I have some apps already published in iTunes, I've compiled and published them from my Mac many times. Recently I was forced to reset my passwords, and then I tried to compile and XCode told me that:
a) I wasn't logged in
b) My certificate wasn't found in the keychain (Revoke)
So, ok, I logged in again and created another certificate. I read in another post that: "If you change your password for your computer after you have already created a cert, you will have to go through the process all over again and create new certs."
But now when I'm going to compile, XCode tells me that my private key can't be found in my keychain. And I can't create a new one because my app is already published. Where is it?
All the info I could find on the web tells me to contact the owner of the Mac which originally created the private key to import it to mine. But it's my Mac! Where is it? Where is the private key? Gone?
Try going into Keychain Access, type in "iPhone Developer" or "iPhone Distribution" into the search field in the top right and you'll get a list of valid and expired certificates.
As you can see from the below screenshot, I have a pile of expired ones, and one valid one. Clicking on that valid cert reveals the private key underneath it.
Related
After I accidently deleted my local keychain... it seems I have encountered some problems. (This is my first Mac.)
In Xcode - Preferences - Accounts it has an error. If I click "View details" for my developer account, it list one signing identity called "iOS Development". However, its status is missing private key. (If I try to add one for distribution, it also pops up saying I already have one.)
As I already redownloaded both my distribution and development certificate from my developer profile and put them into my local keychain... I guess this means they somehow were not enough? Is there any other place on my Mac where I can (be lucky and) find my private key? certificate? ...
Or will I need to revoke my certificates in my developer profile? Download new certificate and create new provision profiles?
The private key is used for signing the code and the certificate is used for verifying the code. Since the private key is only stored in your keychain and you deleted it.
The only way to recover from it is to create a new developer certificate and generate a new Developer Provisioning Profile for your app.
I got myself a new mac so I went into Xcode 4.6.2 and exported my developer account and then on my new iMac I imported the profile and all certificates were imported correctly into keychain app and all private keys were also imported but none of the public keys came across to new account I have now tried to repeat this twice more and Still no luck so I have backed up the old keychain as I can move all key and certificates in one go but I have heap of crap in old keychain that I dont want to bring across has any one else been able to move there profile from one mac to another and get it to copy all keys (public + private) or are the public key not needed for anything I know how keys work for ssh or ssl but I'm not sure whats needed for code signing projects.
For code signing projects You need a distribution profile and developer profile. You can download or Import your profiles from xcode itself. goto Xcode->window->Organizer import option which is used to import your profiles. Signin Option which is used to download the profiles from online.
I'm trying to validate an archive, before submitting it to the app store, but I keep getting the following error :
"MY NAME" is a valid identity. However, the associated package
identity "MY NAME" has expired.
There is an option to "Refresh Code Signing Identity", but nothing seems to happen.
What could be going wrong? Any ideas?
Hint : It's not my first time uploading an archive to the app store; I've already done that like 100 times. The thing is I'm using a different development machine and think that probably this is the one to blame. But I'm still confused...
I had the same issue. Deleting the expired developer certificates via "Keychain Access" did the trick for me.
From Keychain Access, View, Show Expired Certificates and delete all of them.
MAS: Code Signing Identity Private Key
Francesco Germinara
I had this exact error message, and it turns out that I needed to download and install both the Mac App certificate as well as the Mac Installer certificate, but I had only downloaded the Mac App one.
I have an application that stores username and password in the keychain. Everything was working fine when working on Xcode 3, I recently moved to Xcode 4 and now when I run the application, I get a prompt:
Application wants to use your confidential information stored in keychain" in your keychain.
After hitting always allow I see the application added to access control list of the keychain item, but I get every time I run the app.
Also after hitting Always allow again, I see that the access control has two instances of the same app. Seems like OS thinks this is a new application.
Any ideas appreciated.
I believe the problem is that your signature's designated requirement causes it to not accept itself as "the same app" as itself (for Keychain purposes).
One common cause for this—and I think it's yours—is using a Developer ID Application cert, with no designated requirement, and without the intermediate cert installed.
A standard Developer ID requirement looks like this:
designated => anchor apple generic and
identifier \"com.example.appName\" and
((cert leaf[field.1.2.840.113635.100.6.1.9] exists) or
(certificate 1[field.1.2.840.113635.100.6.2.6] exists and
certificate leaf[field.1.2.840.113635.100.6.1.13] exists and
certificate leaf[subject.OU] = \"1AZBYCXDW9V\" ))
If you want to construct this yourself, you have to replace the identifier with your bundle identifier and the subject.OU with the value from your cert. (If you double-click it in Keychain Access, it should be listed as the Organizational Unit.) Then you can add to "Other Code Signing Flags":
--requirements "=designated ..." (the whole mess from above)
However, a much better way to do this is to use Xcode 4.3.2 or later. If it recognizes that you're using a Developer ID Application cert, and can see the intermediate cert in the keychain, it will generate this by default.
Also, if you use the Archive Organizer in Xcode to "Export Developer ID-signed Application", instead of just using the build from your target directory, it will make sure to sign your app and any other enclosed signables, and it will test that everything is setup properly. (The failures are pretty cryptic—e.g., your "Choose a Developer ID to sign with" step may just have no choices, with a message in the syslog that has no useful information—but at least the fact that it failed or succeeded narrows down where your problem is.)
Either way, you need to download and install (on your build machine) the intermediate cert, called "Developer ID Certification Authority", from the "Developer ID Intermediate Certificate" link at the Developer Certificate Utility site.
One last thing: Even if this solves your problem running on your build machine, you really want to test on the oldest OS version you support. For example, the requirements compiled by Lion's codesign sometimes can't be parsed on Leopard, or sometimes even on Snow Leopard. If that happens… see Gatekeeper vs. Leopard: an ongoing tale.
Our company is setting up another development station for the same app that will be sent away. I installed Xcode and tested the app in the simulator. I downloaded the Certificate and Provision that worked fine on my other computer. I selected the correct code signing identity and when I build it for a release to my iPad I get an error:
Code Sign error: The identity 'iPhone Developer: Person's Name (XXXXXXXX)' doesn't match any valid certificate/private key pair in the default keychain
In organizer, I click on Provision Profiles and the provision profile I downloaded. Underneath I get the warning:
A valid signing identity matching this profile could not be found in your keychain
I've looked up many, many other people that had this problem, but all seem to resolve it by deleting the cert and provision, which I never want to do! i.e., what if I want to use the same provision and cert on two different machines, or many?
I also went through deleting, recreating, deleting, rinse-repeat - but the answer was simple.
I had the same problem and solved it very simply in XCode Organizer - I'm using Version 4. All I did was go to the top Library section and select Provisioning Profiles, and import the downloaded profiles that I had received in my Safari downloads named "name.mobileprovision".
I think you just have to export the valid certs from the working computer, explained in this doc.
http://developer.apple.com/library/ios/#qa/qa2008/qa1618.html