I'm on a development team and I just tried to deploy a build to TestFlight. I got the error "...has iOS Distribution Certificate but its private key is not installed." The team's creator sent me his private key but I can't figure out how to then use this to validate the certificates so I can deploy a build. Do I need more than just his password? What's the next step? Thanks!
Open up the Keychain Access app and find your development certificate (its beneath the Certificates tab on the left). Click the arrow beside the certificate to reveal your private key. Replace that private key (it probably says your name) with the private key that he sent you.
Related
I have some apps already published in iTunes, I've compiled and published them from my Mac many times. Recently I was forced to reset my passwords, and then I tried to compile and XCode told me that:
a) I wasn't logged in
b) My certificate wasn't found in the keychain (Revoke)
So, ok, I logged in again and created another certificate. I read in another post that: "If you change your password for your computer after you have already created a cert, you will have to go through the process all over again and create new certs."
But now when I'm going to compile, XCode tells me that my private key can't be found in my keychain. And I can't create a new one because my app is already published. Where is it?
All the info I could find on the web tells me to contact the owner of the Mac which originally created the private key to import it to mine. But it's my Mac! Where is it? Where is the private key? Gone?
Try going into Keychain Access, type in "iPhone Developer" or "iPhone Distribution" into the search field in the top right and you'll get a list of valid and expired certificates.
As you can see from the below screenshot, I have a pile of expired ones, and one valid one. Clicking on that valid cert reveals the private key underneath it.
After I accidently deleted my local keychain... it seems I have encountered some problems. (This is my first Mac.)
In Xcode - Preferences - Accounts it has an error. If I click "View details" for my developer account, it list one signing identity called "iOS Development". However, its status is missing private key. (If I try to add one for distribution, it also pops up saying I already have one.)
As I already redownloaded both my distribution and development certificate from my developer profile and put them into my local keychain... I guess this means they somehow were not enough? Is there any other place on my Mac where I can (be lucky and) find my private key? certificate? ...
Or will I need to revoke my certificates in my developer profile? Download new certificate and create new provision profiles?
The private key is used for signing the code and the certificate is used for verifying the code. Since the private key is only stored in your keychain and you deleted it.
The only way to recover from it is to create a new developer certificate and generate a new Developer Provisioning Profile for your app.
I developed an app with using my personal Apple developer account at beginning, then I was involved to another team and get this error when exporting as ad-hoc ipa file:
What should I do?
Change Team name here.
Turn off Xcode and restart.
Archive.
You should request the distribution certificate by the correct team's private key. Open the keychain, select the team's private key, then use the key to request a certificate from apple.
I'm trying to sign an OS X installer package using the command line utility productsign, but get an error.
productsign --sign "Developer ID Installer: XYZ" input.pkg output.pkg
productsign: error: Could not find appropriate signing identity for “Developer ID Installer: XYZ”.
When I open Keychain Access, I'm able to see the cert that I created at developer.apple.com and imported into my login Keychain. Its Common Name matches my command line parameter: "Developer ID Installer: XYZ". Is there any way to debug this particular error?
I had the same issue. My installer certificate had no private key.
You can check this by opening keychain and look for your certificat named like:
Developer ID Installer: My Company (1258345791ZL)
If you there is a private key attached, you should see
Developer ID Installer: My Company (1258345791ZL)
(!) Private Key
If you cannot unfold the private key under your certificate, it means that it is missing.
Then to fix this, you have to log on to developer.apple.com with your apple ID and
1- try remove and download your certificate again
2- if this is not enough create a new with with the following steps
2a - click on the (+) or go here:
https://developer.apple.com/account/mac/certificate/distribution/create
2b - specify Production / Developer ID, then press Continue
2c - specify "Developer ID Installer"
2d - follow, the instruction to create a certificate request using keychain
2e - upload your certificate request file in apple developper
2f - download the newly created certificate in your keychain.
2g - cleanup all other installer certificate to be sure.
Et voila, you can sign.
Check for the private key in your keychain. You need both the key and the certificate to do the signing (together Apple calls this an "identity").
I had this issue and it was because I did not have the private keys. Best practice you will need CertificateSigningRequest.certSigningRequest this is as good as a private key.
sign into developer.apple.com with an apple ID that is a developer account
(you could use Xcode, but that's too hard so you can log in to your Apple Developer account in browser)
you can view existing certificates and download them but it will do you little good if you don't have the keys for them
Tell developer.apple.com you want to create a new Developer ID Installer, you will have to feed it a file explained how to make in the following step
Launch Keychain Access (these instructions mostly stolen from apple)
Choose Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority.
In the Certificate Assistant dialog, enter an email address in the User Email Address field.
In the Common Name field, enter a name for the key (for example, Gita Kumar Dev Key).
Leave the CA Email Address field empty.
Choose “Saved to disk”, and click Continue.
Feed this newly created CertificateSigningRequest.certSigningRequest file back to Safari
Download the resulting developerID_installer.cer (you now have a signed Developer ID)
Double click it to add it to the login keychain
finally productsign --sign “Developer ID Installer: Your Developer Name (1A2B3C4D5E)” ~/Desktop/example.pkg ~/Desktop/signed-example.pkg
Where can I find the private key used to generate the mac code signing certificate?
I have looked within keychain but cannot find it.
Okay quite simple now I have found the solution. In order to view the private keys used when signing you need to open keychain as root.
sudo /Applications/Utilities/Keychain\ Access.app/Contents/MacOS/Keychain\ Access
When opened view the login chain > Keys. Your private and public keys for your certificates will be found here. You can then right click to export these out.