I've created a Certificate Signing Request (CSR) file using KeyChain on an iMac and MacBook. I have successfully uploaded the CSR file to Apple for generating a Pass Type ID certificate. I can download and install the certificate to the machine the CSR file was generated from.
The problem now is I cannot export the certificate AND the private key because there is no private key associated with the certificate! Very strange considering the CSR file came from this machine.
I have followed the Apple guide and they make no mention to this potentially being a problem so there's no troubleshooting help there.
I do not know what's going wrong here so please shed light on this if you can. Thanks.
Solved
The Common Name had to match the name used in the id.
Actually i developed an app using my own developer certificates and provisioning profile.
Now i need to publish it on my client developer account and my client sent his distribution certificate along with provisioning .And I have installed the certificate and then i drag the provisioning profile to xcode, and i have got error message like "Valid signing identity not found"
Please assits me.
Change code sign in project settings.
You need the private keys that were used to sign the certificate. If you don't have them
anymore you can generate a new signing request.
You need p12 file from your client to use its developer certificate and provisioning profile.When your client provide you that p12 file than double click that file and its run perfectly.
And for geting p12 file ,select the cert, and open the arrow to also select the private key and export them together as a .p12 file from Keychain Access.
There are several ways to solve this issue.
The first one is, to export your developer certificate including the associated key from your keychain and importing it on your client machine.
The other way would be (If your client machine would use another apple dev account) to go through those steps listed here Apple Certification & Provisioning
I would recommend to delete the old certificates from xcode, sometimes xcode might lag otherwise
I have one big problem. I am having iphone developer account and now i have given all the controls to my developer so he has created certificate in account and install it. But he didn't know that if we want to use this information on multi system then we need to keep .p12 certificates and we have to install this certificates on another machine.
We don't have this .p12 certificate and we want to use another machine so what should i do for this things?. How can i delete current certificate from account and create another CSR and certificates for all machine?.
If anyone knows then please drops some line.
Thanks,
iPhone Dev.
If you still have the machine he created the Certificate Signing Requests (CSR) on, then you can export the private key from Keychain Access. Just find the key and export it.
If the private key is no longer available then you need to revoke the existing certificate and create a new one again. There are plenty of questions on Stackoverflow about this, e.g.
Lost Private Key For iPhone Distribution Certificate. What could be solutions?
I have a self-signed certificate at the endpoint of my API. I'm trying to test some things using the simulator but am getting "untrusted server certificate".
I have tried to use safari on the simulator to download the .crt file, but that doesn't seem to work.
Where does iPhone Simulator get its keychain from? How can I add a trusted certificate so my application will work?
I got it to work by creating a CA and then adding a CA certificate using the iPhone provisioning tool. Then I was able to have a certificate signed by that CA certificate on the API server and the NSConnection just worked. I was not able to get it to work using a self-signed certificate for some reason. I need to re-attempt this using the provisioning software.
My real question is how do I get this to work on the simulator? I would think that the simulator uses the keychain of the actual computer.
Simply drag & drop your .cer Files into your running Simulator window. You'll see Safari flashing and then the import dialog for your Certificate (or Certificate Authority)...
Working for iOS 7 Simulator (and i Think did work for iOS 6 too).
For those who find that the dragging and dropping of the certificate on the Simulator isn't working, there was a recent change that adds an extra step.
The Simulator must be explicitly told to trust the root CA. Do this by going to:
iOS Settings > General > About > Certificate Trust Settings > "Enable Full Trust for Root Certificate" for your particular certificate
See the full answer here:
I had this same issue for months and today I FINALLY solved it with:
ADVTrustStore
You are going to want to use a project called ADVTrustStore from github. It does some fancy magic but it will correctly install certificates into your root trust-store on the simulator.
Steps to install a custom cert
# Clone the repo
git clone https://github.com/ADVTOOLS/ADVTrustStore.git
# Enter the repo directory
cd ADVTrustStore/
# Copy your .crt file
cp somewhere/something.crt my.crt
# conver to a .pem file
openssl x509 -in my.crt -out my.pem -outform PEM
# Install the pem in the simulators
./iosCertTrustManager.py -a my.pem
Using this process I was able to get GoogleStreetView images to render correctly while behind a corporate firewall using SSL resigning with self-signed certificates
Background
I was using CharlesProxy and i noticed it was correctly installing certificates into the Simulator but they did not show up in the Settings - Profiles section. Then after some searching I discovered this tool. There are probably a few other tools out there but in my case the drag-and-drop never worked correctly for all cases. Safari would be fine but not my applications.
For anyone use OS X Catalina, please check this : https://forums.developer.apple.com/thread/124056.
Catalina is currently blocking access to Desktop, Documents and Downloads folder.
I moved certificate files to Shared folder and drag and drop the files to simulator from there.
Take a look at the shell script Charles uses to install their self signed cert into the simulator's keychain. http://www.charlesproxy.com/documentation/faqs/ssl-connections-from-within-iphone-applications/
See also:
iPhone TrustStore CA certificates
http://redgreenrefactor.eu/blog/testing-https-on-iphone-simulator/
It looks like installing your own certificate in the simulator may require installing it on a device via Safari and then copying the resulting row from the device's TrustStore.sqlite3 into the simulator's.
Dragging and drop used to work but it didn't work on XCode 12 for me. What worked for me was opening Safari browser on Simulator and then typing the file URL for the .crt certificate file.
Ex.
file:///Users/[folder_path]/[certificate.crt]
After that you have to goto Simulator Settings and install the certificate by navigating into General > Profiles section.
For IOS14, after the dragging, you need go to:
General -> Profile -> select you profile -> install
and then:
General -> About -> Certificate Trust Settings -> "Enable Full Trust for Root Certificate" for your particular certificate
see also https://developer.apple.com/library/archive/qa/qa1948/_index.html
Using iPhone Backup Extractor, I copied my iPhone's TrustStore.sqlite3 into ~/Library/Application Support/iPhone Simulator/6.0/Library/Keychains, overwriting the existing file. I tried to only insert a single row with the following sqlite, but I couldn't get it working.
sqlite3 ~/backup/iOS\ Files/TrustStore.sqlite3
sqlite3>.mode insert
sqlite3>.output working.sql
sqlite3>select * from tsettings;
sqlite3>.quit
Now, working.sql has the entire contents of the tsettings table (in my case, 1 row).
sqlite3 ~/Library/Application\ Support/iPhone\ Simulator/6.0/Library/Keychains/TrustStore.sqlite3
sqlite3>INSERT INTO tsettings VALUES(X'...
sqlite3>.quit
Again, the above sqlite commands didn't work for me, but might be a good starting point for someone else. Copying the entire TrustStore.sqlite3 from the backup into the simulator worked just fine.
Take a look at the iostrust Ruby gem: http://github.com/yageek/iostrust
When I started I couldn't get "Enable Full Trust for Root Certificate" to show up. I was using the certs I generated for nginx with openssl.
What worked was exporting the development cert from Keychain Access and downloading that with Safari in the simulator. Then the "Enable Full Trust for Root Certificate" showed up and I was able to get my application working.
Also, like people above have said dragging and dropping the cert on to the simulator doesn't work anymore. You can download the cert with Safari.
I am making an app that needs to be released by the client.
Am I able to build and sign the final binary with my distribution certificate and send it to the client to upload?
Or will I have to send them the source to compile with there own certificate?
Cheers
You can have them send you their certificate. They'll need to export it from Keychain Access, and send you the .p12 file. Then you can import that into your keychain, and build against their distribution mobileprovision file.
Otherwise, there's no way let them distribute your binary.