Any Issue With Revoking Certificate Regularly - iphone

Is there any issue, if I revoke my development certificate regularly (10 times / month) ?
Let consider I'm developing 3 application using different systems with 1 development certificate and 3 provisioning profiles. Regularly I'm adding new devices to all our provisional profiles .
When installing provisioning profile in other 2 machines, Xcode Organizer shows an warning as "A valid signing identity matching this profile could not be found in your keychain " . So i just revoked my earlier certificate and generated new certificate request from the same machine keychain. After downloaded the new certificate, all things seems to be ok.
However other machines Xcode organizers will display the same warning when try to modify and download the provisioning profiles. So always I will fix the issue this way (revoking & regenerating new one).
So I would like to know, is there any issue, if I revoke my development certificate regularly (like account ban/block etc)?

There is no need to revoke your certificate every time.
On the system where the development certificate is installed, go to Key Chain Access and select the both certificate and key, right click to get the option to export, and then export as a file to your desktop. Now send that .p12 file to another Mac where you can double click that .p12 file to have it install in in that system's Key Chain Access. You install the certificates in just the same way, and once you have done that it will not show that message.

Related

Valid Signing identity Not Found in Xcode

Actually i developed an app using my own developer certificates and provisioning profile.
Now i need to publish it on my client developer account and my client sent his distribution certificate along with provisioning .And I have installed the certificate and then i drag the provisioning profile to xcode, and i have got error message like "Valid signing identity not found"
Please assits me.
Change code sign in project settings.
You need the private keys that were used to sign the certificate. If you don't have them
anymore you can generate a new signing request.
You need p12 file from your client to use its developer certificate and provisioning profile.When your client provide you that p12 file than double click that file and its run perfectly.
And for geting p12 file ,select the cert, and open the arrow to also select the private key and export them together as a .p12 file from Keychain Access.
There are several ways to solve this issue.
The first one is, to export your developer certificate including the associated key from your keychain and importing it on your client machine.
The other way would be (If your client machine would use another apple dev account) to go through those steps listed here Apple Certification & Provisioning
I would recommend to delete the old certificates from xcode, sometimes xcode might lag otherwise

Multiple Certificates/Provisioning Profiles in one Xcode organizer?

There are several similar questions here, but none could answer my basic question:
Is it possible to have two separate developer certificates in the keychain and two corresponding distribution profiles in Organizer?
I have my own (working) developer certificate and provisioning profile for my own iPhone apps.
Now I finished a project for a client and would like to use his developer account/certificates/provisioning profiles to submit his app to the app store on his account.
Is that even possible?
So far I downloaded and installed his certificates and they show up in my keychain, and I installed his provisioning profile in Organizer, but Organizer tells me "A valid signing identity matching this profile could not be found in your keychain.".
Likewise, the archive build fails.
I couldn't find a way to tell Organizer to use the certificate of my client instead of my own-I think this is the problem.
Thanks for any help!
Yes I've produced app store builds of projects for clients several times using their distribution certificate. No need to use their developer certificate. There are many things can could go wrong here, if you have access to the client's account you can go on to the provisioning portal and check things out:
make sure the bundle ID in the project settings exactly matches the app ID on the iOS provisioning portal (com.company.appname usually)
make sure the app store distribution provisioning profile is marked as "valid" and shows up under the distribution certificate.
make sure the app store build config in xcode references the client's distribution cert.
open your keychain and make sure that the client distribution cert also has its accompanying private key. This may be the problem, it's the part usually left out. The client must export his private key for his dist cert and send it to you in the .p12 file along with the password to the .p12 file. The dist cert can't be used to sign the app without the private key!
sometimes just quitting Xcode and restarting it helps.
See this solution to duplicate certificates: http://tapadoo.com/2012/certificates-magically-re-appearing-in-your-keychain-try-this/
The gist is that if you have an old private key and provisioning profile around, you can run into a case where Xcode will re-create an old certificate in your keychain. This will make code signing gag because it requires a single certificate with a given name. Deleting the old private key will resolve this issue.
EASY MODE
(I hate these archaic export errors so bad. So many hours wasted. I'm not religious but I still pray this helps you)
Log into https://developer.apple.com
go to Certificates, Identifiers & Profiles
bottom left: Provisioning Profiles
Delete any duplicates / invalid profiles (in my case I only had one but it was invalid)
Note: if you're trying to export an archive, you can leave the export window open, delete a provisioning profile, then click "retry" or whatever the button says. This will save you from have to re-archive over and over
#xcode8.2.1 #osx10.11.6

iPhone Provisioning Question

I've recently reinstalled OSX, and now, when trying to build a new version of my already active app, I'm running into issues. Firstly it is complaining:
Code Sign error: The identity 'iPhone Distribution: Joshua ONeal' doesn't match any valid certificate/private key pair in the default keychain
So, I realized that I deleted my certificates. So I went over to developer.apple.com, and redownloaded the WWDR Certificate, my development certificate, and my distribution certificate. All 3 installed into Keychain with no issues. Now, when I try to download the team development provisioning profile, and the app specific distribution provisioning profile, and install them, they both throw the following error in XCode's organizer:
A valid signing identity matching this profile could not be found in your keychain.
What gives? Am I missing a certificate? Or, do I have to revoke them at dev.apple and recreate them with my fresh install?
Thanks a lot, this is very confusing, and it is stressing me out that I can't get a bug fix out asap.
UPDATE:
Here is what fixed it for me.
Revoke the developer and distributor certificates, as well as the two provisioning profiles.
Open Keychain Access, and delete the old certificates.
Create 2 new certs, and 2 new prov. profiles, and install them.
Open XCode, go to the app's target on the left side, get info, update the two code signing options to use the new certificate.
Clean all targets, build and archive.
You'll need the matching private key to go with your certificates. If you did a fresh OS X install, you will have erased the private key you used to create the initial signing request. The solution is as you suggest to revoke your current certificates and generate new ones with a new signing request.
To avoid this happening in the future, you can export the private keys you create in Keychain and back them up somewhere to use in the future if you want to develop on a new computer or fresh install.

iPhone Distribution: No profiles currently match

I am about to upload an app to iTunes Connect. I am not Team Agent, nor does it seem the Team Agent can make me a Team Agent. So he logged onto Member Center and downloaded a Distribution Certificate, which is in my Keychain along with the WWDR Certificate.
The bundle identifier is set to se."companyname"."appname".
When I set the Code signing identity to Distribution, it says no profiles match. Can only the Team Agent build the final apps for upload? How do I make XCode "use the right set of profiles"?
Any idea on how to get past this last hurdle? :)
Edit: can the Team Agent log onto Member Center and create a provisioning profile for the app, will that solve everything?
Answer: See Paul Peeleen's answer, I decided to add this additional information (too long for comment).
Paul, I'm going to mark yours as the correct answer, because it set me on the correct track... certificates are for the keychain (which is usually linked to a computer, or rather, a computer user's login, I guess).
A quite separate distribution profile must be created for the app - modifying an existing Development certificate to include the Team Agent only lets him develop. The little 'a-ha' or perhaps 'd'oh' moment was that it has to be created in the Provision section with Distribution tab selected (in the provisioning portal).
After that, in the Target Info/Build tab you just use the default automatic profile selector (dev/distro) and it's found automatically.
I also temporarily tried adding the 'gibberish' (f.ex. JX567ERNB.) before the se.companyname.appname for the Bundle Identifier, but the automatic profile selector told me that it shouldn't be there, I removed it and it worked!
The profiles are what enable the projects to use certificates in the Keychain, I guess.
"iPhone distribution no profiles match" is one of the most annoying issue that I have ever had with app development.
This is how I sorted it out:
In Developer under iOS Provisioning Portal I needed to generate 4 certificates and download the WWDR intermediate certificate to be able to submit my app to the App Store:
Under Developer Certificate section (link) generate a Developer Certificate. Also Make sure that you have the WWDR intermediate certificate installed, if in doubt download it from there.
Under Developer Certificate section (link) generate a Distribution Certificate (This is not that will show up in Xcode!)
Under Provisioning section (link) generate a Development Provisioning profile certificate
Under Provisioning section (link) generate a Distribution Provisioning profile. THIS WILL SHOW UP IN XCODE AS A DISTRIBUTION CERTIFICATE!
After that I was able to select the iPhone distribution profile generated at 4. Also make sure that your target settings are correct as they overwrite the project settings.
Your active provisioning profiles are listed under "Xcode/Organizer/Library/Provisioning Profiles"
I hope it helps
UPDATE: Some distribution provisioning profiles often just "disappear" from my list. So I have to download and install (just double click) them again from https://developer.apple.com/ios/manage/provisioningprofiles/viewDistributionProfiles.action not a big deal, but annoying.
I checked this with my accounts and it seems that only the team agent can create the stuff needed for AppStore or AdHoc releases.
IF you have the correct provisioning profile installed, and both your project settings and target setting for the "release" build are set to the correct provisioning profile. + that you have the correct certificates installed for that computer... you can build the release.
I am unsure if only the Team Agent can upload these build, but otherwise you can package the release as a zip file (which you should anyways) and send it off the the team agent. The Team agent can then use the Application Loader to upload the application.
Also dont forget If you deleted all your certificates and keys in Keychain and you plan on regenerating those certificates make sure you change your certificate preferences in Keychain for Online Certificate Status Protocol to Off and Certificate Revocation List to Off, for some resaon this important step is the only way it worked for me.
Another reason developer profiles are missing
While in organizer under Library > Provisioning Profiles...
On my computer, if I hit Refresh, all the Distribution profiles are removed!!!
No big deal, just go back to your provisioning portal and go to Provisioning > Distribution and download the appropriate distribution profiles and your good to go! :)
Instructions right from apple... Follow them EXACT
https://developer.apple.com/ios/manage/certificates/team/howto.action
To request an iOS Development Certificate, you first need to generate
a Certificate Signing Request (CSR) utilizing the Keychain Access
application in Mac OS X Leopard. The creation of a CSR will prompt
Keychain Access to simultaneously generate your public and private key
pair establishing your iOS Developer identity. Your private key is
stored in the login Keychain by default and can be viewed in the
Keychain Access application under the ‘Keys’ category. To generate a
CSR:
In your Applications folder, open the Utilities folder and launch
Keychain Access. In the Preferences menu, set Online Certificate
Status Protocol (OSCP) and Certificate Revocation List (CRL) to “Off”.
Choose Keychain Access -> Certificate Assistant -> Request a
Certificate from a Certificate Authority. Note: If you have a
noncompliant private key highlighted in the Keychain during this
process, the resulting Certificate Request will not be accepted by the
Provisioning Portal. Confirm that you are selecting “Request a
Certificate From a Certificate Authority...” and not selecting
“Request a Certificate From a Certificate Authority with …”
In the User Email Address field, enter your email address. Please
ensure that the email address entered matches the information that was
submitted when you registered as an iOS Developer. In the Common Name
field enter your name. Please ensure that the name entered matches the
information that was submitted when you registered as an iOS
Developer. No CA (Certificate Authority) Email Address is required.
The ‘Required’ message will be removed after completing the following
step. Select the ‘Saved to Disk’ radio button and if prompted, select
‘Let me specify key pair information’ and click ‘Continue’.
If ‘Let me specify key pair’ was selected, specify a file name and
click ‘Save’. In the following screen select ‘2048 bits’ for the Key
Size and ‘RSA’ for the Algorithm. Click ‘Continue’.
The Certificate Assistant will create a CSR file on your desktop.
I battled the problem all day too. Tried Tons of things.
I downloaded the distribution provisioning profile. OK
Double Click. Into Keychain it goes (like magic) OK
Build. NOPE. Not Signed
Check - it is not the Team Provisioning Cert that you are looking for it is the plain looking one that cannot be installed on devices.
If it is not there you did not copy it to YOUR library/MobileDevice/Provisioning Profiles folder. (just like I didn't)
Make sure that the case of your bundle identifier in the provisioning profile and your info.plist are the same.
I just had this problem, and resolved it finally when I saw that Xcode would not even let me manually select my distribution profile, saying 'profile doesn't match bundle identifier myappname'
When a took a close look, I saw that the bundle name had the app name capitalized, and the provisioning profile had the appname in all lowercase.

iPhone: Error-'this provisioning profile does not have a valid signature'?

In Developer program portal,
I created a developer certificate. I registered for my iPhone deice. And registered an App ID (In App Purchase enabled). I created a provisioning profile using the created certificate and app id details.
I followed the procedure that Apple said and created it.
I downloaded the provisioning profile and installed on Xcode and on the device.
I tried to install my application on my jailbroken iPhone device( i did jailbroken already) using the provisioning profile which i downloaded, but it throws an error as 'this provisioning profile does not have a valid signature or it has a valid but untrusted signature(or it has a valid but untrusted signature)'.
Can some one advise me what is wrong here and how to resolve it?
NOT YET RESOLVED WITH THE SUGGESTIONS PROVIDED UPTO NOW. ANY HELP PLEASE?
Martin/
I had the very same issue although I set up provisioning, entitlements etc. correctly.
One cause of the error is described in http://www.onidev.com/2010/01/12/the-application-does-not-have-a-valid-signature/
Certain folder names may not be used in your app bundle. Check especially your "Copy files" build phases.
It seems this correlates with typical Apple app bundle names.
Unallowed folder names include (but are probably not limited to):
resources
contents
Renaming my folder from contents to myContents solved the problem for me.
Did you add the developer certificate and the corresponding private key to your keychain?
Not only do you have to add your own certificate (iPhone Developer: Johny Appleseed) you must also add Apple's Certificate Assigning Authority to your local keychain as well.
EDIT:
The certificate section in the program portal has the following info:
Downloading and Installing Development
Certificates In the ‘Certificates’ >
’Distribution’ section of the Portal,
control-click the WWDR Intermediate
Certificate link and select “Saved
Linked File to Downloads” to initiate
download of the certificate. On your
local machine, double-click the WWDR
Intermediate certificate to launch
Keychain Access and install. Upon CSR
approval, Team Members and Team Admins
can download their certificates via
the ‘Certificates’ section of the
Program Portal. Click ‘Download’ next
to the certificate name to download
your iPhone Development Certificate to
your local machine. On your local
machine, double-click the downloaded
.cer file to launch Keychain Access
and install your certificate. Team
Members can only download their own
iPhone Development Certificates. Team
Admins have the authority to download
the public certificates of all of
their Team Members. Apple never
receives the private key for a CSR.
The private keys are not available to
anyone except the original key pair
creator and are stored in the system
keychain of that Team Member.
The certificate assigning authority should be something like applewwdrca.cer, there are screen shots and more info in the "How To" section.
EDIT 2:
Read through this Provisioning HowTo carefully (as well as the other HowTo tabs in the program portal), provisioning is a pain in the ass tedious process, if this documentation does not fix your problem then you need to burn one of your free support cards and call Apple because there is a problem with your particular machine. You should have gotten 2 of those support requests when you entered the program, if you used them all you can buy more.