Here is what I see at Xcode -> Preferences -> Accounts:
Here is what I see at developer.apple.com -> Certificates, Identifiers & ProfilesWill:
However, according to iTunesConnect I am on another team:
How I got into this situation:
I have previously used my account to upload and release software to iTunesConnect
The admin for Kim Rubin has not made any changes to my access level in the meantime
I have purchased a new MacBook (now regretting) and allowed Xcode to create a new certificate (always clicking whatever the default Xcode response was)
Please explain why Xcode does not recognize my other team membership.
Downstream this is also causing other problems. (Specifically, I cannot upload to iTC because Xcode is trying to sign with the wrong team.) But right now I am only asking about the root cause above.
I tried to get more information in my comments, but without more information, I can explain what I think is happening. You state that your access hasn't changed, but you previously used the account to upload and submit the app through iTunes Connect. You never mention that you used your account to actually build and sign the application that you submitted. I'm guessing you either did not, or if you did it was using manual signing and the old Mac had the iOS distribution code signing identity on it.
It appears you have been granted an iTunes Connect role, but not Apple Developer role. In order to have the team show up in Xcode and allow for things like creation of a certificate / profile, you need to be at least an Admin role on the developer account. When you clicked "Fixed issue" in Xcode, because you only had your personal dev account available, Xcode tried to create a cert and profile on your new account. That will result in a build that was improperly signed, as you need it to be signed with the correct account's certificate and profile.
You can either have the owner of the account add you as a development team admin, or you can have someone on the team send you the iOS distribution certificate and provisioning profile.
In case of my team member who's role was "Customer Support", changing the role to "Developer" was not enough. The solution was to delete his account and recreate it with "Developer" role in Itunes Connect, and only after accepting new invitation the team was showing up in Xcode.
Related
I got this error when submitting an iOS app to the App Store. Product → Archive, clicking "Distribute App" in the Organizer in Xcode 10.
No accounts with App Store Connect access have been found for the team "[My Team Name]". App Store Connect access is required for App Store distribution.
I've logged into App Store Connect as the correct user account and verified that I have administrative access.
App Store Connect used to be called "iTunes Connect," and so this question was answered by another Stack Overflow answer.
When this happens to me, closing Xcode completely and re-opening it solves the problem.
Restarting Xcode fixed the problem for me, too.
Hopefully now that I've posted this question, someone can Google for "App Store Connect" and find the right answer.
Awesome. Quick restart and fixed.
If you don't have an account in App Store Connect the provided solution (i.e. closing and re-opening Xcode) will not work.
Kindly see the following section from official Apple documentation (https://developer.apple.com/support/app-store-connect/).
The person who enrolled in the Apple Developer Program is the main account holder and has the Legal role in App Store Connect, which includes binding authority for contracts, full access to App Store Connect, and more.
The Legal user can provide access to additional team members by setting up accounts for them in App Store Connect. Please note that adding members to a development team on the Apple Developer website will not automatically create accounts for those members in App Store Connect.
Add users by entering their names and email addresses in Users and Access. You can limit each user’s access level for App Store Connect and specific apps. If a user needs full access to App Store Connect, you can assign them the Admin role.
In my case, we had a lot of expired iOS distribution certificates. Yes, not Mac ones, iOS ones. Deleting those solved the problem ¯\_(ツ)_/¯
Quitting the XCode completely and restarting it still gets the issue fixed. But check if your certificates are still valid if this problem persists.
I want to distribute my mac application outside the App Store (as file downloadable from our servers), but every attempt to export archive from Xcode with option "Export a Developer ID-signed Application" ends with a "Permission failure":
Your account does not have permission to create Mac App Direct
Distribution certificates
I've downloaded and added all certificates to my keychain (system).
I'm using an Organization Apple Developer account, so is it possible to use this type of account to sign applications outside the App Store or must I have an Enterprise Program Account to do it? Or is there other problem?
I consulted this problem with Apple and their answer is:
You certainly don’t need an Enterprise account to distribute Developer
ID signed apps. One gotcha here is that you must be the Team Agent in
order to issue Developer ID certificates. Please double check that.
Problem was, that I have Admin role in our team, but only user with Team Agent role has permission to generate certificates for distribution of app outside the App Store (Developer-ID signed apps). So, I generated a Certificate Signing Request and sent it to our Team Agent, then he creeated and sent a certificate for me and now I can sign apps.
This seems to be a bug or poorly described feature in iTunes Connect & the Apple Developer portal.
I had a developer that joined my team, initially as a "member", but wasn't able to create certificates, even after giving him admin access. It turns out, that I believe we were only giving him admin access to Itunes connect, but not to the developer page.
The correct fix was to go to the developer portal, click the "People" tab (or go to this URL https://developer.apple.com/account/#/people/), remove his access, then use the Invite as Admins to add him to the account. He then had to go into Xcode and remove his developer account information, add it back in, and then he was finally able to upload builds to Testflight without this error.
In my case, I signed the app with another team. Change the team and re-achieve the app solves the issue.
The last couple of days I've struggled with code signing my cocoa app in Xcode. I've read through all similar topic that looked to be related, but nothing has helped.
Whenever I try to export my archive I get this error message:
I've tried to delete everything in my keychain and all profiles/certificates that I'm allowed to delete/revoke in the member center. However, I still get the same error with no "Fix" or "Reset" button. How should I proceed in order to get my application signed for distribution outside of store?
Go to Preferences -> Accounts, choose your account, click "View Details" in the bottom right corner and in the dialog click Download all in the bottom left corner.
Also, take a look at fastlane.tools. It is a great set of tools, which is, among other things, capable of dealing with code signing issues. Calling cert and sigh is sometimes enough to deal with many code signing-related problems.
I had installed my Developer ID Application Certificate on a different Mac and was getting the same error as in the question when I tried to use that certificate on a "new" Mac.
This fixed it for me:
I still have the other Mac so I exported the Developer Accounts from that one again:
Go to XCode | Preferences | Accounts
Click the "cog" in the bottom-left-hand-corner next the the plus and minus signs
Click "Export Developer Accounts"
Save the exported file somewhere accessible to your other Mac
Then, on my "new" Mac:
Go to XCode | Preferences | Accounts
Select the Apple ID that represents my dev certs
Click the minus sign in the bottom left hand corner to delete that account
Quit XCode
Open Key Chain Access
Delete all Developer Certificates
Close Keychain Access
Go to XCode | Preferences | Accounts
Click the "cog" in the bottom-left-hand-corner next the the plus and minus signs
Click "Import Developer Accounts"
Select the file exported on the "old" Mac above and import
I'm hitting this same issue.
The error appears to be telling you that valid Developer ID Certs have been created under your developer account, but they are not currently on your Mac, so they cannot be used.
The solution would be to download the Developer ID Cert(s) from the web. However, you likely do not have the Private Key used to sign these certs. So at this point they are rather useless.
In my case, the further problem is that I already have 5 Developer ID Certificates in my account. I'm not quite sure where these came from. They were created years ago, perhaps when I was attempting to create Mac App Store certs? Or perhaps by clicking that damn Fix Issue button...
There appears to be a limit of 5 Developer ID Certificates per developer account, by default.
Developer ID Certificates are created, now, through Xcode rather than via the Members Center:
However, in Xcode, there is no longer a button to "Create" a new cert. The only button is "Reset". This button simply links me back to the Members Center in my web browser, so is completely useless...
Via the Members Center, Developer ID Certificates cannot be revoked, as you would an iOS or Mac App Store certificate. The "Revoke" button is Grayed out.
You can’t revoke Developer ID or Pass Type ID certificates using Member Center. Instead, send a request to Apple at product-security#apple.com to revoke these types of certificates.
Apple will only revoke these certificates in cases of security, to disable installation of the app on all client machines. I've tried emailing the above address, and they told me they could not revoke the cert.
The solution, then, is to have additional Developer ID Certificate slots added to your account, past the limit of 5.
Product Security told me, rather than revoking the certs,
We encourage you to contact Apple Developer Connection at https://developer.apple.com/support/ to resolve the issue you’re experiencing.
I've now contacted developer support. I recommend calling. They are currently, hopefully, setting up new Developer ID slots on my dev account.
When you create a new Developer ID Certificate that you will actually use, be sure to back up the Certificate and Private Key so that you do not hit this issue in the future.
EDIT:
I waited for over a month, I believe, with no response. I happened to have a ticket to an Apple TV Tech Talk and talked to an Apple representative at their lab. He was able to reset my Developer ID Certificate limit in about 5 minutes. So this is possible, but to expedite the process I would attempt to talk with a Developer Evangelist at Apple either in person or over the phone.
One issue could be the private key is missing for your developer cert. With Keychain Access find your developer cert and verify it has a little triangle beside it. Click on the triangle to reveal the private key.
If it's not there you'll need to restore this private key from the Mac you created your certificate.
Otherwise, delete the cert from the Apple Developer website and then create a new one.
Same issue here but i was using "automatically manage settings" on Xcode 8. And for a particular reason there were two distribution certificates in my developer account.
Xcode seems to choose the most recent automatically and I didn't have it installed on my mac. So I switch to the old way by creating manually my app ID and my provisioning profile (which use the appropriate certificate) and it works :)
I had similar issue. I've discovered that my provisioning profile was invalid since I've updated iOS Developer certificate. After PP regeneration everything works as expected.
I ran into this same issue, and I fixed it at last. There are some tips:
in Xcode -> Preferences -> Accounts, click button View Details, then
click button Download All Profiles
in Keychain Access, check if the certificate exists. if not, choose
File->Import items, then choose the .cer file you download
from developer website
Hope it helps.
On Xcode Version 8.3.3 go to Preferences ->Accounts -> Manage Certificates -> then click (+) ->on dropdown menu click iOS Development. Do the same for iOS App Store -> Done -> Download All Profiles.
If you have changed the machine Exporting the developer account from old mac and then importing into new mac solves the problem
I have already published my app on mac store, now I want to distribute my app outside Mac Store.
I am following this tutorial by apple.
Here I am requesting for a Developer ID certificate, in Xcode->preferences->accounts->view details.
When I select the Developer ID option after clicking on the little + icon, I get following error.
I have Developer ID Certification Authority intermediate certificate in my keychain which is needed for Developer IDs
The tutorial also says> Only a team agent can request Developer ID certificates. If you’re an individual developer, you’re the team agent and can request these certificates.
You can see in the screenshot below, that I am an admin, so thats not an issue as well, what am I doing wrong?
I am not quite sure if its relevant, but upon exploring on Mac developer ceriticates, I found out that download button on Developer ID cert was disabled.
So I am thinking I must have forgot to create a developer ID, also the expiry of that cert is 2018, which seems weird.
So If at all i have not created the Developer ID for some reason, how do I create those?
So, admin of the team cannot request for developer IDs, only agent can request for developer IDs for distribution outside mac store.
The Team Agent can export the Developer ID certificates using the Keychain Access app and share the resulting .p12 file with a Team Admin. When the Team Admin opens the file on their computer and types in the password, those certificates are imported into their keychain and become accessible to XCode. The Team Admin can now create archives and export apps signed with the Developer ID (no provisioning profile needed).
If you have the Developer ID certificate and you don't have the private key, you don't have an identity and you cannot sign anything with it.
Two situations:
1. you are the team agent and therefore you can generate Developer ID certificates
2. you are an individual and again you can generate Developer Id certificates
Unless you export it, the identity will be present only on the computer you used to request the certificate. So that will be the machine where you can practically sign anything with your Developer ID certificate.
If you are a team member or admin you don't have rights to generate the Developer ID certificates and you will simply not see the option at all. Your screen shows Revoke and Download buttons disabled because they were generated by someone else and you are not allowed to use it in any way.
I have several questions about signing Mac App with Developer ID:
First of all, I'm working on a project utilizing GateKeeper. So I have to(?) sign my App with Developer ID.
Do I need a provisioning profile to sign with Developer ID?
In the build settings tab, the Developer ID certification is marked as Identities without Provisioning Profiles. Looking around in Mac Provision Portal, I found no place to generate provisioning profile to match Developer ID cert rather than submission certs.
So do I need a provisioning profile to sign with Developer ID?
After archiving my app, when I chose Export Developer ID-signed Application in the organizer, my Developer ID certification is marked with a yellow warning icon. But I can still chose the cert and sign it. Is it OK?
After signing my app, I used sudo spctl -a -v MyApp.app to test my app with sudo spctl --master-enable runed before that. The result is as followed:
EIM.app: rejected
source=Developer ID
Is this rejection related to the warning in question 2?
It's my first time distributing Mac App with Developer ID, thanks for any help.
Re: Provisioning profiles and DeveloperID— they are unnecessary. You should be able to accept your DeveloperID in the automatic section of the Code Signing Identity portion of the Build Settings. If you cannot, your key may be missing or there may be something else wrong with the database that contains the information.
First, go into Keychain Access and verify that your DeveloperID certificate has an accompanying private key associated with it (this will be visible under a disclosure triangle). If it does not, then you should go check around to see if you saved off the key related to that certificate anywhere, because if you can't find and reimport it (from, for example, a Developer Profile exported from Xcode), you will need to revoke and reissue the certificate, since there's no way to sign it.
Second, there is a known bug in 4.6.1 that can corrupt a cached database containing information from the developer portal. There's no specific indication that this behavior can be caused by this problem, but before following the next step, you might want to give it a try. Basically, you will need to quit Xcode, move aside (or delete) ~/Library/Developer/Xcode/connect1.apple.com 4.6.1.db (yes, there's a space in that file name), restart Xcode, go to the Organizer and Refresh your profiles and certificates.
If this doesn't work, you may want to consider revoking your Developer ID.
WARNING If you have successfully distributed code with the certificate, do not revoke it until you have visited Apple's web site (https://developer.apple.com/support/technical/certificates/) and thoroughly understand the implications to shipped code for revoking a developer id. Specifically that installed software will continue to work, but users will not be able to install/reinstall binaries signed with the original certificate.
If you have never successfully distributed code with the certificate (or if your key is irrecoverably lost), you may want to go to the portal and revoke and then reissue your Developer ID certificate. Once you have revoked it, you can create a new certificate by requesting a new certificate.