority from https://www.apple.com/certificateauthority/ (Expiry validity 2030) The trust warning indicated in certificate will be fixed and then try building the iOS application again
Open the project path in terminal and enter the below commands in terminal 1) find . | xargs -0 xattr -c 2) xattr -rc . This works for me.
Adding a self-signed certificate to iPhone Simulator?
I have a self-signed certificate at the endpoint of my API. I'm trying to test some things using the simulator but am getting "untrusted server certificate". I have tried to use safari on the simulator to download the .crt file, but that doesn't seem to work. Where does iPhone Simulator get its keychain from? How can I add a trusted certificate so my application will work? I got it to work by creating a CA and then adding a CA certificate using the iPhone provisioning tool. Then I was able to have a certificate signed by that CA certificate on the API server and the NSConnection just worked. I was not able to get it to work using a self-signed certificate for some reason. I need to re-attempt this using the provisioning software. My real question is how do I get this to work on the simulator? I would think that the simulator uses the keychain of the actual computer.
Simply drag & drop your .cer Files into your running Simulator window. You'll see Safari flashing and then the import dialog for your Certificate (or Certificate Authority)... Working for iOS 7 Simulator (and i Think did work for iOS 6 too).
For those who find that the dragging and dropping of the certificate on the Simulator isn't working, there was a recent change that adds an extra step. The Simulator must be explicitly told to trust the root CA. Do this by going to: iOS Settings > General > About > Certificate Trust Settings > "Enable Full Trust for Root Certificate" for your particular certificate See the full answer here:
I had this same issue for months and today I FINALLY solved it with: ADVTrustStore You are going to want to use a project called ADVTrustStore from github. It does some fancy magic but it will correctly install certificates into your root trust-store on the simulator. Steps to install a custom cert # Clone the repo git clone https://github.com/ADVTOOLS/ADVTrustStore.git # Enter the repo directory cd ADVTrustStore/ # Copy your .crt file cp somewhere/something.crt my.crt # conver to a .pem file openssl x509 -in my.crt -out my.pem -outform PEM # Install the pem in the simulators ./iosCertTrustManager.py -a my.pem Using this process I was able to get GoogleStreetView images to render correctly while behind a corporate firewall using SSL resigning with self-signed certificates Background I was using CharlesProxy and i noticed it was correctly installing certificates into the Simulator but they did not show up in the Settings - Profiles section. Then after some searching I discovered this tool. There are probably a few other tools out there but in my case the drag-and-drop never worked correctly for all cases. Safari would be fine but not my applications.
For anyone use OS X Catalina, please check this : https://forums.developer.apple.com/thread/124056. Catalina is currently blocking access to Desktop, Documents and Downloads folder. I moved certificate files to Shared folder and drag and drop the files to simulator from there.
Take a look at the shell script Charles uses to install their self signed cert into the simulator's keychain. http://www.charlesproxy.com/documentation/faqs/ssl-connections-from-within-iphone-applications/ See also: iPhone TrustStore CA certificates http://redgreenrefactor.eu/blog/testing-https-on-iphone-simulator/ It looks like installing your own certificate in the simulator may require installing it on a device via Safari and then copying the resulting row from the device's TrustStore.sqlite3 into the simulator's.
Dragging and drop used to work but it didn't work on XCode 12 for me. What worked for me was opening Safari browser on Simulator and then typing the file URL for the .crt certificate file. Ex. file:///Users/[folder_path]/[certificate.crt] After that you have to goto Simulator Settings and install the certificate by navigating into General > Profiles section.
For IOS14, after the dragging, you need go to: General -> Profile -> select you profile -> install and then: General -> About -> Certificate Trust Settings -> "Enable Full Trust for Root Certificate" for your particular certificate see also https://developer.apple.com/library/archive/qa/qa1948/_index.html
Using iPhone Backup Extractor, I copied my iPhone's TrustStore.sqlite3 into ~/Library/Application Support/iPhone Simulator/6.0/Library/Keychains, overwriting the existing file. I tried to only insert a single row with the following sqlite, but I couldn't get it working. sqlite3 ~/backup/iOS\ Files/TrustStore.sqlite3 sqlite3>.mode insert sqlite3>.output working.sql sqlite3>select * from tsettings; sqlite3>.quit Now, working.sql has the entire contents of the tsettings table (in my case, 1 row). sqlite3 ~/Library/Application\ Support/iPhone\ Simulator/6.0/Library/Keychains/TrustStore.sqlite3 sqlite3>INSERT INTO tsettings VALUES(X'... sqlite3>.quit Again, the above sqlite commands didn't work for me, but might be a good starting point for someone else. Copying the entire TrustStore.sqlite3 from the backup into the simulator worked just fine.
Take a look at the iostrust Ruby gem: http://github.com/yageek/iostrust
When I started I couldn't get "Enable Full Trust for Root Certificate" to show up. I was using the certs I generated for nginx with openssl. What worked was exporting the development cert from Keychain Access and downloading that with Safari in the simulator. Then the "Enable Full Trust for Root Certificate" showed up and I was able to get my application working. Also, like people above have said dragging and dropping the cert on to the simulator doesn't work anymore. You can download the cert with Safari.