Develop Reference

Completely Remove Developer Certificate from Xcode

I created a developer certificate in Xcode by going to Preferences -> Accounts -> selecting my Apple ID (connected to my Apple developer account) -> Manage Certificates -> here the list was empty so I clicked the + and selected Apple Development. This created a certificate called MyMac (the name of the Mac machine) with creator being my Apple ID email address.
This certificate does not appear in my developer account, so I decided to delete it but instead of deleting it from Xcode, I deleted it from Keychain.
Now when I go to the signing certificates window (same steps as above), I still see the certificate but it is grayed out and the status says "Not in Keychain". The problem is I cannot delete it here in Xcode now (right click shows disabled Delete Certificate option). I cannot create a new development certificate either as it says I already have one.
I found some people saying I should revoke the certificate from my developer account but as mentioned it does not appear there.
How can I remove the certificate from the signing certificates?

You have already deleted your copy of the certificate. If your goal is to delete Apple's copy, go to the portal at developer.apple.com and delete it from "Certificates, Identifiers & Profiles" by clicking the Revoke button.
You cannot remove the certificate from any profiles you may have made using it.

Xcode -How to add a private key to Development Certificate if it's created using the Revoke button

By mistake I pressed the Revoke button.:
I went to developer.apple > Certificates I downloaded the new Development Certificate that was created from pressing the Revoke button. Afterwards one of the errors I got is
The second part of the error says the certificate needs a private key (in orange).
In Xcode > Preferences > Accounts > App ID > Team > plus sign it says the expiration of that Development Certificate is 10/30/20, 12:04 AM:
When I look in keychain the certificate with that expiration date is there but there isn't an arrow on the left of it to toggle the nested private key:
How do add a private key to the Development Certificate that was created using the Revoke button?
Btw the Distribution Certificate that was created after pressing the Revoke button did have a private key attached to it.

When you press the Revoke button you get issued a new iPhone Distribution certificate and a new iPhone Developer certificate. You can view these certificates inside the developer portal at developer.apple > certificates. Those certificates will also be inside your keychain. You use the certificate expiration dates to see which certificates correspond to what.
The problem with pressing the Revoke button is you will get a iPhone Distribution certificate with a private key but as far as the iPhone Developer certificate it won't have a private key.
If you look into your keychain you will see this pic below. Notice the iPhone Distribution certificate has a gray arrow next to it but the iPhone Developer certificate doesn't:
That will cause the following 2 errors:
It causes a cycle where you press the Revoke button again and you wind up with the same 2 errors. I'm not sure why Apple did it this way but someone definitely made a mistake.
When you go to Keychain > login > My Certificates you will only see certificates that have a private key (the gray arrow indicates that). Since the iPhone Developer certificate from pressing the Revoke button doesn't have a key it won't be in there. According to this you need that key otherwise you'll get the errors:
If your iOS developer and distribution certificates do not appear in
"My Certificates", then they are not correctly configured for use on
your Mac. Please note that "Certificates" is a repository of all
certificates your Mac holds, whereas "My Certificates" is the subset
of certificates valid for your Mac to actually use - a certificate
appearing in "Certificates" only is not enough.
If the certificate is not in My Certificates then this is most likely
because you do not have the correct key for that certificate also on
that Mac. You will need to locate the private key made for that
certificate (i.e., from the original Mac which requested the
certificate or a backup server).
As long as they do appear in My Certificates, then they key is there.
Since the iPhone Developer certificate won't appear in My Certificates the fix is after you press the Revoke button, delete the iPhone Developer certificate that it generates from BOTH the developer portal at developer.apple > certificates AND keychain. It's VERY important you delete it from keychain! Use the expiration date to locate it. Please keep the iPhone Distribution Certificate because that should work fine and have a key (indicated by the gray arrow).
After it's deletes from both BOTH places you can manually generate a developer certificate yourself following these directions:
Generate a Code Signing Certificate manually
1- Open your Keychain Access.
2- In the upper left hand corner next to the Apple sign select Keychain Access > Certificate Assistant > Request a Certificate From a Certificate Authority...
3- Fill in User Email Address(just use yours) and the Common Name (just use your name) and select Saved to Disk. I selected Let me specify key pair information (maybe it's not necessary) but on the next screen just use the Key Size: 2048 bits and algorithm: RSA. Click on Continue and save the generated certSigningRequest file to your desktop.
4- Go to https://developer.apple.com and log in to your account.
5- Select Certificates, IDs & Profiles from the left sidebar.
6- Go to Certificates and click on the + button on the top right corner.
7- Select iOS App Development and click Continue.
8- On the next page you see the instructions for creating the certSigningRequest file. Click continue.
9- Upload the created certSigningRequest (from the 3rd step, the one saved to your desktop) to the form and click continue. It will generate your code signing certificate for you.
10- Download the certificate and double click to install it. Once installed it will be added to your Keychain Access app. Assuming it saves to your download folder you can just go in there and double click it.
Once you do those steps both errors should go away.
If you continue to have errors look at the certificates in both the portal at developer.apple > certificates and keychain > My Certificates. If anything is in the portal but isn't in My Certificates then you need to find it keychain access (look in keychain > Certificates), delete it, and delete it from the portal.
It took me a while to figure this out but the expiration date is the key to locating messed up certificates.

Unfortunately there is no way to make it working. I am on Mojave so:
I Installed Big Sur on external hard drive and booted it from there.
Installex Xcode 12.
Created empty project
I am member also in paid team but this is unnecessary.
Signing and creating certificate went smoothly without errors
I selected keychain access in system preferences in iCloud.
I exported my certificates and keys to external drive partition that is visible from Mojave.
restart and boot mojave
Imported certificates
and THIS IS NOT WORKING neither for paid account nor not-paid one. My certificates are marked as not trusted and Xcode 11.2 still has problems with repair and fix things. I got 8 emails that my certificates are revoked in the process.
So this probably is a Mojave think as Apple think system is not secure. Which is funny because yesterday I installed latest security update for Mojave (after which I lost my Mac Mini built-in speakers :( )
This looks like serious bug on Apple side I reported it through Feedback assistant but I doubt they will ever fix it so for now I have to say good bye to coding for Apple platforms.

macOS installer certificate evaluation error in Keychain: Invalid Extended Key Usage

I generated a mac installer certificate for use with code signing and am getting an error that is preventing me from using certificate to sign installer
When evaluating certificate in keychain access, I got an error: Invalid Extended Key Usage.
Here is the sequence of errors when trying to evaluate an installer certificate for code signing.

I find this process works better when generating code signing keys with Xcode rather than through the Keychain access app directly. This will help you create your code signing certificate with the correct provisioning and signing parameters for the type of app you are developing. If you don't yet have a paid developer account with Apple, you can still create a self signed certificate for code signing to generate signed apps without uploading them to app store.
First you have to add your Apple ID to Accounts preferences in Xcode.
Start Xcode
Select Xcode > Preferences from the navigation bar.
At the top of the window select Accounts.
Click on the + on the lower left corner and select Add Apple ID...
A dialog will appear. Add your Apple ID and your password, then select Sign in. If you don't have an account you can create your Apple ID by selecting Create Apple ID.
Select your Apple ID and your team from the right side bar, then click on View Details....
A dialog will appear where you will see your code signing identities and the provisioning profiles.
For iOS development, under the signing identities locate the iOS Development and iOS Distribution profiles.
If you have not created them you will see a Create button next to
them.
Simply select it and Xcode will issue and download your code signing
identities for you with the correct developer certificate params for
iOS app development.
Note: If you already have Code Signing Identities issued to your developer account: you will see a Reset button next to them. You can issue new certificates with it, that Xcode will generate and download, however note that this will invalidate your previous certificate, so only do this if you've lost those files or if you know what you are doing!
In future, once you have it all working I also suggest clicking the option in Xcode to allow it to automatically manage code signing. This will automatically renew your certification whenever it expires, so there won't be extra steps to renew. This option should be available in the general project settings of your app, it can also be reached by selecting project > Targets > General > Signing
Hope that helps you, best of luck!

There are some possible reasons for certificate evaluation failure:
The certificate may be not for code signing (similar to this). In this case, you should obtain a new certificate that supports code signing.
The certificate may be for code signing but damaged (similar to this). In this case, you should delete this certificate and install it again.
Note that you can create a self-signed code signing certificate in keychain app for test purpose, following this and this tutorials. Make sure to enable it in "Get Info" > "Trust" set as "Always Trust".

Missing iOS Distribution signing identity

I deleted all my provisioning profiles from my Mac by mistake (Library/Mobile Device/Provisioning Profiles). Now, no matter what I do, Xcode gives me this error:
Missing iOS Distribution signing identity
How can I fix this?

This is the same exact error for an expired Apple cert - though I know it's not your issue, you're the #1 answer on Bing at the moment.
According to the Apple Developer Forums, the Apple Worldwide Developer Relations Intermediate Certificate Expiration expired 2/14/2016.
... This issue stems from having a copy of the expired WWDR Intermediate certificate in both your System and Login keychains. To resolve the issue, you should first download and install the new WWDR intermediate certificate (by double-clicking on the file). Next, in the Keychain Access application, select the System keychain. Make sure to select “Show Expired Certificates” in the View menu and then delete the expired version of the Apple Worldwide Developer Relations Certificate Authority Intermediate certificate (expired on February 14, 2016). Your certificates should now appear as valid in Keychain Access and be available to Xcode for submissions to the App Store.
You can get a new cert (which expires February 7, 2023). The AppleWWDRCA.cer is available on the explanation page: https://developer.apple.com/support/certificates/expiration/
BTW: it appears this new cert is installed with Xcode 7.2.1

Check here: https://forums.developer.apple.com/thread/37208
Download https://developer.apple.com/certificationauthority/AppleWWDRCA.cer and double-click to install to Keychain.
Select "View" -> "Show Expired Certificates" in Keychain app.
Remove Apple Worldwide Developer Relations Certificate Authority certificates from "login" tab and "System" tab in Keychain app.

Apparently, I was having the same issue as this question, the answer there solved my problem too!! Even though I had my WWDR certificate, re adding to the keychain solved my problem!
EDIT: Before doing this, here is what I did:
Exit xCode
Go to Keychain Access. Delete every certificate which has iOS in it's name. Do the same for keys as well.
Open up finder, press Go and press ALT, this will bring up the option to go to your Library. Click on that, find Mobile Devices -> Provisioning Profiles -> and delete everything from there.
Go to Member Center and revoke every certificate you have, delete all existing provisioning profiles.
Open xCode, open your project and in General select your team, under it you will get a warning and a button which says fix issue, click on that. After it is done, build your app to a real device(not simulator) and exit xCode.
Go to Member Center and go to Certificates, you will see that xCode has created a new one. Download that, and add it to your Keychain Access.
Add WWDR to Keychain Access.
Try archiving, it should work now!
Note: In Build Settings set code signing to automatic.

It says very clearly. I just had to delete expired certificate as described below and download new one from this link. It is all described on this page.
What should I do if Xcode doesn’t recognize my distribution
certificate? If you have a copy of the expired WWDR Intermediate
certificate in both your System and Login keychains within the
Keychain Access application, your certificates may appear as invalid
and not be recognized by Xcode. To resolve the issue, you should first
download and install the renewed certificate. Next, in the Keychain
Access application, select the System keychain. Select 'Show Expired
Certificates' in the View menu and then delete the expired version of
the Apple Worldwide Developer Relations Certificate Authority
Intermediate certificate. Your certificates should now appear as valid
in Keychain Access and be available to Xcode.

This worked for me:
Keychain Access -> View -> Show Expired Certificates
then
Keychain Access -> System tab
Locate the EXPIRED "Apple Worldwide Developer Relations Certificate Authority" certificate and delete it.

From Apple -
Thanks for bringing this to the attention of the community and
apologies for the issues you’ve been having. This issue stems from
having a copy of the expired WWDR Intermediate certificate in both
your System and Login keychains. To resolve the issue, you should
first download and install the new WWDR intermediate certificate (by
double-clicking on the file). Next, in the Keychain Access
application, select the System keychain. Make sure to select “Show
Expired Certificates” in the View menu and then delete the expired
version of the Apple Worldwide Developer Relations Certificate
Authority Intermediate certificate (expired on February 14, 2016).
Your certificates should now appear as valid in Keychain Access and be
available to Xcode for submissions to the App Store.
Also answered at https://stackoverflow.com/a/35401483/921358

First: down and install WWDR in here https://developer.apple.com/support/certificates/expiration/
Then: In Keychain Access click View and select show expired Certificates and delete them on login and System tab
Finally: Clear and Build project on Xcode
I uesed above ways to create ipa file. Hope help you.

Why is Code Signing Identity not listing my certificate?

I'm using Xcode 4 and am trying to sign my first Mac OS X application. When I go to Project -> Build Settings -> Code Signing Identity, it will list "Don't Sign", "Automatic Profile Selector", and "Other". Under "Automatic Profile Selector" it lists "3rd Party Mac Developer Application". When I build it fails and says `Code Sign error:
The identity '3rd Party Mac Developer Application' doesn't match any
valid certificate/private key pair in the default keychain
Earlier, in Organizer -> Provisiong Profiles, I did a refresh. It setup two certificates in Device -> Developer Profile. Nothing appears in Provisioning Profiles. The two certificates it shows in Developer Profile exist in my keychain as valid. I see no expired certificates even when I "show expired".
The certificates it has in Developer Profile match what's in the keychain:
3rd Party Mac Developer Installer: MyCompany, LLC
Mac Developer: My Name (SOMECODE)
I don't see these in the Code Signing Identity list, though. I even tried entering in the first one in Other, but it said it could not find it.
I have no need for entitlements, so I don't have a profile setup. And I am the company admin.
What am I doing wrong?

Ok, this turned out to be a lot simpler than I had imagined.
After I refresh and download the certs:
1) Click on My Mac under devices. And click "Add to Portal". This will download the Mac Team Provisioning Wildcard Profile
2) Create an App ID for my app (necessary for sandboxing/entitlements), through the website
3) Add a new Developer Provisioning Profile for this App ID, through the website
4) Go to Organizer and refresh.
Everything appears now.
But, I realize that for a Mac App w/ no sandboxing/entitlements, I really didn't need to do this. I could have got away with just creating the Production Provisioning Profile, since it does not require a registered device.