I have two certificates in my keychain that I use for code signing.
One is my team’s production certificate that I use for signing apps for enterprise distribution.
The other is my development certificate (part of the same team) that I use for signing apps for development.
In Xcode 8 I have deselected ‘Automatically manage signing’ and now my certificate has been set to the production certificate associated with my team, which now only allows me to sign distribution apps. I am able to change the Provisioning Profile to a development one, but then I get an error that “Provisioning profile “Development-Profile" doesn't include signing certificate “Production-Certificate”. But Xcode 8 does not allow me to change my Certificate manually.
How can I change between code signing identities within the same team in Xcode 8?
Well I immediately found the answer to my own question, of course.
I assumed the old Code Signing/Provisioning Profile sections from Build Settings had been removed and replaced completely by the Signing section of the General tab in Xcode.
In fact they are still there and you can use them as usual.
Thought I'd answer my own question instead of deleting for everyone else who might have assumed the same!
There are 2 ways to sign application in xcode8
Automatic signing -- Managed by xcode, no need to worry but this is for development signing.
Manual signing: This means "uncheck auto sign option in General tab"
This leads to introduction of two more sections related to signing in xcode IDE.
Debug and Release configuration, here you need to specify the profile you intended to use for building your application. Here you can specify the development/distribution profile. Offcourse this is also available in the Build settings section.
In General tab you cant change code signing identity.
Using xcconfig file you can override the code signing identity.
You are correct, here we don't have option to set the codesigning identity. Using xcconfig file you can override the code signing identity.
PROVISIONING_PROFILE_SPECIFIER = TEAM ID/PROFILE NAME
CODE_SIGN_IDENTITY[sdk=iphoneos*] = iPhone Distribution
CODE_SIGN_IDENTITY[sdk=watchos*] = iPhone Distribution
Related
I am new in iPhone Distribution . I created Apple ID U765UXW88D.com.edwincs.*. and
provisioning profile name is MobileHealthGuide. I made these in Distribution tab.
My xcode version is 3.2.4 While uploading application with application loader , I got this error
Application failed codesign verification. The signature was invalid, or it was not signed with an Apple submission certificate.
My project name is MobileHealthGuide too. I have tried revoking the certificate and provisioning profile, but the error persists.
How can I solve this problem?
I've encountered the same problem too. It showed that I had a duplicate certificate registration in my keychains. Removing one of them (I removed the one from my system keychain) fixed the problem.
Steps that helped me to resolve my problem:
Open KeyChain Access application
Select the 'login' keychain, and select in the bottom pane
'Certificates'
Switch to the 'system' keychain and see if there are certificates
registered in both chains.
Remove one of them
Rebuild the application
You probably need to check what code signing profile is selected in
your distribution build properties.
Alright, then make sure to clean the build & delete the Build folder from the app.
If this doesn't work for you, there is one more alternative :
Verify below steps to create distribution certificate and perform that if you miss anyone.
Generate a certificate signing request in keychain.
Using that create or revoke a DISTRIBUTION certificate in the
portal. after that download and install it and verify key under the
name.
Register the device in the provisioning portal.
Then create or modify a DISTRIBUTION profile in the portal. after
that download and install it and verify it appears to be valid in
Organiser as there are no warnings.
Make sure to select proper build setting in xcode.
Now this will definitely, solve your problem.
Make sure you added right code sign in project target.
Ok so here are detailed steps on how to distribute:
You want to request a development and distribution certificate in Keychain Access and upload it to developer.apple.com (you are part of the developer member program right?)
Create an app ID (in provisioning profiles)
Create a distribution certificate - make sure this and step 2 follow your bundle ID
Download the profile and drag to Xcode
Go to your Xcode project, in the target or project build settings set your code signing option to the Distribution certificate (which must match your Bundle ID and of course your distribution and development certificate) - there might be a recommended or automatic profile, just choose the one that matches your identity and app provisioning profile and Bundle ID
Now go to edit scheme -> then change from debug to release
Then go to project than target than build settings and type in 'Code Signing', change the options to your distribution profile
Set to build for an iOS device (or none at all)
Go to product -> Build For -> Build For Archive
Scroll down on the side (your classes tab etc.) to the product which should be named (AppName.app) and show it in finder.
Create an application on iTunes Connect
Compress the .app and load it to Application Loader
Send it off!
Tips:
Make sure you are using the correct Bundle ID
Try cleaning
Make sure you're certificate is not expired
Here is an expanded list of reasons why this may occur:
Upgrade your xCode! you are using a really old one.
Probably you tried it but go to https://developer.apple.com/ then iOS provisional portal there are lots of tools can help you.
If you are not using inApp purchase, push notification, iCloud etc. you can skip the App ID and just set a general certificate one that would be like U765UXW88D.* so that you don't need to do this process every time for new apps.
Make sure you created distribution certificate and sign with that on xCode for release/distribution.
On xCode itself make sure you defined the bundle ID same as on iTunes connect.
Good luck.
I've got a similar problem as well. In one project, using my dist profile, it works perfectly and I can build to a device.
In another project, when using the same dist profile, the app launches, loads the splash screen, processes the first page and then exits without throwing an error in Xcode or in its own log.
When I change the code signing to a generic dev profile, the app launches without a problem on the desired device.
I've redownloaded the certs, the dist profiles, deleted the old ones.
How is this even remotely possible? And how can this be fixed?
Failed signature verification can happen for many different reasons. See Apple's list of common causes in TN2250.
The most common reason for failing distribution signature validation is because the app was signed with a developer profile instead of a distribution profile, or the app was built with the wrong build configuration. To consider this potential cause check your settings against the recommendations that follow:
The Release build configuration must be assigned to your Archive task. To ensure this, select the "Scheme" pop-up menu in the upper-left corner of the Xcode Toolbar, and choose "Edit Scheme". Select the "Archive" task and make sure the Build Configuration is "Release".
To check that your app is signed with the correct distribution profile, use the steps in section How do I check which certificate was used to sign my app? and ensure the Authority is "iPhone Distribution". If it is not, continue to next bulleted items to correct the responsible configuration.
Ensure that the appropriate distribution provisioning profile that you created for this application on the iOS Portal site is assigned to the Release build configuration. To ensure that use the steps in section Assigning Provisioning Profiles to Build Configurations.
Next, ensure that you are choosing the correct distribution provisioning profile when distributing your app on the Xcode Organizer > Archives tab. To do that, use the sections linked below depending on your distribution method and take special note you're selecting the correct profile on the "Identity" field (Xcode 4-4.2) or "Code Signing Identity" field (Xcode 4.3+) after clicking Submit/Share/Validate or Distribute on the Xcode Organizer > Archives tab.
https://developer.apple.com/legacy/library/technotes/tn2250/_index.html#//apple_ref/doc/uid/DTS40009933-CH1-TNTAG32
There are several similar questions here, but none could answer my basic question:
Is it possible to have two separate developer certificates in the keychain and two corresponding distribution profiles in Organizer?
I have my own (working) developer certificate and provisioning profile for my own iPhone apps.
Now I finished a project for a client and would like to use his developer account/certificates/provisioning profiles to submit his app to the app store on his account.
Is that even possible?
So far I downloaded and installed his certificates and they show up in my keychain, and I installed his provisioning profile in Organizer, but Organizer tells me "A valid signing identity matching this profile could not be found in your keychain.".
Likewise, the archive build fails.
I couldn't find a way to tell Organizer to use the certificate of my client instead of my own-I think this is the problem.
Thanks for any help!
Yes I've produced app store builds of projects for clients several times using their distribution certificate. No need to use their developer certificate. There are many things can could go wrong here, if you have access to the client's account you can go on to the provisioning portal and check things out:
make sure the bundle ID in the project settings exactly matches the app ID on the iOS provisioning portal (com.company.appname usually)
make sure the app store distribution provisioning profile is marked as "valid" and shows up under the distribution certificate.
make sure the app store build config in xcode references the client's distribution cert.
open your keychain and make sure that the client distribution cert also has its accompanying private key. This may be the problem, it's the part usually left out. The client must export his private key for his dist cert and send it to you in the .p12 file along with the password to the .p12 file. The dist cert can't be used to sign the app without the private key!
sometimes just quitting Xcode and restarting it helps.
See this solution to duplicate certificates: http://tapadoo.com/2012/certificates-magically-re-appearing-in-your-keychain-try-this/
The gist is that if you have an old private key and provisioning profile around, you can run into a case where Xcode will re-create an old certificate in your keychain. This will make code signing gag because it requires a single certificate with a given name. Deleting the old private key will resolve this issue.
EASY MODE
(I hate these archaic export errors so bad. So many hours wasted. I'm not religious but I still pray this helps you)
Log into https://developer.apple.com
go to Certificates, Identifiers & Profiles
bottom left: Provisioning Profiles
Delete any duplicates / invalid profiles (in my case I only had one but it was invalid)
Note: if you're trying to export an archive, you can leave the export window open, delete a provisioning profile, then click "retry" or whatever the button says. This will save you from have to re-archive over and over
#xcode8.2.1 #osx10.11.6
Xcode gives me this warning when I build the app for release.
Application failed codesign verification. The signature was invalid, or it was not signed with an Apple submission certificate. (-19011)
Do I need to delete all entries from my keychain and redo getting a certificate, provisioning profile, etc?
I can build and debug on the iPhone and iPad without a problem.
If you know how I can solve this dilemma, please provide exact steps or a way for me to contact you about this.
Thanks
----UPDATE -----
Build Log
Validate build/Release-iphoneos/iApp.app
cd "/Users/iosdeveloper/Documents/Programming/iPad/iApp HD"
setenv PATH "/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin:/Developer/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin"
setenv PRODUCT_TYPE com.apple.product-type.application
/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/Validation "/Users/iosdeveloper/Documents/Programming/iPad/iApp HD/build/Release-iphoneos/iApp.app"
warning: Application failed codesign verification. The signature was invalid, or it was not signed with an Apple submission certificate. (-19011)
Executable=/Users/iosdeveloper/Documents/Programming/iPad/iApp HD/build/Release-iphoneos/iApp.app/iApp
codesign_wrapper-0.7.10: using Apple CA for profile evaluation
/Users/iosdeveloper/Documents/Programming/iPad/iApp HD/build/Release-iphoneos/iApp.app: valid on disk
/Users/iosdeveloper/Documents/Programming/iPad/iApp HD/build/Release-iphoneos/iApp.app: satisfies its Designated Requirement
test-requirement: failed to satisfy code requirement(s)
codesign_wrapper-0.7.10: failed to execute codesign(1)
- (null)
Here's the checklist I go through when I've hit this:
Clean all targets, exit Xcode, then go drag the build folder from your project to the trash.
Do the Get Info on your project, make sure the Code Signing Entitlements and Code Signing Identity are selected correctly. Do the same for your Targets.
Login to the iOS Provisioning Portal and make sure the Distribution certificate has not expired. Also check the Distribution Provisioning Profile and make sure it is Active. Make sure the Certificate is properly in your Keychain and the Distribution profile is in Xcode Organizer (if you have multiple of the same one, delete all but the correct one and redo step #2).
Look at your Build Results on the failure and identify which profile it is actually using and make sure it is the right one.
You probably need to check what code signing profile is selected in your distribution build properties.
It looks like your target is "Development" but Xcode applied some of distribution settings to it, so the warning simply means your ad-hoc build has no valid AppStore submission certificate. Go to your target settings, choose the Release configuration and uncheck "Validate Built Product" option.
Application failed codesign verification. The signature was invalid, or it was not signed with an Apple submission certificate. (-19011)
i am got the Same Warning Message...
I just Changed to iOs Deployment target 4.3 to 3.2.2 its works perfectly .....
Note: you may have to go to XCode's "Project" and select "Edit Active Target (appname)",
which is near the bottom of the list ... in the new pane that opens, select "Build", then
under "Code Signing Identity" select your distribution provision. Note that this seems
to be editing a different thing than "Project" / "Edit Project" (editing "target" instead
of "project"). I found I had to edit both project and target's code signing identities.
I had exactly the same problem. It was due to installing Xcode 4.0.2 and 4.2 preview 3 at the same time. Removed both (through the provided uninstall scripts):
<Xcodedir>/Library/uninstall-devtools --mode=all
Then rebooted and installed 4.0.2 and it works :/
I have found the codesign process a headache - I always shudder when I get am ready to use Ad Hoc distribution to beta test. After the usual round of errors and failed fix attempts I ignored the "application failed codesign" error and sent the build to a beta tester. It worked without issue.
Very frustrating.
In the build log provided in the -UPDATE- section of the original post the root cause of the failed signature verification is expressed with the text:
"test-requirement: code failed to satisfy specified code requirement(s)". That particular flavor of failed signature verification is almost always caused by mistakenly signing your app with an iPhone Developer profile instead of an iPhone Distribution profile.
It can be confirmed with the steps in "How do I verify the certificate that was used to sign my app?". If the certificate "Identity" is "iPhone Developer: YOUR_NAME" instead of "iPhone Distribution: ..." that is the reason for the "Application failed codesign verification" error, and you can resolve it by performing the following steps:
1a). if you have not yet created an App Store Distribution Provisioning Profile yet, that is done on the "Distribution" tab of the "Provisioning" Section of the iOS Portal site.
Note, the "Distribution" tab is only available to Team Members whose role is either "Agent" (the one who signed up for the iOS Developer Program), or "Admin" (those that the Agent grant access to app-distribution capabilities).
1b). if you're fairly certain you have an App Store Distribution Provisioning Profile installed in your Xcode profile library, you can verify it is an App Store profile as well as the App ID associated to it by using the steps in section How do I confirm my Provisioning Profile is for App Store distribution?
2). verify that your Scheme 'Archive' task is mapped to "Release" using the steps in section:
"Creating an Application Archive"
3). check that you have an your App Store provisioning profile assigned to your "Release" Code Signing Identity using the steps in section
"Assigning Provisioning Profiles to Build Configurations".
Note: it's important to make these changes at the Target level Build Settings, versus the Project level ones, as Target settings override Project ones...you can think of the Project level build settings as 'defaults' to populate target settings (and any future targets) with. Also, Ensure the "All" button is depressed in the upper-left corner of Target Build Settings to reveal the "Code Signing Identity" section.
4). retry your Product > Archive.
If the issue persists after the above, I recommend continuing onto Apple's complete list of potential causes of this error at the following URL "How do I resolve the error: Application failed codesign verification?"
My problem was solved when I noticed that I only had a "team" provisioning profile, and the details in iOS Dev Center told me that it was not a profile fit for development because it had no device attached. So I created a second provisioning profile, which let me check the box for my device so that it had a device attached.
Then when validating or submitting the app from the Organizer window (after pressing 'Build and archive'), I first made the mistake of selecting this new profile as the code signing profile. That was wrong. The profile that worked was iPhone Developer.
Good luck!
PS: This whole submission process is a heap of abacadabra. Do you really have to create a zillion distribution profiles, provisioning profiles, etc.? It hasn't encouraged me in any way to better test my app. I already did that before I chose to upload, and clicking a hundred buttons labeled 'Create','Download' and 'Submit' isn't really a quality control process that added anything (well except being forced to buy an iPad and test on that). Who ever said iOS was developer friendly?
My problem was that the Archive scheme did not have Build Configuration of App Store, but of Release. To change this, go to Product -> Edit scheme, select Archive on left side and change Build Configuration to App Store. I am assuming the code signing is configured properly (with distribution certificate).
You probably created a new certificate without refreshing the provisioning profiles
Create your iOS Distribution Provisioning Profile for App Store Distribution
I solved this by deleting the Archive that's not validating from the Organizer, closed and reopened Xcode and built for Archiving again.
I then chose Archive from the drop down menu. After doing that my app passed validation.
Hope that helps.
I am about to upload an app to iTunes Connect. I am not Team Agent, nor does it seem the Team Agent can make me a Team Agent. So he logged onto Member Center and downloaded a Distribution Certificate, which is in my Keychain along with the WWDR Certificate.
The bundle identifier is set to se."companyname"."appname".
When I set the Code signing identity to Distribution, it says no profiles match. Can only the Team Agent build the final apps for upload? How do I make XCode "use the right set of profiles"?
Any idea on how to get past this last hurdle? :)
Edit: can the Team Agent log onto Member Center and create a provisioning profile for the app, will that solve everything?
Answer: See Paul Peeleen's answer, I decided to add this additional information (too long for comment).
Paul, I'm going to mark yours as the correct answer, because it set me on the correct track... certificates are for the keychain (which is usually linked to a computer, or rather, a computer user's login, I guess).
A quite separate distribution profile must be created for the app - modifying an existing Development certificate to include the Team Agent only lets him develop. The little 'a-ha' or perhaps 'd'oh' moment was that it has to be created in the Provision section with Distribution tab selected (in the provisioning portal).
After that, in the Target Info/Build tab you just use the default automatic profile selector (dev/distro) and it's found automatically.
I also temporarily tried adding the 'gibberish' (f.ex. JX567ERNB.) before the se.companyname.appname for the Bundle Identifier, but the automatic profile selector told me that it shouldn't be there, I removed it and it worked!
The profiles are what enable the projects to use certificates in the Keychain, I guess.
"iPhone distribution no profiles match" is one of the most annoying issue that I have ever had with app development.
This is how I sorted it out:
In Developer under iOS Provisioning Portal I needed to generate 4 certificates and download the WWDR intermediate certificate to be able to submit my app to the App Store:
Under Developer Certificate section (link) generate a Developer Certificate. Also Make sure that you have the WWDR intermediate certificate installed, if in doubt download it from there.
Under Developer Certificate section (link) generate a Distribution Certificate (This is not that will show up in Xcode!)
Under Provisioning section (link) generate a Development Provisioning profile certificate
Under Provisioning section (link) generate a Distribution Provisioning profile. THIS WILL SHOW UP IN XCODE AS A DISTRIBUTION CERTIFICATE!
After that I was able to select the iPhone distribution profile generated at 4. Also make sure that your target settings are correct as they overwrite the project settings.
Your active provisioning profiles are listed under "Xcode/Organizer/Library/Provisioning Profiles"
I hope it helps
UPDATE: Some distribution provisioning profiles often just "disappear" from my list. So I have to download and install (just double click) them again from https://developer.apple.com/ios/manage/provisioningprofiles/viewDistributionProfiles.action not a big deal, but annoying.
I checked this with my accounts and it seems that only the team agent can create the stuff needed for AppStore or AdHoc releases.
IF you have the correct provisioning profile installed, and both your project settings and target setting for the "release" build are set to the correct provisioning profile. + that you have the correct certificates installed for that computer... you can build the release.
I am unsure if only the Team Agent can upload these build, but otherwise you can package the release as a zip file (which you should anyways) and send it off the the team agent. The Team agent can then use the Application Loader to upload the application.
Also dont forget If you deleted all your certificates and keys in Keychain and you plan on regenerating those certificates make sure you change your certificate preferences in Keychain for Online Certificate Status Protocol to Off and Certificate Revocation List to Off, for some resaon this important step is the only way it worked for me.
Another reason developer profiles are missing
While in organizer under Library > Provisioning Profiles...
On my computer, if I hit Refresh, all the Distribution profiles are removed!!!
No big deal, just go back to your provisioning portal and go to Provisioning > Distribution and download the appropriate distribution profiles and your good to go! :)
Instructions right from apple... Follow them EXACT
https://developer.apple.com/ios/manage/certificates/team/howto.action
To request an iOS Development Certificate, you first need to generate
a Certificate Signing Request (CSR) utilizing the Keychain Access
application in Mac OS X Leopard. The creation of a CSR will prompt
Keychain Access to simultaneously generate your public and private key
pair establishing your iOS Developer identity. Your private key is
stored in the login Keychain by default and can be viewed in the
Keychain Access application under the ‘Keys’ category. To generate a
CSR:
In your Applications folder, open the Utilities folder and launch
Keychain Access. In the Preferences menu, set Online Certificate
Status Protocol (OSCP) and Certificate Revocation List (CRL) to “Off”.
Choose Keychain Access -> Certificate Assistant -> Request a
Certificate from a Certificate Authority. Note: If you have a
noncompliant private key highlighted in the Keychain during this
process, the resulting Certificate Request will not be accepted by the
Provisioning Portal. Confirm that you are selecting “Request a
Certificate From a Certificate Authority...” and not selecting
“Request a Certificate From a Certificate Authority with …”
In the User Email Address field, enter your email address. Please
ensure that the email address entered matches the information that was
submitted when you registered as an iOS Developer. In the Common Name
field enter your name. Please ensure that the name entered matches the
information that was submitted when you registered as an iOS
Developer. No CA (Certificate Authority) Email Address is required.
The ‘Required’ message will be removed after completing the following
step. Select the ‘Saved to Disk’ radio button and if prompted, select
‘Let me specify key pair information’ and click ‘Continue’.
If ‘Let me specify key pair’ was selected, specify a file name and
click ‘Save’. In the following screen select ‘2048 bits’ for the Key
Size and ‘RSA’ for the Algorithm. Click ‘Continue’.
The Certificate Assistant will create a CSR file on your desktop.
I battled the problem all day too. Tried Tons of things.
I downloaded the distribution provisioning profile. OK
Double Click. Into Keychain it goes (like magic) OK
Build. NOPE. Not Signed
Check - it is not the Team Provisioning Cert that you are looking for it is the plain looking one that cannot be installed on devices.
If it is not there you did not copy it to YOUR library/MobileDevice/Provisioning Profiles folder. (just like I didn't)
Make sure that the case of your bundle identifier in the provisioning profile and your info.plist are the same.
I just had this problem, and resolved it finally when I saw that Xcode would not even let me manually select my distribution profile, saying 'profile doesn't match bundle identifier myappname'
When a took a close look, I saw that the bundle name had the app name capitalized, and the provisioning profile had the appname in all lowercase.
My iPhone application runs fine in the simulator. I'm trying to deploy it onto a physical iPhone. When I install the provisioning profile, my Organizer says "A signing identity matching this profile could not be found in your keychain."
I can't resolve this. What do I do?
A) Did you create a provisioning profile in the iPhone development portal?
B) If so, does the name in the info.plist file match the appID you created in the portal and used to create that development profile (that is, if you had created an app id of "com.fredsgreatstuff.*" in the info.plist you'd replace "com.mycompany" with "com.fredsgreatstuff")
C) Did you set PRODUCT_NAME in the project settings for all targets (to something like "mygreatapp")
From the look of the error though you must have got the development cert wrong, or not downloaded the certificate from the portal generated after you uploaded your developer signing request.
The portal has pretty good instructions at this point (that didn't used to be the case), be very careful to follow every step to the letter.
Make sure you've downloaded your certificate from the program portal. Double-click on it to create a private-public key pair in Keychain Access. The private key will be created when you download the cert and double-click on it.
If it does not, you might have to delete the certificate and create a new one. Make sure the in the certificate signing request you create, your name is exactly as you've mentioned in the portal.
Here is a really good website with a checklist on troubleshooting code signing errors:
http://www.drobnik.com/touch/2009/05/how-to-fix-code-signing-errors/
Most of its content is covered by the posts above, but it is easier to work through.
FTR, I hit the same problem that Genericrich pointed out - my Development Profile didn't have the private key, but my Distribution one did. As a workaround I just defined my Debug build to also use the Development Profile.
Make sure you have your developer certificate installed on the machine, AND that your private key installed with it. You can check this in the Keychain Access tool in your Utilities folder. The cert should expand to a private key icon with your name on it.
It might be that the "keychain" into which you installed your certificate is not currently set as your "default keychain". I had the same (or very similar problems) when my default keychain was somehow switched to a different default.
Open Keychain Access (Applications -> Utilities -> Keychain Access)
On the top left list box called "Keychains" make sure the keychain into which you installed your developer certificate (usually "login") is still bold (ie: set to the default keychain).
You can set the default keychain by right (or control) clicking on the keychain you want ("login" for example) and selecting the "Make Keychain 'xxx' Default".
Cheers.
I had the same problem with Xcode 4.0 on SL.
In the Organizer window, doing a "drag and drop" of the provisioning profile always gives a "Valid signing identity not found".
You have to use the + (add) icon and search for your provisioning profile file to upload it on your device. It just worked for me (no need to reinstall all the stuff).
Deleting all expired provisioning profiles in Xcode organizer did the trick for me. After this I clicked on the Refresh button in the organizer and the provisioning profiles have been downloaded automatically.