My certificates were expiring today (and at this point, it's totally expired), so I set out to renew the certificates. But the problem is, I can't get matching private/public keys for proper code-signing verification with the renewed certificates. All I've read says keychain will automatically create matching public/private keys, but it's not doing it for me. I am totally stumped and I don't know what I can do at this point. Please help. Here's what I've done so far:
1) I revoked the certificates from Apple Developer > iOS Provisioning Portal > Certificates > Developer and Distribution tabs.
2) I launched Keychain Access.app from Applications > Utilities.
3) I removed all outdated certificates, and eventually removed everything except for Apple Code Signing Certification Authority, Apple Worldwide Developer Relations Certification Authority, Dashboard Advisory and Software Signing. (By the way, I have no idea what this "Software Signing" certificate is for, but it won't be expiring until 2015, I'm reluctant to delete it without knowing what it would do to the system if I deleted it.)
4) I generated CertificateSigningRequest.certSigningRequest via Keychain Access > Certificate Assistant > Request a Certificate From a Certificate Authority
5) Got the CertificateSigningRequest.certSigningRequest on desktop. (At this point, I check the Keychain, and I still don't see my private or public keys.
6) I submit the CertificateSigningRequest.certSigningRequest at Apple Developer > iOS Provisioning Portal > Certificates > Developer and Distribution tabs.
7) I download the certificates, install them to keychain, and it looks like my certificates are now renewed for another year.
8) I renew all provisioning profiles.
9) I retrieve them to my Xcode.
10) I generate new distribution build, then I get the warning that "Application failed codesign verification. The signature was invalid, contains disallowed entitlements, or it was not signed with an iPhone Distribution Certificate."
11) I look at the Keychain again, and I don't see my private or public keys.
12) Well, I exported p12 file a year ago. So, okay, I start all over again (i.e., take the steps 1, 2 and 3.) Then I import the p12 file. Now I see my private key in my Keychain.
13) I then resume with step 4 above (i.e., get the CertificateSigningRequest.certSigningRequest via Keychain Access > Certificate Assistant > Request a Certificate From a Certificate Authority)
14) I continue on with steps 5 through 8. Just to make sure, I reboot my machine again. Then I check my Keychain, and public key is still missing, and taking steps 9 and 10 results exactly the same.
What am I doing wrong? What should I do to fix this problem? I'd so appreciate any and all help.
EDIT: I'm not entirely sure which steps I took actually ended up fixing this, but I got it working now. Main thing was, deleting everything from keychain and look for possible cause all over the web, and and I did read this thread too:
http://hints.macworld.com/article.php?story=20060318124936642
And run these commands:
sudo systemkeychain -vfcC
systemkeychain -vt
I also continued to look for how to repair keychain, run disk utility, repairing any and all permission issues, etc.
And eventually, my keychain access app started working as expected again, and it finally generated both private and public keys. Ahhhh. Once it did that, everything else worked fine, doing the steps I took earlier.
Related
Is there any issue, if I revoke my development certificate regularly (10 times / month) ?
Let consider I'm developing 3 application using different systems with 1 development certificate and 3 provisioning profiles. Regularly I'm adding new devices to all our provisional profiles .
When installing provisioning profile in other 2 machines, Xcode Organizer shows an warning as "A valid signing identity matching this profile could not be found in your keychain " . So i just revoked my earlier certificate and generated new certificate request from the same machine keychain. After downloaded the new certificate, all things seems to be ok.
However other machines Xcode organizers will display the same warning when try to modify and download the provisioning profiles. So always I will fix the issue this way (revoking & regenerating new one).
So I would like to know, is there any issue, if I revoke my development certificate regularly (like account ban/block etc)?
There is no need to revoke your certificate every time.
On the system where the development certificate is installed, go to Key Chain Access and select the both certificate and key, right click to get the option to export, and then export as a file to your desktop. Now send that .p12 file to another Mac where you can double click that .p12 file to have it install in in that system's Key Chain Access. You install the certificates in just the same way, and once you have done that it will not show that message.
I recently had my old hard drive crash and had to reinstall everything on my mac. I've finally gotten everything working again, except for running iOS apps on my iPhone, I keep getting the error:
Code Sign error: The identity 'iPhone Developer' doesn't match any valid certificate/private key pair in the default keychain
I know this has something to do with the keychain, but I did it so long ago that I don't remember what the steps were (and I don't even think the steps would be the same again in this case). Any ideas how I can install my iOS apps on my phone again?
Since your hard drive crashed, all your certificates in keychain are lost. So you can't codesign your apps with same certificate again. You need to revoke the certificate from provisioning portal, update provisioning profile from portal with this certificate then download it. Re code sign your apps with this certificate.
When you first created certificate on the mac it gets installed into keychain access. You SHOULD backup private key and cert in case of events like this.Downloading provisioning profile from portal is not the same.
Going forward to save yourself from this: go to Xcode organizer -> Library -> Developer Profile -> Export then save that profile somewhere safe. Just in case you crash your hard drive again you can import this profile to new machine and save yourself from going through certificate revocation.
You need to generate a new signing certificate. When you did this before you created a private/public key pair that were stored in your Keychain. When your hard drive crashed the private key was lost so you can no longer sign apps with the old certificate hence the need for creation of a new certificate.
Follow these steps: http://developer.apple.com/ios/manage/certificates/team/howto.action
Can I use someone else's Apple's Developer Certificate and Provisioning Profile to build and run my application on the iPad ? Are the certificates and profiles Machine Specific ?
Actually I am trying to install my friend's dev certificate and it is getting installed but when I am installing the provisioning profile its showing me an yellow warning "
The main question is that The Developer' Certificate and Provisioning profile can be used on different machines or not ?
See the message, "A valid signing identity matching this profile could not be found". You are adding the certificate in your keychain, not the identity(which is a .p12 file containing the private key). From wherever you got the certificate, you should get the private key exported from the keychain rather than exporting only the certificate.
At the end, like BoltClock said, it is violation of Apple's license to use some others' certificate.
"Error: "A valid signing identity
matching this profile could not be
found in your keychain"
Solution: Most likely that you have
not downloaded the necessary WWDR
certificate from the Apple developer
site. There is a link to download this
certificate in the 'Certificates'
section of the developer portal. If
you do have the certificate in your
keychain, make sure that it has not
expired (unlikely, as mine is valid
until 2016). Also make sure that your
developer certificate has not expired
(these seem to be valid for only 12
months at a time)."
http://discussions.apple.com/thread.jspa?threadID=2220082&tstart=0
If you want to run your app on a device then you have to add that device's id to the certificate.
There are several similar questions here, but none could answer my basic question:
Is it possible to have two separate developer certificates in the keychain and two corresponding distribution profiles in Organizer?
I have my own (working) developer certificate and provisioning profile for my own iPhone apps.
Now I finished a project for a client and would like to use his developer account/certificates/provisioning profiles to submit his app to the app store on his account.
Is that even possible?
So far I downloaded and installed his certificates and they show up in my keychain, and I installed his provisioning profile in Organizer, but Organizer tells me "A valid signing identity matching this profile could not be found in your keychain.".
Likewise, the archive build fails.
I couldn't find a way to tell Organizer to use the certificate of my client instead of my own-I think this is the problem.
Thanks for any help!
Yes I've produced app store builds of projects for clients several times using their distribution certificate. No need to use their developer certificate. There are many things can could go wrong here, if you have access to the client's account you can go on to the provisioning portal and check things out:
make sure the bundle ID in the project settings exactly matches the app ID on the iOS provisioning portal (com.company.appname usually)
make sure the app store distribution provisioning profile is marked as "valid" and shows up under the distribution certificate.
make sure the app store build config in xcode references the client's distribution cert.
open your keychain and make sure that the client distribution cert also has its accompanying private key. This may be the problem, it's the part usually left out. The client must export his private key for his dist cert and send it to you in the .p12 file along with the password to the .p12 file. The dist cert can't be used to sign the app without the private key!
sometimes just quitting Xcode and restarting it helps.
See this solution to duplicate certificates: http://tapadoo.com/2012/certificates-magically-re-appearing-in-your-keychain-try-this/
The gist is that if you have an old private key and provisioning profile around, you can run into a case where Xcode will re-create an old certificate in your keychain. This will make code signing gag because it requires a single certificate with a given name. Deleting the old private key will resolve this issue.
EASY MODE
(I hate these archaic export errors so bad. So many hours wasted. I'm not religious but I still pray this helps you)
Log into https://developer.apple.com
go to Certificates, Identifiers & Profiles
bottom left: Provisioning Profiles
Delete any duplicates / invalid profiles (in my case I only had one but it was invalid)
Note: if you're trying to export an archive, you can leave the export window open, delete a provisioning profile, then click "retry" or whatever the button says. This will save you from have to re-archive over and over
#xcode8.2.1 #osx10.11.6
I've recently reinstalled OSX, and now, when trying to build a new version of my already active app, I'm running into issues. Firstly it is complaining:
Code Sign error: The identity 'iPhone Distribution: Joshua ONeal' doesn't match any valid certificate/private key pair in the default keychain
So, I realized that I deleted my certificates. So I went over to developer.apple.com, and redownloaded the WWDR Certificate, my development certificate, and my distribution certificate. All 3 installed into Keychain with no issues. Now, when I try to download the team development provisioning profile, and the app specific distribution provisioning profile, and install them, they both throw the following error in XCode's organizer:
A valid signing identity matching this profile could not be found in your keychain.
What gives? Am I missing a certificate? Or, do I have to revoke them at dev.apple and recreate them with my fresh install?
Thanks a lot, this is very confusing, and it is stressing me out that I can't get a bug fix out asap.
UPDATE:
Here is what fixed it for me.
Revoke the developer and distributor certificates, as well as the two provisioning profiles.
Open Keychain Access, and delete the old certificates.
Create 2 new certs, and 2 new prov. profiles, and install them.
Open XCode, go to the app's target on the left side, get info, update the two code signing options to use the new certificate.
Clean all targets, build and archive.
You'll need the matching private key to go with your certificates. If you did a fresh OS X install, you will have erased the private key you used to create the initial signing request. The solution is as you suggest to revoke your current certificates and generate new ones with a new signing request.
To avoid this happening in the future, you can export the private keys you create in Keychain and back them up somewhere to use in the future if you want to develop on a new computer or fresh install.