There are several similar questions here, but none could answer my basic question:
Is it possible to have two separate developer certificates in the keychain and two corresponding distribution profiles in Organizer?
I have my own (working) developer certificate and provisioning profile for my own iPhone apps.
Now I finished a project for a client and would like to use his developer account/certificates/provisioning profiles to submit his app to the app store on his account.
Is that even possible?
So far I downloaded and installed his certificates and they show up in my keychain, and I installed his provisioning profile in Organizer, but Organizer tells me "A valid signing identity matching this profile could not be found in your keychain.".
Likewise, the archive build fails.
I couldn't find a way to tell Organizer to use the certificate of my client instead of my own-I think this is the problem.
Thanks for any help!
Yes I've produced app store builds of projects for clients several times using their distribution certificate. No need to use their developer certificate. There are many things can could go wrong here, if you have access to the client's account you can go on to the provisioning portal and check things out:
make sure the bundle ID in the project settings exactly matches the app ID on the iOS provisioning portal (com.company.appname usually)
make sure the app store distribution provisioning profile is marked as "valid" and shows up under the distribution certificate.
make sure the app store build config in xcode references the client's distribution cert.
open your keychain and make sure that the client distribution cert also has its accompanying private key. This may be the problem, it's the part usually left out. The client must export his private key for his dist cert and send it to you in the .p12 file along with the password to the .p12 file. The dist cert can't be used to sign the app without the private key!
sometimes just quitting Xcode and restarting it helps.
See this solution to duplicate certificates: http://tapadoo.com/2012/certificates-magically-re-appearing-in-your-keychain-try-this/
The gist is that if you have an old private key and provisioning profile around, you can run into a case where Xcode will re-create an old certificate in your keychain. This will make code signing gag because it requires a single certificate with a given name. Deleting the old private key will resolve this issue.
EASY MODE
(I hate these archaic export errors so bad. So many hours wasted. I'm not religious but I still pray this helps you)
Log into https://developer.apple.com
go to Certificates, Identifiers & Profiles
bottom left: Provisioning Profiles
Delete any duplicates / invalid profiles (in my case I only had one but it was invalid)
Note: if you're trying to export an archive, you can leave the export window open, delete a provisioning profile, then click "retry" or whatever the button says. This will save you from have to re-archive over and over
#xcode8.2.1 #osx10.11.6
Related
I am trying to create a distribution build with mono for days already... I got the distribution provisioning profile and the distribution certificate from our "team agent" and drag-dropped seperately onto xcode-organizer and keychain-access, but still, there's the warning message showing :
"A valid signing identity matching this profile could not be found in your keychain."
and I couldn't make the distribution build still. Any idea which step I made it wrong? Please advice; much appreciated!
Thanks,
ab.yyang
It sounds like you only have the provision file and the certificate from Apple, but not the original private key used to request the certificate.
If that's the case, you either have to ask whoever created it for a copy of private key, or you'll need to generate entirely new keys, request a new certificate and create a new provision file.
open Keychain Access
erase everything in 'Keys' and 'Certificates'
open Xcode and erase all provisioning data
goto Provisioning Portal and revoke your certificate
create a new one, and use launch assistant
If this happen after renewing the DEVELOPER CERTIFICATE,
my fix to the problem was going to the apple provision profile, modify the development provision and checkbox the certificate.(suppose to be empty checkbox near the certificate name).
then, you can : download and install the provision manually by dragging to xcode
or going to Organizer-Library(on the left)-Provision Profiles, and click the "refresh" button(in the bottom of screen), this will download the new provision profile that "connected" to the new CERTIFICATE and the warning will disappear.
If you are building to run on a physical device, you need to be enrolled in the iOS Developer Program. From there you go to the Developer Portal to generate a Provisioning Profile. That profile gets loaded to Xcode via the Organizer window.
Have you done those steps?
I've recently reinstalled OSX, and now, when trying to build a new version of my already active app, I'm running into issues. Firstly it is complaining:
Code Sign error: The identity 'iPhone Distribution: Joshua ONeal' doesn't match any valid certificate/private key pair in the default keychain
So, I realized that I deleted my certificates. So I went over to developer.apple.com, and redownloaded the WWDR Certificate, my development certificate, and my distribution certificate. All 3 installed into Keychain with no issues. Now, when I try to download the team development provisioning profile, and the app specific distribution provisioning profile, and install them, they both throw the following error in XCode's organizer:
A valid signing identity matching this profile could not be found in your keychain.
What gives? Am I missing a certificate? Or, do I have to revoke them at dev.apple and recreate them with my fresh install?
Thanks a lot, this is very confusing, and it is stressing me out that I can't get a bug fix out asap.
UPDATE:
Here is what fixed it for me.
Revoke the developer and distributor certificates, as well as the two provisioning profiles.
Open Keychain Access, and delete the old certificates.
Create 2 new certs, and 2 new prov. profiles, and install them.
Open XCode, go to the app's target on the left side, get info, update the two code signing options to use the new certificate.
Clean all targets, build and archive.
You'll need the matching private key to go with your certificates. If you did a fresh OS X install, you will have erased the private key you used to create the initial signing request. The solution is as you suggest to revoke your current certificates and generate new ones with a new signing request.
To avoid this happening in the future, you can export the private keys you create in Keychain and back them up somewhere to use in the future if you want to develop on a new computer or fresh install.
I am about to upload an app to iTunes Connect. I am not Team Agent, nor does it seem the Team Agent can make me a Team Agent. So he logged onto Member Center and downloaded a Distribution Certificate, which is in my Keychain along with the WWDR Certificate.
The bundle identifier is set to se."companyname"."appname".
When I set the Code signing identity to Distribution, it says no profiles match. Can only the Team Agent build the final apps for upload? How do I make XCode "use the right set of profiles"?
Any idea on how to get past this last hurdle? :)
Edit: can the Team Agent log onto Member Center and create a provisioning profile for the app, will that solve everything?
Answer: See Paul Peeleen's answer, I decided to add this additional information (too long for comment).
Paul, I'm going to mark yours as the correct answer, because it set me on the correct track... certificates are for the keychain (which is usually linked to a computer, or rather, a computer user's login, I guess).
A quite separate distribution profile must be created for the app - modifying an existing Development certificate to include the Team Agent only lets him develop. The little 'a-ha' or perhaps 'd'oh' moment was that it has to be created in the Provision section with Distribution tab selected (in the provisioning portal).
After that, in the Target Info/Build tab you just use the default automatic profile selector (dev/distro) and it's found automatically.
I also temporarily tried adding the 'gibberish' (f.ex. JX567ERNB.) before the se.companyname.appname for the Bundle Identifier, but the automatic profile selector told me that it shouldn't be there, I removed it and it worked!
The profiles are what enable the projects to use certificates in the Keychain, I guess.
"iPhone distribution no profiles match" is one of the most annoying issue that I have ever had with app development.
This is how I sorted it out:
In Developer under iOS Provisioning Portal I needed to generate 4 certificates and download the WWDR intermediate certificate to be able to submit my app to the App Store:
Under Developer Certificate section (link) generate a Developer Certificate. Also Make sure that you have the WWDR intermediate certificate installed, if in doubt download it from there.
Under Developer Certificate section (link) generate a Distribution Certificate (This is not that will show up in Xcode!)
Under Provisioning section (link) generate a Development Provisioning profile certificate
Under Provisioning section (link) generate a Distribution Provisioning profile. THIS WILL SHOW UP IN XCODE AS A DISTRIBUTION CERTIFICATE!
After that I was able to select the iPhone distribution profile generated at 4. Also make sure that your target settings are correct as they overwrite the project settings.
Your active provisioning profiles are listed under "Xcode/Organizer/Library/Provisioning Profiles"
I hope it helps
UPDATE: Some distribution provisioning profiles often just "disappear" from my list. So I have to download and install (just double click) them again from https://developer.apple.com/ios/manage/provisioningprofiles/viewDistributionProfiles.action not a big deal, but annoying.
I checked this with my accounts and it seems that only the team agent can create the stuff needed for AppStore or AdHoc releases.
IF you have the correct provisioning profile installed, and both your project settings and target setting for the "release" build are set to the correct provisioning profile. + that you have the correct certificates installed for that computer... you can build the release.
I am unsure if only the Team Agent can upload these build, but otherwise you can package the release as a zip file (which you should anyways) and send it off the the team agent. The Team agent can then use the Application Loader to upload the application.
Also dont forget If you deleted all your certificates and keys in Keychain and you plan on regenerating those certificates make sure you change your certificate preferences in Keychain for Online Certificate Status Protocol to Off and Certificate Revocation List to Off, for some resaon this important step is the only way it worked for me.
Another reason developer profiles are missing
While in organizer under Library > Provisioning Profiles...
On my computer, if I hit Refresh, all the Distribution profiles are removed!!!
No big deal, just go back to your provisioning portal and go to Provisioning > Distribution and download the appropriate distribution profiles and your good to go! :)
Instructions right from apple... Follow them EXACT
https://developer.apple.com/ios/manage/certificates/team/howto.action
To request an iOS Development Certificate, you first need to generate
a Certificate Signing Request (CSR) utilizing the Keychain Access
application in Mac OS X Leopard. The creation of a CSR will prompt
Keychain Access to simultaneously generate your public and private key
pair establishing your iOS Developer identity. Your private key is
stored in the login Keychain by default and can be viewed in the
Keychain Access application under the ‘Keys’ category. To generate a
CSR:
In your Applications folder, open the Utilities folder and launch
Keychain Access. In the Preferences menu, set Online Certificate
Status Protocol (OSCP) and Certificate Revocation List (CRL) to “Off”.
Choose Keychain Access -> Certificate Assistant -> Request a
Certificate from a Certificate Authority. Note: If you have a
noncompliant private key highlighted in the Keychain during this
process, the resulting Certificate Request will not be accepted by the
Provisioning Portal. Confirm that you are selecting “Request a
Certificate From a Certificate Authority...” and not selecting
“Request a Certificate From a Certificate Authority with …”
In the User Email Address field, enter your email address. Please
ensure that the email address entered matches the information that was
submitted when you registered as an iOS Developer. In the Common Name
field enter your name. Please ensure that the name entered matches the
information that was submitted when you registered as an iOS
Developer. No CA (Certificate Authority) Email Address is required.
The ‘Required’ message will be removed after completing the following
step. Select the ‘Saved to Disk’ radio button and if prompted, select
‘Let me specify key pair information’ and click ‘Continue’.
If ‘Let me specify key pair’ was selected, specify a file name and
click ‘Save’. In the following screen select ‘2048 bits’ for the Key
Size and ‘RSA’ for the Algorithm. Click ‘Continue’.
The Certificate Assistant will create a CSR file on your desktop.
I battled the problem all day too. Tried Tons of things.
I downloaded the distribution provisioning profile. OK
Double Click. Into Keychain it goes (like magic) OK
Build. NOPE. Not Signed
Check - it is not the Team Provisioning Cert that you are looking for it is the plain looking one that cannot be installed on devices.
If it is not there you did not copy it to YOUR library/MobileDevice/Provisioning Profiles folder. (just like I didn't)
Make sure that the case of your bundle identifier in the provisioning profile and your info.plist are the same.
I just had this problem, and resolved it finally when I saw that Xcode would not even let me manually select my distribution profile, saying 'profile doesn't match bundle identifier myappname'
When a took a close look, I saw that the bundle name had the app name capitalized, and the provisioning profile had the appname in all lowercase.
In Developer program portal,
I created a developer certificate. I registered for my iPhone deice. And registered an App ID (In App Purchase enabled). I created a provisioning profile using the created certificate and app id details.
I followed the procedure that Apple said and created it.
I downloaded the provisioning profile and installed on Xcode and on the device.
I tried to install my application on my jailbroken iPhone device( i did jailbroken already) using the provisioning profile which i downloaded, but it throws an error as 'this provisioning profile does not have a valid signature or it has a valid but untrusted signature(or it has a valid but untrusted signature)'.
Can some one advise me what is wrong here and how to resolve it?
NOT YET RESOLVED WITH THE SUGGESTIONS PROVIDED UPTO NOW. ANY HELP PLEASE?
Martin/
I had the very same issue although I set up provisioning, entitlements etc. correctly.
One cause of the error is described in http://www.onidev.com/2010/01/12/the-application-does-not-have-a-valid-signature/
Certain folder names may not be used in your app bundle. Check especially your "Copy files" build phases.
It seems this correlates with typical Apple app bundle names.
Unallowed folder names include (but are probably not limited to):
resources
contents
Renaming my folder from contents to myContents solved the problem for me.
Did you add the developer certificate and the corresponding private key to your keychain?
Not only do you have to add your own certificate (iPhone Developer: Johny Appleseed) you must also add Apple's Certificate Assigning Authority to your local keychain as well.
EDIT:
The certificate section in the program portal has the following info:
Downloading and Installing Development
Certificates In the ‘Certificates’ >
’Distribution’ section of the Portal,
control-click the WWDR Intermediate
Certificate link and select “Saved
Linked File to Downloads” to initiate
download of the certificate. On your
local machine, double-click the WWDR
Intermediate certificate to launch
Keychain Access and install. Upon CSR
approval, Team Members and Team Admins
can download their certificates via
the ‘Certificates’ section of the
Program Portal. Click ‘Download’ next
to the certificate name to download
your iPhone Development Certificate to
your local machine. On your local
machine, double-click the downloaded
.cer file to launch Keychain Access
and install your certificate. Team
Members can only download their own
iPhone Development Certificates. Team
Admins have the authority to download
the public certificates of all of
their Team Members. Apple never
receives the private key for a CSR.
The private keys are not available to
anyone except the original key pair
creator and are stored in the system
keychain of that Team Member.
The certificate assigning authority should be something like applewwdrca.cer, there are screen shots and more info in the "How To" section.
EDIT 2:
Read through this Provisioning HowTo carefully (as well as the other HowTo tabs in the program portal), provisioning is a pain in the ass tedious process, if this documentation does not fix your problem then you need to burn one of your free support cards and call Apple because there is a problem with your particular machine. You should have gotten 2 of those support requests when you entered the program, if you used them all you can buy more.
My iPhone application runs fine in the simulator. I'm trying to deploy it onto a physical iPhone. When I install the provisioning profile, my Organizer says "A signing identity matching this profile could not be found in your keychain."
I can't resolve this. What do I do?
A) Did you create a provisioning profile in the iPhone development portal?
B) If so, does the name in the info.plist file match the appID you created in the portal and used to create that development profile (that is, if you had created an app id of "com.fredsgreatstuff.*" in the info.plist you'd replace "com.mycompany" with "com.fredsgreatstuff")
C) Did you set PRODUCT_NAME in the project settings for all targets (to something like "mygreatapp")
From the look of the error though you must have got the development cert wrong, or not downloaded the certificate from the portal generated after you uploaded your developer signing request.
The portal has pretty good instructions at this point (that didn't used to be the case), be very careful to follow every step to the letter.
Make sure you've downloaded your certificate from the program portal. Double-click on it to create a private-public key pair in Keychain Access. The private key will be created when you download the cert and double-click on it.
If it does not, you might have to delete the certificate and create a new one. Make sure the in the certificate signing request you create, your name is exactly as you've mentioned in the portal.
Here is a really good website with a checklist on troubleshooting code signing errors:
http://www.drobnik.com/touch/2009/05/how-to-fix-code-signing-errors/
Most of its content is covered by the posts above, but it is easier to work through.
FTR, I hit the same problem that Genericrich pointed out - my Development Profile didn't have the private key, but my Distribution one did. As a workaround I just defined my Debug build to also use the Development Profile.
Make sure you have your developer certificate installed on the machine, AND that your private key installed with it. You can check this in the Keychain Access tool in your Utilities folder. The cert should expand to a private key icon with your name on it.
It might be that the "keychain" into which you installed your certificate is not currently set as your "default keychain". I had the same (or very similar problems) when my default keychain was somehow switched to a different default.
Open Keychain Access (Applications -> Utilities -> Keychain Access)
On the top left list box called "Keychains" make sure the keychain into which you installed your developer certificate (usually "login") is still bold (ie: set to the default keychain).
You can set the default keychain by right (or control) clicking on the keychain you want ("login" for example) and selecting the "Make Keychain 'xxx' Default".
Cheers.
I had the same problem with Xcode 4.0 on SL.
In the Organizer window, doing a "drag and drop" of the provisioning profile always gives a "Valid signing identity not found".
You have to use the + (add) icon and search for your provisioning profile file to upload it on your device. It just worked for me (no need to reinstall all the stuff).
Deleting all expired provisioning profiles in Xcode organizer did the trick for me. After this I clicked on the Refresh button in the organizer and the provisioning profiles have been downloaded automatically.