While trying to export a Developer ID Signed Mac application with Xcode I run into this error: "Missing Developer ID Application signing identity for (null)" How do I resolve this?
I struggled with this issue for a while so wanted to post what I found in case others run into a similar issue. I ran into the above issue after revoking my certificate while trying to export my build from a friend's machine. I found the best support by going step by step through this link:
https://developer.apple.com/library/content/documentation/IDEs/Conceptual/AppDistributionGuide/DistributingApplicationsOutside/DistributingApplicationsOutside.html
I would recommend following the steps in this link for anyone uploading a build to the Mac app store or exporting a Developer ID Signed Mac application.
There is a certificate called "Developer ID Certification Authority", this seems to be the one I was missing, and which caused the most trouble.
Another interesting thing to note is that the 10 digit letter/number ID for your Team/Distribution profile will be different than the ID for your developer profile. This should not throw you off, these two profiles work together.
Another good thing to know is that at the top of developer.apple.com there is a non-obvious drop down menu that lets you switch between iOS, tvOS, watchOS profiles and MacOS X profiles.
Another non-obvious UX issue when dealing with certificates is the system tab within Keychain Access. If you read that you should delete or change a property both within Login and within system, when they write system, they are referring to the system tab, which can be accessed within Key Chain access and can be seen at the bottom of this image:
This link is also helpful for certificate trouble shooting:
https://developer.apple.com/library/content/documentation/IDEs/Conceptual/AppDistributionGuide/Troubleshooting/Troubleshooting.html#//apple_ref/doc/uid/TP40012582-CH5-SW11
But mainly just go through the steps in the first link given for exporting a Mac App with Developer ID Signing.
Related
On a new mac, I installed xcode and needed to set up provisioning for a hello-world project to deploy to my iPad.
NOTE: I am using the new FREE provisioning (do not have a paid Apple account)
I went to Preferences/Account signed in to my Apple account
In the project, General tab, Team is set to my (free) Apple Dev account. (all seemed well, it recognized this as valid)
I tried to deploy to the iPad and I got a build error "codesign failed with exit code 1"
Supposedly this is to do with certificates. I went to Keychain Access and found "iPhone Developer: my#email.com (...)" in there, which was added when I signed in via my Apple Account.
I DELETED this key (thinking I would simply re-add my Apple Account and thus this key)
I then removed and re-added my Apple account from xcode preferences
I can sign-in, I can see it adds keys, and Keychain Access Get Info on the keys indicates no issues (valid, etc)
In xcode Preferences, when I click Manage Certificates, it shows "David's MacBook Pro (2)" and a bunch of "Untitled" keys ALL of which have a status of "Missing Private Key".
xcode/General/Status section says "The username or passphrase you entered is not correct" even though my "Team" is signed in and valid
Clicking "Try Again" shows "Waiting to repair", followed by "revoking...", followed by "Generating certificates" - which sounds promising, like it's doing exactly what I need, but then fails, private keys still missing, and back to step 9 here in a loop of hell.
ok? How do I get this resolved without flattening my OS back to factory and starting completely over?
Note: there are resolutions on SO that talk about Revoking the keys and generating new private keys from the Dev Console, like this one:
How can I add private key to the distribution certificate?
HOWEVER, on a "free" account I have NO access to the Certificates section! I can't manage anything from the Dev portal online. I do, however, see xcode specifically set up to handle certs (see step 9-10 above) but it is not working. I really don't know where to go from here. I'm new to all things Mac and iOS and xcode. Frustrated. Thanks Apple, so much for a simple on-boarding experience on a simple hello-world app.
After two bounties for this question which gave no results, I managed to find a solution to this problem.
Apparently, it was some keychain related problem.
To fix it:
Open Keychain Access on your Mac.
Right click on the "login" keychain in the left side of the window.
Press Lock keychain "login".
Then do the same to Unlock it.
Go back to Xcode and try to set your app to run with your personal account.
Solution was found using the first comment here:
https://github.com/desktop/desktop/issues/3625
I had this error and it occurred because I had moved to a new Macbook. Although there was a provisioning profile on our Apple account and it was not expired, the private key was on the old Macbook. So downloading and installing the profile did not help, as it was the private key that was missing. I revoked the provisioning profile and created a new one. I had the same issue for the distribution certificate.
If you are concerned whether revoking and creating new certificates/profiles will affect existing deployed applications, take a look at this question and the answers. The bottom line is, for applications on the app store it will have no affect, but for Enterprise Distributions, deployed applications will stop working if you revoke the provisioning profile. So if the application is on an Enterprise Account, then it is best to try find the private key in the keychain of the Macbook where it was created.
The last couple of days I've struggled with code signing my cocoa app in Xcode. I've read through all similar topic that looked to be related, but nothing has helped.
Whenever I try to export my archive I get this error message:
I've tried to delete everything in my keychain and all profiles/certificates that I'm allowed to delete/revoke in the member center. However, I still get the same error with no "Fix" or "Reset" button. How should I proceed in order to get my application signed for distribution outside of store?
Go to Preferences -> Accounts, choose your account, click "View Details" in the bottom right corner and in the dialog click Download all in the bottom left corner.
Also, take a look at fastlane.tools. It is a great set of tools, which is, among other things, capable of dealing with code signing issues. Calling cert and sigh is sometimes enough to deal with many code signing-related problems.
I had installed my Developer ID Application Certificate on a different Mac and was getting the same error as in the question when I tried to use that certificate on a "new" Mac.
This fixed it for me:
I still have the other Mac so I exported the Developer Accounts from that one again:
Go to XCode | Preferences | Accounts
Click the "cog" in the bottom-left-hand-corner next the the plus and minus signs
Click "Export Developer Accounts"
Save the exported file somewhere accessible to your other Mac
Then, on my "new" Mac:
Go to XCode | Preferences | Accounts
Select the Apple ID that represents my dev certs
Click the minus sign in the bottom left hand corner to delete that account
Quit XCode
Open Key Chain Access
Delete all Developer Certificates
Close Keychain Access
Go to XCode | Preferences | Accounts
Click the "cog" in the bottom-left-hand-corner next the the plus and minus signs
Click "Import Developer Accounts"
Select the file exported on the "old" Mac above and import
I'm hitting this same issue.
The error appears to be telling you that valid Developer ID Certs have been created under your developer account, but they are not currently on your Mac, so they cannot be used.
The solution would be to download the Developer ID Cert(s) from the web. However, you likely do not have the Private Key used to sign these certs. So at this point they are rather useless.
In my case, the further problem is that I already have 5 Developer ID Certificates in my account. I'm not quite sure where these came from. They were created years ago, perhaps when I was attempting to create Mac App Store certs? Or perhaps by clicking that damn Fix Issue button...
There appears to be a limit of 5 Developer ID Certificates per developer account, by default.
Developer ID Certificates are created, now, through Xcode rather than via the Members Center:
However, in Xcode, there is no longer a button to "Create" a new cert. The only button is "Reset". This button simply links me back to the Members Center in my web browser, so is completely useless...
Via the Members Center, Developer ID Certificates cannot be revoked, as you would an iOS or Mac App Store certificate. The "Revoke" button is Grayed out.
You can’t revoke Developer ID or Pass Type ID certificates using Member Center. Instead, send a request to Apple at product-security#apple.com to revoke these types of certificates.
Apple will only revoke these certificates in cases of security, to disable installation of the app on all client machines. I've tried emailing the above address, and they told me they could not revoke the cert.
The solution, then, is to have additional Developer ID Certificate slots added to your account, past the limit of 5.
Product Security told me, rather than revoking the certs,
We encourage you to contact Apple Developer Connection at https://developer.apple.com/support/ to resolve the issue you’re experiencing.
I've now contacted developer support. I recommend calling. They are currently, hopefully, setting up new Developer ID slots on my dev account.
When you create a new Developer ID Certificate that you will actually use, be sure to back up the Certificate and Private Key so that you do not hit this issue in the future.
EDIT:
I waited for over a month, I believe, with no response. I happened to have a ticket to an Apple TV Tech Talk and talked to an Apple representative at their lab. He was able to reset my Developer ID Certificate limit in about 5 minutes. So this is possible, but to expedite the process I would attempt to talk with a Developer Evangelist at Apple either in person or over the phone.
One issue could be the private key is missing for your developer cert. With Keychain Access find your developer cert and verify it has a little triangle beside it. Click on the triangle to reveal the private key.
If it's not there you'll need to restore this private key from the Mac you created your certificate.
Otherwise, delete the cert from the Apple Developer website and then create a new one.
Same issue here but i was using "automatically manage settings" on Xcode 8. And for a particular reason there were two distribution certificates in my developer account.
Xcode seems to choose the most recent automatically and I didn't have it installed on my mac. So I switch to the old way by creating manually my app ID and my provisioning profile (which use the appropriate certificate) and it works :)
I had similar issue. I've discovered that my provisioning profile was invalid since I've updated iOS Developer certificate. After PP regeneration everything works as expected.
I ran into this same issue, and I fixed it at last. There are some tips:
in Xcode -> Preferences -> Accounts, click button View Details, then
click button Download All Profiles
in Keychain Access, check if the certificate exists. if not, choose
File->Import items, then choose the .cer file you download
from developer website
Hope it helps.
On Xcode Version 8.3.3 go to Preferences ->Accounts -> Manage Certificates -> then click (+) ->on dropdown menu click iOS Development. Do the same for iOS App Store -> Done -> Download All Profiles.
If you have changed the machine Exporting the developer account from old mac and then importing into new mac solves the problem
I have several questions about signing Mac App with Developer ID:
First of all, I'm working on a project utilizing GateKeeper. So I have to(?) sign my App with Developer ID.
Do I need a provisioning profile to sign with Developer ID?
In the build settings tab, the Developer ID certification is marked as Identities without Provisioning Profiles. Looking around in Mac Provision Portal, I found no place to generate provisioning profile to match Developer ID cert rather than submission certs.
So do I need a provisioning profile to sign with Developer ID?
After archiving my app, when I chose Export Developer ID-signed Application in the organizer, my Developer ID certification is marked with a yellow warning icon. But I can still chose the cert and sign it. Is it OK?
After signing my app, I used sudo spctl -a -v MyApp.app to test my app with sudo spctl --master-enable runed before that. The result is as followed:
EIM.app: rejected
source=Developer ID
Is this rejection related to the warning in question 2?
It's my first time distributing Mac App with Developer ID, thanks for any help.
Re: Provisioning profiles and DeveloperID— they are unnecessary. You should be able to accept your DeveloperID in the automatic section of the Code Signing Identity portion of the Build Settings. If you cannot, your key may be missing or there may be something else wrong with the database that contains the information.
First, go into Keychain Access and verify that your DeveloperID certificate has an accompanying private key associated with it (this will be visible under a disclosure triangle). If it does not, then you should go check around to see if you saved off the key related to that certificate anywhere, because if you can't find and reimport it (from, for example, a Developer Profile exported from Xcode), you will need to revoke and reissue the certificate, since there's no way to sign it.
Second, there is a known bug in 4.6.1 that can corrupt a cached database containing information from the developer portal. There's no specific indication that this behavior can be caused by this problem, but before following the next step, you might want to give it a try. Basically, you will need to quit Xcode, move aside (or delete) ~/Library/Developer/Xcode/connect1.apple.com 4.6.1.db (yes, there's a space in that file name), restart Xcode, go to the Organizer and Refresh your profiles and certificates.
If this doesn't work, you may want to consider revoking your Developer ID.
WARNING If you have successfully distributed code with the certificate, do not revoke it until you have visited Apple's web site (https://developer.apple.com/support/technical/certificates/) and thoroughly understand the implications to shipped code for revoking a developer id. Specifically that installed software will continue to work, but users will not be able to install/reinstall binaries signed with the original certificate.
If you have never successfully distributed code with the certificate (or if your key is irrecoverably lost), you may want to go to the portal and revoke and then reissue your Developer ID certificate. Once you have revoked it, you can create a new certificate by requesting a new certificate.
I know there are other questions that are very similar to this, but their symptoms aren't quite the same as mine.
I have an app that I've been trying to submit to the App Store. I was running Xcode 3.2.6, and I kept getting an Invalid Binary error from iTunes Connect. I eventually found an answer that points to upgrading Xcode, so I downloaded 4.2.
Now the problem is that Xcode won't recognize the distribution certificate that I used for the provisioning profile. I tried adding the profile and it gives the error message in the title. Also, if I try the Automatic Device Provisioning, the Distribution profile disappears completely.
This has been causing me some trouble for quite some time now. I know I have the Distribution certificate in my Keychain, so I think that Xcode is having a hard time seeing it for some strange reason. If you have an answer, please give it. If you need more info, go ahead and ask. I just need to find a solution...
EDIT:
I'm thinking of diving into the project file through text edit and manually adding the distribution profile. At the part that says PROVISIONING_PROFILE = "", what do I put between the quotation marks?
It sounds like you might not have the private key that you used to generate the certificate with Apple originally. If you have the private key installed when you open keychain access and click on certificates there would be a disclosure triangle you should be able to drop down and see the private key for that certificate like so:
If you don't have this key you need to delete the certificate you currently have, go to the iOS provisioning portal, revoke your current certificate and create a new one. The whole process shouldn't take more than 10 minutes.
I was going to turn on code signing for my mac app so I'm able to submit the app to the mac app store. But when I select the 3rd party mac application cert for code signing it says that there were no profiles matching.
And when I'm trying to build the app like that I'm getting the error:
Code Sign error: The identity '3rd Party Mac Developer Application'
doesn't match any valid certificate/private key pair in the default
keychain
And I can't figure out why. I've tried to revoke and reinstall my certificate but that doesn't seem to help.
Here's 2 screenshots. Of the code signing part in the build settings and one from keychain access.
Maybe your able to see what's wrong?
If you need any more info please let me know! :)
Go to Build Setting --> Code Signing Identity --> Select Don't Code Sign.
it will not show Build & Error. (This will work only when you don't want to sign in).
It seems you have a missing key. I'm not sure on the reason why it's missing, but creating a new certificate will likely work.
(For other users, this solution was discussed in chat, this answer was posted here as reference.)