Provisioning profile doesn't include signing certificate (Xcode 9.3) - xcode

After upgrading to macOS 10.13.4 and Xcode 9.3, my project now makes all my Provisioning Profile ineligible! They worked before upgrade.
The error message for the distribution profile is:
Provisioning profile "distribution profile name" doesn't include signing certificate "development certificate name"
So I search through the forum,
remove ALL items in keychain My Certificate
redownload the distribution profile
(double tap to install to Xcode)
create new distribution profile (double tap to install to Xcode)
recreate the Production certificate (double tap to install to Keychain)
redownload the Development certificate (double tap to install to Keychain)
So now my keychain has two production certificate (one is newly created), and one development certificate, and the error is still there. I found it weird that it asked for the development certificate in distribution profile? (I think this is a clue but I don't know why and what to do.)
So now what should I do? Please help!

I got two options for you:
1) open KeyChain and find the signing certificate that shown in the error message then delete it.
2) you specified the signing certificate in the Build Setting->Signing, so go to the Build Setting->Signing and click the Code Signing Identity. Do not select Automatic (iOS Developer or iOS Distribution), select the one of the signing certificates in the Identities in Keychain which is valid and have associated with the Provisioning Profile.

For XCode 11 and later make sure to update the profile certificate updated with "For use in Xcode 11 or later" which resolves the issue for me.

I temporary solved the issue by going into Build Settings, and manually set Code Signing Identity (the old way). "Automatically manage signing" no longer work properly, but at least it work.

"Automatically manage signing" is not working on Xcode 9.3. Code signing identify should be selected manually in Build Settings.
It is right.
You can select Code Signing Identity as iOS developer for development and iOS distribution for production in Signing of build settings.

check out screenshot it says it all...
Targets>>Build settings>>(search)Product bundle identifier>>this was wrong for me :(

You need to make sure that:
Your Apple Development -> Certificates, Identities & Profiles all have the correct provisioning profile "distribution profile name" that include signing certificate as in fig 1. below
Same inside xCode
fig 1.

"Automatically manage signing" is not working on Xcode 9.3.
Code signing identify should be selected manually in Build Settings.

I had to juggle a bit more too. I deleted my keychain, enabled and disabled autosigning before recreating my certificates.
Then I toggled the certificates in Build Settings section and finally I was able to select the correct certificates in general section.
Really missing the simplicity of signing for Android.. :P

In my case, the Provisioning Profile on developer.apple.com listed two developer certificates. One was selected, and one was not. Changed it so both were selected, saved that, installed the updated profile and that fixed it.

In my case, I changed the Provisioning Profile to solve the problem by changing the Certificate whose type is "iOS Distribution" to another Certificate whose type is "(Distribution) For use in Xcode 11 or later", then download it and import it to keyChain, select it form Xcode.

For anyone running in this issue in 2022 an later..
Sometimes it doesn't include Profiles, so go to below screen and click Edit.
Select the profiles you want to include.
After that, you can go back to xcode and download the profile again.

For me, adding the certificate to the Keychain which is linked to the provisioning profile did not help, which was very strange.
What I did to solve the issue is close XCode and re-open it, which seems stupid but worked! Apparently, it seems XCode does not dynamically read newly added certificates in the Keychain, so you have to close it (if it is kept open while adding the certificate to Keychain) and open it again.
My XCode version: 14.1

In my case I had multiple profiles and various certs. I had to go to Apple developer and edit the profile from the error, and add every cert to it, and then it worked.

in my case, previous certificate got expired , while creating the new provisional certificate i missed to select ios distribution (in house).

If you have this certificate on another machine, you can export it from keychain and import on the other.
My problem was that I didn't know how to match private keys with certificates because I used "all items" filter in KeyChain.
If you switch to Certificates private keys are arranged under certificates, so you can easily export the right pair.

Related

"Warning: unable to build chain to self-signed root for signer" warning in Xcode 9.2

I'm attempting to migrate an Xcode project to another computer. It gives me the warning "Warning: unable to build chain to self-signed root for signer" and when it runs it crashes immediately similarly to what is shown in this Stack Overflow:
App working on simulator but not on iPhone( dyld`__abort_with_payload dyld`_dyld_start)
My issue seems similar to what is described on the Apple Developer Forums here:
https://forums.developer.apple.com/thread/86161
and similar to what is described on this Stack Overflow:
Xcode ios app development code signing
except the suggestions of deleting certificates and re-adding them, re-adding my account and restarting didn't seem to help. I have removed my developer cert for the second time and now I don't see it coming back, and I'm at a loss of knowing how to get it back since my dev portal doesn't appear to have a place to download it like it used to.
I've also tried deleting the derived data folder several times.
e: I've determined ANY project on this computer results in the same crash and warning.
If none of the other solutions work, try adding the intermediate signing certificates to your system keychain. I found this while trying to manually create provisioning profile/certificates as nothing else was working - from the Create a New Certificate step of the New Provisioning Profile process on Apple Developer platform:
To use your certificates, you must have the intermediate signing certificate in your system keychain. This is automatically installed by Xcode. However, if you need to reinstall the intermediate signing certificate click the link below:
Worldwide Developer Relations Certificate Authority (Expiring 02/07/2023)
Worldwide Developer Relations Certificate Authority (Expiring 02/20/2030)
After downloading these two files and double-clicking them to automatically add to the system keychain, the automatic provisioning profile in xcode started working (I didn't need to complete the manual provisioning profile process, but that's where I found the links)
I had the same problem and fixed with below steps:
Open Keychain Access
Select login, and click Certificates
Double click Apple Worldwide Developer Relations Certificate Authority
Expand the trust section, then next to "When using this certificate", change the setting from "Always Trust" to "Use System Defaults"
Clean the build folder and run
In my case the error was only resolved after I deleted Apple Worldwide Developer Relations Certification Authority which expires in 2023 from both System and login keychains and imported the other certificate that is valid until 2030. It seems that codesign was picking the incorrect one when both were present in the keychain.
I could fix the issue by downloading a new certificate from here and installing it.
Look at https://developer.apple.com/de/support/expiration/ for more detail.
I have been facing same issue for days now. Finally i solved it by just changing my root CA from Key Chain Access.
View in System/ Login key chains. which certificate authority is being used as signer for your personal provisioning profile's certificate. Enter a valid CA certificate and you are good to go!
Hope it helps.
Ciao!
#waaheeda's answer led me in the right direction to fix this.
I have a keychain in my repo which is used for signing on my CI. After renewing my iOS enterprise distribution certificate and provisioning profile and updating the keychain accordingly, my CI signing stopped working. Code signing worked locally on my own machine.
I suddenly stumbled upon this and found this part particular interesting:
Enterprise iOS Distribution Certificates generated after September 2, 2020 require the new intermediate certificate installed on any machines that will be code signing.
I therefore found the "Apple Worldwide Developer Relations Intermediate Certificate Expiration" in my local "login" keychain in Keychain Access and added it to the keychain in my repo, and it seems to have fixed the signing for now (and hopefully until 2030):
This is too late to answer , but if anybody still looking for solution on this thread --
this happens if you are installing certificate for the first time or installing certificate which is created on another machine
In your Xcode project go to signing capabilities enter correct bundle identifier, disable automatic signing , select appropriate profile / import / download profile
then you will find trust repair option below profile , tap on it tap on trust enter your login credentials
this will create and install following certificates
1.change the certificate trust: "Always Trust" ==> "Use System Defaults"
2.change "codesign" command ==> "sudo codesign" command
3.change the "Apple Worldwide Developer Relations Certificate Authority" certificate in login and system items trust: "Always Trust" ==> "Use System Defaults"
worked for me when use codesign command in command line
In the machine where you created the certificate
Open keychain
Look for "Apple Worldwide Developer Relations Certificate Authority"
Look at the column "Expires" and check apple.com/CertificateAuthority to see which has the same expiration
G1 Expiring 02/07/2023
G2 Expiring 05/06/2029
G3 Expiring 02/20/2030
In your ci
Install this certificate to your system keychain
a. via fastlane
import_certificate(
certificate_path: "~/Downloads/AppleWWDRCAG3.cer"
)
b. via cli
sudo security import ~/Downloads/AppleWWDRCAG3.cer \
-k /Library/Keychains/System.keychain \
-T /usr/bin/codesign \
-T /usr/bin/security \
-T /usr/bin/productbuild
In my case I had an automatically signed project and my own developer certificate was not trusted (anymore) which was apparent in Keychain > login > certificates. On my own certificate I put Always trust in the Get Info popup.
After that I had to select again the "Automatically manage signing" in the Signing & Capabilities tab, which gave an error like "Repair trust settings". After clicking that it fixed the trust of my developer CA.
Also when it was again broken after this, I copied the G3 Apple Worldwide Developer Relations CA from the login keychain (default keychain) to the System Keychain (System).
1.open xcode-> Preferences-> Accounts
2.select you appleid and click on Manage Certificates
3.click + (Add) and select Apple Development
Clean Build Folder and run project
none of those actually worked for me. I had to delete the derived data; link, remove all the certificates and reinstall them, clean cache and had to reinstall pod files. After messing around for few hours I found a proper solution.
On Xcode 13.1 and received this error when attempting to archive my app, despite it building fine on the simulator. I didn’t have to change anything with my certificates in the keychain, just cleaning the build folder worked for me.
Open “Product” menu
Select “Clean Build Folder”
Build / Archive your app
I’ve seen some other answers reference which certificates they’ve had, so I’ll just add that I also have the 2030 “Apple Worldwide Developer Relations Certification Authority” cert and the old one is still in my keychain as well, which I’ll probably need to delete at some point.
In addition to the other answers, make sure that if you are sudoed to root, exit out before you try to codesign, so that you are signing as the login user. My codesign was failing when I forgot that I was running as root.
It work for me:
macbook air,m1 2020
delete old root CA(if existed): Apple Worldwide Developer Relations Certification Authority
reinstall root CA from certificateauthority,and double click to intall.
reinstall yourself cer. example: Apple Development: XXX Tang (9DHXXX87D)

Xcode 8.3.2 signing errors

I have Xcode 8.3.2 on Sierra. I am trying to build an Enterprise .ipa (have Enterprise membership).
I am having issues signing my app. Specifically in Xcode I have the following under General\Signing:
Automatically manage signing is enabled
Team: "My Team (Enterprise)"
Provisioning Profile: Xcode Managed Profile
Signing Certificate: iOS Developer
Status
Failed to create provisioning profile "com.myapp" cannot be registered to your development team. Change your bundle identifier to a unique string to try again.
No profiles for 'com.myapp' were found. Xcode couldn't find a provisioning profile matching 'com.myapp'.
My steps were:
Logged into Enterprise account at https://developer.apple.com/account/
Under Certificates, Identifiers, and Profiles I selected the Add
Selected In-House and Ad Hoc
On my MAC in the Keychain Access I selected KeyChain Access\Certificate Assistant\Request a Certificate from a Certificate Authority
Saved to my desktop
In https://developer.apple.com/account/ I uploaded the certificate signing request
I see it as a certificate as type iOS Distribution with and expiration date
I download the .cer file and double click on it to install it
Within Xcode\Preferences I find the Team under the Apple ID and under Manage Certificates I see iOS Distribution Certificates and Enterprise with today's date
I select the Download All Profiles for that team
In Xcode I select General\Signing and "My Team (Enterprise)
At this point I get the two errors described above.
I am new to Xcode development so I am sure there is something wrong with my steps.
Any insight would be greatly appreciated.
Well the solution to my issue was to do the following:
In Xcode under the "General" tab to disable Automatically manage signing
At https://developer.apple.com/account in my enterprise account under provisioning profiles I created a new distribution profile
Downloaded the profile => .mobileprovision file
Double clicked on the .mobileprovision file
With Automatically manage signing disabled I then selected the Provisioning Profile I just created and downloaded in the drop downs for Signing (Debug) and Signing (Release)
At this point I was able to archive and export an enterprise .ipa
This is the solution to my issue that's similar to this one:
Change your bundle identifier to a unique string to try again.
Your bundle identifier is already in use by other developers I guess, so just change your bundle identifier in the Identify tab right above your Signing tab to another one:
For example:
Bundle Identifier: org.react.native.example.RamenForLifeIn2022
Hope this helps :)

XCode is unable to create a distribution signing identity

I am trying to submit my app to iTunes Connect. I have submitted it before(TestFlight) but at some point my certificates have stopped working. I have tried to renew them with 2 different approaches without any success.
Approach 1: In XCode I get the error that says that the developer profile already has a distribution certificate and suggest me resetting it. Resetting results in the same pop up window so this goes into a loop and does not work.
Approach 2: If I create the certificates and profiles manually in developer portal the archiving process only works if I select the correct identities in the build settings, otherwise the build fails and XCode says that it can not find code signing identities. But I cannot submit the archive because the following error occurs:
I have also tried exporting the .ipa from the archive(to upload it with Application loader) but this does not find the signing identities as well with the same error:
So now I am trying to go the suggested route where XCode is supposed to do all the work for me.(https://developer.apple.com/library/ios/qa/qa1814/_index.html) For a clean slate I have deleted all certificates, key-pairs and provisioning profiles from my mac and developer center.
I have removed all relevant keypairs and certificates from keychain. I have deleted all the provisioning profiles from my mac. I have also deleted all certificates and profiles from the developer site. I have also deleted and re-added the developer account in XCode settings.
I set the project's build settings:
I also set the team in general tab.
Now I guess XCode is supposed to fix my signing issues but after I press fix issues below the team option in general tab
I still go to the reset development/distribution certificate loop.
One thing I notice is that XCode does generate a key-pair to the keychain but not the certificate.
How can I upload my app to iTunes Connect with or without these problems?
Im using XCode 7.2 and this is a Unity3D app.
I have removed all relevant keypairs and certificates from keychain
Okay, but that is what Xcode is complaining about (each time it says "but it is not installed locally" in all the messages you have displayed). You need the private/public certificate pairs in your keychain. If you deleted the private half of the certificates, that is a huge mistake, because you can never restore it (Apple does not have it — it is private). You now will probably have to start all over again by throwing away absolutely everything — all certificates, all provisioning — both locally and at the member center, and beginning from scratch.
This can be done, but it is not trivial, because if you launch Xcode while any remnant remains, Xcode will try to install the certificate back into your keychain. To do it, you would need to delete everything from the keychain, mobile provisions folder, and member center, with Xcode not running.
I managed to upload the package by extracting the .ipa from the archive with
xcodebuild -exportArchive -exportFormat ipa -archivePath {path-to-xcarchive} -exportProvisioningProfile {“profile name”} -exportPath ~/Desktop/MyApp.ipa
and then uploading it with Application Loader.

Xcode iOS Development signing identity

I have a problem getting a iOS Development signing identity into Xcode. I have tried loads of things to get it working but I keep failing.
I have went the automatic way and let Xcode do it all but I kept going in circles where Xcode kept saying:
No signing identity found. Xcode can request a new iOS Development
signing identity for you.
Followed by:
Your account already has a valid certificate. If you have your signing
identity on another Mac, you can import a developer profile. You can
also revoke the current certificate and request one again.
I have done many steps:
Removing my account from within Xcode's preferences.
removing everything from the key chain app.
clearing everything from within the developer member center (apple developer website)
removing all provisioning profiles
removed my device
revoked all all my certificates
restarted Xcode to perform a 'Clean' project from the Product menu.
even went into my project.pbxproj file to clear anything related to PROVISIONING_PROFILE
removed all provisioning profiles from my device.
After this I went back into Xcode:
added my account into the preferences section
clicked View Details
did a refresh
Xcode automatically creates two certificates
Xcode automatically creates provisioning profiles
Xcode only creates a single Signing Identity: only for iOS Distribution.
This is my problem: I can not get an iOS Development signing identity.
After not getting it to work I went the old fashion manual way:
first clearing everything like the above
created new certificates manually, downloaded them and added them to the key chain app.
created new provisioning profiles manually, downloaded them and dropped them onto the xcode app icon.
At the end the result is the same; When I am in Xcode > preferences > accounts > view details:
I do have a distribution signing identity
I do NOT have a development signing identity
When I click the + button under the Signing Identities and choose 'iOS Development' nothing happens..
I have found lots of posts here on StackOverflow, I tried their suggestions but it won't work for me. Examples of other posts:
here, here and here
I am working with the latest version of Xcode: 6.2.
I am working on an app which is already in the App store.
Edited:
I have also changed the code signing build settings of my project and target into Don't code sign and put it back to iOS Distribution for ad-hoc and iOS Development for Debug.
Together with a very helpful person on the Apple Developer forums we have tried to figure this out.
I was so blinded by it not working, it never came to mind to try out and build another project and to see if that would work. I was completely focused on my certificates and profiles within the member center and my account details within xcode.
When I did try to build another (random) project, it worked in one go. This told us it must had something to do with the Build Settings of that one specific project which xcode could not code sign.
At the end, in xcode I went to the Build Settings of my Target. Within the Code Signing section I changed the values of Any iOS SDK to point to a specific Identity in my Keychain instead of having them on automatic (iOS Developer / iOS Distribution).
This fixed my issue and I was able to build/deploy to my device and I was able to upload a new build to iTunes Connect.
It takes a long time, and we did all the above solutions and they didn't work at all so our team decided to remove Pod files and run pod install again. finally, our OTA uploaded ipa installed on the user's device.
best Solution
clean project menu > Product > Clean Build Folder and /Users/{you user name}/Library/Developer/Xcode/DerivedData
go to your project directory and remove Podfile.lock ,Pods
folder,pod_***.framework
run pod install again
Brabbeldas, did those build setting changes end up getting the iOS Developer certificate showing in the Xcode > Preferences > Accounts > (your account) > View Details > Signing Identities pane?
There was a transient certificate generation issue resolved yesterday (March 26) at around 2:30PM PDT which restored missing Organization Unit fields to iOS developer certificates that also exhibited this symptom (missing developer certificate in the accounts > view details > signing identities pane).
If it's still missing you are probably still affected by this problem. To confirm, double click your iPhone Developer certificate in Keychain Access. The issue is still present if the certificate is missing its Organization Unit field. If your Organization Unit field is present, you're fine. The Organization Unit should be set to the value of your Team ID.
The full symptoms of this problem are:
iOS Developer certificate either shows as Revoked, or doesn't show at all in the Preferences > Accounts > (your account) > View Details > Signing Identities pane.
frameworks signed with the certificate fail to load with dyld: Library not loaded: [your_signed_framework]
Since the certificate server issue is now fixed, resolve the problem with:
revoke affected developer certificate on the website
click the "⟳" button in Xcode > Preferences > Accounts > (your account) > View Details
regenerate any custom developer profiles on the website, download and install those into Xcode
As an additional way to diagnose the problem with signed frameworks, use codesign -dvvv your_signing_framework.dylib. The TeamIdentifier field will be not set for affected certificates instead of your Team ID.

Provisioning Profile 'Valid signing identity not found' error

I have an app that is ready for testing on my iPad, and I've created a development provisioning profile, matched up the bundleID and lowered the iOS deployment target.
However when I downloaded the profile and dragged it into the organizer, it says 'Valid signing identity not found'. I'm pretty sure this has got to do with the certificates in the keychain and private keys (???) however I have no idea how to fix this problem.
Can someone please point me to a tutorial or give me some advice on adding certificates into the keychain without using Xcode; stuff like the 'use for development' button isn't working for me!
Note:
The only valid Provisioning Profiles are distribution.
When I try to click 'Renew' Xcode says 'No value was provided for the parameter 'CertificateIDs'. I hope this helps!
The .p12 file associated with your provisioning profile is not found in your system keychain.
Check the below few things!
Make sure you have enabled the correct certificate while generating the provisioning profile in the apple developer site.
Check if you have any duplicates of the your certificate & private key more than once in your keychain access.
If you do not have the .p12 corresponding to the provisioning profile, Get it exported from the mac system on which it was created & install it in your mac system.
Check your code signing identity set your profile there.
and your Provisioning profile bundle id is same as your app bundle identifier.
To do a valid code-signing - without using XCode - you need a valid certificate and key, corresponding to the provisioning profile :
check with Keychain Access that you indeed have a 'iPhone distribution' certificate, with its own private key.
Make sure this is the same certificate that was used on 'provisioning portal' to create you developement / distribution profile. If not, create a new one, or import the certificate from the other Mac you used when you created the provisioning
Download the provisioning profile, and just double-click it.
Posting this here because none of the other answers really went into enough detail to help me and I still had to figure it out on my own.
On the apple developer website, log in and under certificates click 'All'. The certificate needs to be generated on YOUR machine and with YOUR account or things do not build. This is what confused me... You can click the + icon and make a new certificate (development, or distribution). If it does not let you select for example Distribution, it's because there are already too many certificates in the account. So first, you have to delete an older certificate.
1) Delete the oldest certificate in the portal
2) Click the + and create a new certificate -- this will guide you through opening Keychain Access on your machine and requesting a certificate from apple, and you will have to save a file and upload it to the developer portal to create the certificate.
3) Download the new certificate and it will add to Keychain access
4) Go back to provisioning profiles on dev portal, click EDIT on the one you are trying to use and change it to use the newly generated certificate.
5) Download and click the provisioning profile
6) Everything works great.
This process actually was not that difficult, but for some reason I could not find the correct explanation anywhere. I hope this will help someone.
I had the same issue. I did have all the private keys and everything was correct, but xcode refused to build and kept saying that I didn't have a valid provisioning profile and organiser showed 'valid signing identity not found'.
The solution involved:
revoking my developer certificate and development provisioning profiles from the ios provisioning portal
deleting those certificates from keychain
try building again and tell xcode to 'fix issue'
This lets XCode manage the certificates, and it magically worked.
However on another project I still had the problem, and it was solved by this answer:
https://stackoverflow.com/a/18966088/1192732

Resources