When I build an app it shows me this error:
When I deleted the previous one certificate, everything starts working fine. So my question is if deleted it once how it again added in the keychain? and why it is added again instead of one certificate being there in the keychain?
I think you are getting an error message about having an extra distribution certificate - because you have an extra distribution certificate!
My guess is that you are getting it pulled back down to your machine from the Provisioning Portal by Xcode.
Have you recently revoked a distribution certificate and then tried to delete from KeychainAccess? If so, did you delete the public and private keys associated with it?
Go into KeychainAccess and check if you have any orphan private keys, if you have any which could be linked to an old distribution certificate then delete them (deleting a developer or distribution certificate without deleting its public and private key is not deleting it properly - you need to delete both keys AND the certificate)
then go back to Xcode and in the Organiser screen hit the 'refresh' button - then check KeychainAccess again - with any luck Xcode will not have downloaded the naughty certificate and your problem has been solved. However if you now have your rogue certificate back then it may be that the provisioning profile you have been using needs to be changed...
BTW, make sure you look in the 'system' and 'system roots' keychains as well as the 'login' keychain.
Related
I need help:
My profile expired and I can't renew it - don't know why. I deleted everything, set up everything new but nothing worked so far… When I double click the certificate, it will put this one into the keychain under ceritficates, but not install the private and the public key.
Error message is: Xcode could not find a valid private-key/certificate pair for this profile in your keychain.
Does anyone know a solution?
Thanks in advance.
The certificate isn't meant to install the public/private keys; they're not included in the certificate. If you've deleted them and not kept a copy around then you'll need to generate a new pair and resubmit to Apple to generate a new certificate.
I am trying transfer my developer certificate under the keychain to someone. I exported the item. And also send him the provisioning profile which includes his device ID.
He installed my certificate to his keychain and also the provisioning profile to his xcode.
However, The provisioning profile under his xcode complains of there's no Valid signing Identity. Well I already sent him the certificate.
What's wrong?
You have to export the matching private key with the Developer Certificate, you can select both the private key and Certificate and export at the same time.
Does he have multiple certificates with the same name in his keychain? In which case he may have to delete the one that is not applicable for this profile when he is trying to build the app (he can reinstall the deleted certificate later). Also, ask him to delete and reinstall the profile. Is there any more information he is getting with the error?
Along with the development & distribution certificates that you provided, you also need to export your private key as a *.p12 file. When he is importing this elements into the Keychain application ensure he selects the "login" keychain.
There are several similar questions here, but none could answer my basic question:
Is it possible to have two separate developer certificates in the keychain and two corresponding distribution profiles in Organizer?
I have my own (working) developer certificate and provisioning profile for my own iPhone apps.
Now I finished a project for a client and would like to use his developer account/certificates/provisioning profiles to submit his app to the app store on his account.
Is that even possible?
So far I downloaded and installed his certificates and they show up in my keychain, and I installed his provisioning profile in Organizer, but Organizer tells me "A valid signing identity matching this profile could not be found in your keychain.".
Likewise, the archive build fails.
I couldn't find a way to tell Organizer to use the certificate of my client instead of my own-I think this is the problem.
Thanks for any help!
Yes I've produced app store builds of projects for clients several times using their distribution certificate. No need to use their developer certificate. There are many things can could go wrong here, if you have access to the client's account you can go on to the provisioning portal and check things out:
make sure the bundle ID in the project settings exactly matches the app ID on the iOS provisioning portal (com.company.appname usually)
make sure the app store distribution provisioning profile is marked as "valid" and shows up under the distribution certificate.
make sure the app store build config in xcode references the client's distribution cert.
open your keychain and make sure that the client distribution cert also has its accompanying private key. This may be the problem, it's the part usually left out. The client must export his private key for his dist cert and send it to you in the .p12 file along with the password to the .p12 file. The dist cert can't be used to sign the app without the private key!
sometimes just quitting Xcode and restarting it helps.
See this solution to duplicate certificates: http://tapadoo.com/2012/certificates-magically-re-appearing-in-your-keychain-try-this/
The gist is that if you have an old private key and provisioning profile around, you can run into a case where Xcode will re-create an old certificate in your keychain. This will make code signing gag because it requires a single certificate with a given name. Deleting the old private key will resolve this issue.
EASY MODE
(I hate these archaic export errors so bad. So many hours wasted. I'm not religious but I still pray this helps you)
Log into https://developer.apple.com
go to Certificates, Identifiers & Profiles
bottom left: Provisioning Profiles
Delete any duplicates / invalid profiles (in my case I only had one but it was invalid)
Note: if you're trying to export an archive, you can leave the export window open, delete a provisioning profile, then click "retry" or whatever the button says. This will save you from have to re-archive over and over
#xcode8.2.1 #osx10.11.6
I've recently reinstalled OSX, and now, when trying to build a new version of my already active app, I'm running into issues. Firstly it is complaining:
Code Sign error: The identity 'iPhone Distribution: Joshua ONeal' doesn't match any valid certificate/private key pair in the default keychain
So, I realized that I deleted my certificates. So I went over to developer.apple.com, and redownloaded the WWDR Certificate, my development certificate, and my distribution certificate. All 3 installed into Keychain with no issues. Now, when I try to download the team development provisioning profile, and the app specific distribution provisioning profile, and install them, they both throw the following error in XCode's organizer:
A valid signing identity matching this profile could not be found in your keychain.
What gives? Am I missing a certificate? Or, do I have to revoke them at dev.apple and recreate them with my fresh install?
Thanks a lot, this is very confusing, and it is stressing me out that I can't get a bug fix out asap.
UPDATE:
Here is what fixed it for me.
Revoke the developer and distributor certificates, as well as the two provisioning profiles.
Open Keychain Access, and delete the old certificates.
Create 2 new certs, and 2 new prov. profiles, and install them.
Open XCode, go to the app's target on the left side, get info, update the two code signing options to use the new certificate.
Clean all targets, build and archive.
You'll need the matching private key to go with your certificates. If you did a fresh OS X install, you will have erased the private key you used to create the initial signing request. The solution is as you suggest to revoke your current certificates and generate new ones with a new signing request.
To avoid this happening in the future, you can export the private keys you create in Keychain and back them up somewhere to use in the future if you want to develop on a new computer or fresh install.
I've been able to generate and use my development cert & provision for some time. I did have some problems after upgrading xcode, in that the login certs where getting trashed/removed, but I fixed that.
I'm trying to create my distribution cert & provision. I've noticed that the distribution cert doesn't have a private key - you can't expand the cert when clicking on it. Not sure if that's an issue or not. When I drag the distribution profile into Organizer, it comes up with the error message, "A valid signing identity matching this profile could not be found in your keychain".
I've tried putting the distribution cert in both login and system. I also DO have the WWDRCA cert installed.
Any ideas - A real pain ...
It sounds like you do not have the keys corresponding to the certificates in your keychain. If you posted screenshots of your keychain entries and your code signing configuration, it would be easier to see exactly what is going on.
Also make sure you have the Apple certificate in your keychain.
Check if you have still got your private key on login keychain. That's what happens to me. I encountered this same problem when I copied my project from iMac to Macbook Pro. I found out I didn't have my private key installed on the Macbook. So I exported my private key, copied and installed it to the Macbook, and it fixed it!
I've documented the information here: http://www.creatistblog.com/2009/09/iphone-developer-provisioning.html