Missing iOS Distribution signing identity - xcode

I deleted all my provisioning profiles from my Mac by mistake (Library/Mobile Device/Provisioning Profiles). Now, no matter what I do, Xcode gives me this error:
Missing iOS Distribution signing identity
How can I fix this?

This is the same exact error for an expired Apple cert - though I know it's not your issue, you're the #1 answer on Bing at the moment.
According to the Apple Developer Forums, the Apple Worldwide Developer Relations Intermediate Certificate Expiration expired 2/14/2016.
... This issue stems from having a copy of the expired WWDR Intermediate certificate in both your System and Login keychains. To resolve the issue, you should first download and install the new WWDR intermediate certificate (by double-clicking on the file). Next, in the Keychain Access application, select the System keychain. Make sure to select “Show Expired Certificates” in the View menu and then delete the expired version of the Apple Worldwide Developer Relations Certificate Authority Intermediate certificate (expired on February 14, 2016). Your certificates should now appear as valid in Keychain Access and be available to Xcode for submissions to the App Store.
You can get a new cert (which expires February 7, 2023). The AppleWWDRCA.cer is available on the explanation page: https://developer.apple.com/support/certificates/expiration/
BTW: it appears this new cert is installed with Xcode 7.2.1

Check here: https://forums.developer.apple.com/thread/37208
Download https://developer.apple.com/certificationauthority/AppleWWDRCA.cer and double-click to install to Keychain.
Select "View" -> "Show Expired Certificates" in Keychain app.
Remove Apple Worldwide Developer Relations Certificate Authority certificates from "login" tab and "System" tab in Keychain app.

Apparently, I was having the same issue as this question, the answer there solved my problem too!! Even though I had my WWDR certificate, re adding to the keychain solved my problem!
EDIT: Before doing this, here is what I did:
Exit xCode
Go to Keychain Access. Delete every certificate which has iOS in it's name. Do the same for keys as well.
Open up finder, press Go and press ALT, this will bring up the option to go to your Library. Click on that, find Mobile Devices -> Provisioning Profiles -> and delete everything from there.
Go to Member Center and revoke every certificate you have, delete all existing provisioning profiles.
Open xCode, open your project and in General select your team, under it you will get a warning and a button which says fix issue, click on that. After it is done, build your app to a real device(not simulator) and exit xCode.
Go to Member Center and go to Certificates, you will see that xCode has created a new one. Download that, and add it to your Keychain Access.
Add WWDR to Keychain Access.
Try archiving, it should work now!
Note: In Build Settings set code signing to automatic.

It says very clearly. I just had to delete expired certificate as described below and download new one from this link. It is all described on this page.
What should I do if Xcode doesn’t recognize my distribution
certificate? If you have a copy of the expired WWDR Intermediate
certificate in both your System and Login keychains within the
Keychain Access application, your certificates may appear as invalid
and not be recognized by Xcode. To resolve the issue, you should first
download and install the renewed certificate. Next, in the Keychain
Access application, select the System keychain. Select 'Show Expired
Certificates' in the View menu and then delete the expired version of
the Apple Worldwide Developer Relations Certificate Authority
Intermediate certificate. Your certificates should now appear as valid
in Keychain Access and be available to Xcode.

This worked for me:
Keychain Access -> View -> Show Expired Certificates
then
Keychain Access -> System tab
Locate the EXPIRED "Apple Worldwide Developer Relations Certificate Authority" certificate and delete it.

From Apple -
Thanks for bringing this to the attention of the community and
apologies for the issues you’ve been having. This issue stems from
having a copy of the expired WWDR Intermediate certificate in both
your System and Login keychains. To resolve the issue, you should
first download and install the new WWDR intermediate certificate (by
double-clicking on the file). Next, in the Keychain Access
application, select the System keychain. Make sure to select “Show
Expired Certificates” in the View menu and then delete the expired
version of the Apple Worldwide Developer Relations Certificate
Authority Intermediate certificate (expired on February 14, 2016).
Your certificates should now appear as valid in Keychain Access and be
available to Xcode for submissions to the App Store.
Also answered at https://stackoverflow.com/a/35401483/921358

First: down and install WWDR in here https://developer.apple.com/support/certificates/expiration/
Then: In Keychain Access click View and select show expired Certificates and delete them on login and System tab
Finally: Clear and Build project on Xcode
I uesed above ways to create ipa file. Hope help you.

Related

Completely Remove Developer Certificate from Xcode

I created a developer certificate in Xcode by going to Preferences -> Accounts -> selecting my Apple ID (connected to my Apple developer account) -> Manage Certificates -> here the list was empty so I clicked the + and selected Apple Development. This created a certificate called MyMac (the name of the Mac machine) with creator being my Apple ID email address.
This certificate does not appear in my developer account, so I decided to delete it but instead of deleting it from Xcode, I deleted it from Keychain.
Now when I go to the signing certificates window (same steps as above), I still see the certificate but it is grayed out and the status says "Not in Keychain". The problem is I cannot delete it here in Xcode now (right click shows disabled Delete Certificate option). I cannot create a new development certificate either as it says I already have one.
I found some people saying I should revoke the certificate from my developer account but as mentioned it does not appear there.
How can I remove the certificate from the signing certificates?
You have already deleted your copy of the certificate. If your goal is to delete Apple's copy, go to the portal at developer.apple.com and delete it from "Certificates, Identifiers & Profiles" by clicking the Revoke button.
You cannot remove the certificate from any profiles you may have made using it.

Xcode -How to add a private key to Development Certificate if it's created using the Revoke button

By mistake I pressed the Revoke button.:
I went to developer.apple > Certificates I downloaded the new Development Certificate that was created from pressing the Revoke button. Afterwards one of the errors I got is
The second part of the error says the certificate needs a private key (in orange).
In Xcode > Preferences > Accounts > App ID > Team > plus sign it says the expiration of that Development Certificate is 10/30/20, 12:04 AM:
When I look in keychain the certificate with that expiration date is there but there isn't an arrow on the left of it to toggle the nested private key:
How do add a private key to the Development Certificate that was created using the Revoke button?
Btw the Distribution Certificate that was created after pressing the Revoke button did have a private key attached to it.
When you press the Revoke button you get issued a new iPhone Distribution certificate and a new iPhone Developer certificate. You can view these certificates inside the developer portal at developer.apple > certificates. Those certificates will also be inside your keychain. You use the certificate expiration dates to see which certificates correspond to what.
The problem with pressing the Revoke button is you will get a iPhone Distribution certificate with a private key but as far as the iPhone Developer certificate it won't have a private key.
If you look into your keychain you will see this pic below. Notice the iPhone Distribution certificate has a gray arrow next to it but the iPhone Developer certificate doesn't:
That will cause the following 2 errors:
It causes a cycle where you press the Revoke button again and you wind up with the same 2 errors. I'm not sure why Apple did it this way but someone definitely made a mistake.
When you go to Keychain > login > My Certificates you will only see certificates that have a private key (the gray arrow indicates that). Since the iPhone Developer certificate from pressing the Revoke button doesn't have a key it won't be in there. According to this you need that key otherwise you'll get the errors:
If your iOS developer and distribution certificates do not appear in
"My Certificates", then they are not correctly configured for use on
your Mac. Please note that "Certificates" is a repository of all
certificates your Mac holds, whereas "My Certificates" is the subset
of certificates valid for your Mac to actually use - a certificate
appearing in "Certificates" only is not enough.
If the certificate is not in My Certificates then this is most likely
because you do not have the correct key for that certificate also on
that Mac. You will need to locate the private key made for that
certificate (i.e., from the original Mac which requested the
certificate or a backup server).
As long as they do appear in My Certificates, then they key is there.
Since the iPhone Developer certificate won't appear in My Certificates the fix is after you press the Revoke button, delete the iPhone Developer certificate that it generates from BOTH the developer portal at developer.apple > certificates AND keychain. It's VERY important you delete it from keychain! Use the expiration date to locate it. Please keep the iPhone Distribution Certificate because that should work fine and have a key (indicated by the gray arrow).
After it's deletes from both BOTH places you can manually generate a developer certificate yourself following these directions:
Generate a Code Signing Certificate manually
1- Open your Keychain Access.
2- In the upper left hand corner next to the Apple sign select Keychain Access > Certificate Assistant > Request a Certificate From a Certificate Authority...
3- Fill in User Email Address(just use yours) and the Common Name (just use your name) and select Saved to Disk. I selected Let me specify key pair information (maybe it's not necessary) but on the next screen just use the Key Size: 2048 bits and algorithm: RSA. Click on Continue and save the generated certSigningRequest file to your desktop.
4- Go to https://developer.apple.com and log in to your account.
5- Select Certificates, IDs & Profiles from the left sidebar.
6- Go to Certificates and click on the + button on the top right corner.
7- Select iOS App Development and click Continue.
8- On the next page you see the instructions for creating the certSigningRequest file. Click continue.
9- Upload the created certSigningRequest (from the 3rd step, the one saved to your desktop) to the form and click continue. It will generate your code signing certificate for you.
10- Download the certificate and double click to install it. Once installed it will be added to your Keychain Access app. Assuming it saves to your download folder you can just go in there and double click it.
Once you do those steps both errors should go away.
If you continue to have errors look at the certificates in both the portal at developer.apple > certificates and keychain > My Certificates. If anything is in the portal but isn't in My Certificates then you need to find it keychain access (look in keychain > Certificates), delete it, and delete it from the portal.
It took me a while to figure this out but the expiration date is the key to locating messed up certificates.
Unfortunately there is no way to make it working. I am on Mojave so:
I Installed Big Sur on external hard drive and booted it from there.
Installex Xcode 12.
Created empty project
I am member also in paid team but this is unnecessary.
Signing and creating certificate went smoothly without errors
I selected keychain access in system preferences in iCloud.
I exported my certificates and keys to external drive partition that is visible from Mojave.
restart and boot mojave
Imported certificates
and THIS IS NOT WORKING neither for paid account nor not-paid one. My certificates are marked as not trusted and Xcode 11.2 still has problems with repair and fix things. I got 8 emails that my certificates are revoked in the process.
So this probably is a Mojave think as Apple think system is not secure. Which is funny because yesterday I installed latest security update for Mojave (after which I lost my Mac Mini built-in speakers :( )
This looks like serious bug on Apple side I reported it through Feedback assistant but I doubt they will ever fix it so for now I have to say good bye to coding for Apple platforms.

"Warning: unable to build chain to self-signed root for signer" warning in Xcode 9.2

I'm attempting to migrate an Xcode project to another computer. It gives me the warning "Warning: unable to build chain to self-signed root for signer" and when it runs it crashes immediately similarly to what is shown in this Stack Overflow:
App working on simulator but not on iPhone( dyld`__abort_with_payload dyld`_dyld_start)
My issue seems similar to what is described on the Apple Developer Forums here:
https://forums.developer.apple.com/thread/86161
and similar to what is described on this Stack Overflow:
Xcode ios app development code signing
except the suggestions of deleting certificates and re-adding them, re-adding my account and restarting didn't seem to help. I have removed my developer cert for the second time and now I don't see it coming back, and I'm at a loss of knowing how to get it back since my dev portal doesn't appear to have a place to download it like it used to.
I've also tried deleting the derived data folder several times.
e: I've determined ANY project on this computer results in the same crash and warning.
If none of the other solutions work, try adding the intermediate signing certificates to your system keychain. I found this while trying to manually create provisioning profile/certificates as nothing else was working - from the Create a New Certificate step of the New Provisioning Profile process on Apple Developer platform:
To use your certificates, you must have the intermediate signing certificate in your system keychain. This is automatically installed by Xcode. However, if you need to reinstall the intermediate signing certificate click the link below:
Worldwide Developer Relations Certificate Authority (Expiring 02/07/2023)
Worldwide Developer Relations Certificate Authority (Expiring 02/20/2030)
After downloading these two files and double-clicking them to automatically add to the system keychain, the automatic provisioning profile in xcode started working (I didn't need to complete the manual provisioning profile process, but that's where I found the links)
I had the same problem and fixed with below steps:
Open Keychain Access
Select login, and click Certificates
Double click Apple Worldwide Developer Relations Certificate Authority
Expand the trust section, then next to "When using this certificate", change the setting from "Always Trust" to "Use System Defaults"
Clean the build folder and run
In my case the error was only resolved after I deleted Apple Worldwide Developer Relations Certification Authority which expires in 2023 from both System and login keychains and imported the other certificate that is valid until 2030. It seems that codesign was picking the incorrect one when both were present in the keychain.
I could fix the issue by downloading a new certificate from here and installing it.
Look at https://developer.apple.com/de/support/expiration/ for more detail.
I have been facing same issue for days now. Finally i solved it by just changing my root CA from Key Chain Access.
View in System/ Login key chains. which certificate authority is being used as signer for your personal provisioning profile's certificate. Enter a valid CA certificate and you are good to go!
Hope it helps.
Ciao!
#waaheeda's answer led me in the right direction to fix this.
I have a keychain in my repo which is used for signing on my CI. After renewing my iOS enterprise distribution certificate and provisioning profile and updating the keychain accordingly, my CI signing stopped working. Code signing worked locally on my own machine.
I suddenly stumbled upon this and found this part particular interesting:
Enterprise iOS Distribution Certificates generated after September 2, 2020 require the new intermediate certificate installed on any machines that will be code signing.
I therefore found the "Apple Worldwide Developer Relations Intermediate Certificate Expiration" in my local "login" keychain in Keychain Access and added it to the keychain in my repo, and it seems to have fixed the signing for now (and hopefully until 2030):
This is too late to answer , but if anybody still looking for solution on this thread --
this happens if you are installing certificate for the first time or installing certificate which is created on another machine
In your Xcode project go to signing capabilities enter correct bundle identifier, disable automatic signing , select appropriate profile / import / download profile
then you will find trust repair option below profile , tap on it tap on trust enter your login credentials
this will create and install following certificates
1.change the certificate trust: "Always Trust" ==> "Use System Defaults"
2.change "codesign" command ==> "sudo codesign" command
3.change the "Apple Worldwide Developer Relations Certificate Authority" certificate in login and system items trust: "Always Trust" ==> "Use System Defaults"
worked for me when use codesign command in command line
In the machine where you created the certificate
Open keychain
Look for "Apple Worldwide Developer Relations Certificate Authority"
Look at the column "Expires" and check apple.com/CertificateAuthority to see which has the same expiration
G1 Expiring 02/07/2023
G2 Expiring 05/06/2029
G3 Expiring 02/20/2030
In your ci
Install this certificate to your system keychain
a. via fastlane
import_certificate(
certificate_path: "~/Downloads/AppleWWDRCAG3.cer"
)
b. via cli
sudo security import ~/Downloads/AppleWWDRCAG3.cer \
-k /Library/Keychains/System.keychain \
-T /usr/bin/codesign \
-T /usr/bin/security \
-T /usr/bin/productbuild
In my case I had an automatically signed project and my own developer certificate was not trusted (anymore) which was apparent in Keychain > login > certificates. On my own certificate I put Always trust in the Get Info popup.
After that I had to select again the "Automatically manage signing" in the Signing & Capabilities tab, which gave an error like "Repair trust settings". After clicking that it fixed the trust of my developer CA.
Also when it was again broken after this, I copied the G3 Apple Worldwide Developer Relations CA from the login keychain (default keychain) to the System Keychain (System).
1.open xcode-> Preferences-> Accounts
2.select you appleid and click on Manage Certificates
3.click + (Add) and select Apple Development
Clean Build Folder and run project
none of those actually worked for me. I had to delete the derived data; link, remove all the certificates and reinstall them, clean cache and had to reinstall pod files. After messing around for few hours I found a proper solution.
On Xcode 13.1 and received this error when attempting to archive my app, despite it building fine on the simulator. I didn’t have to change anything with my certificates in the keychain, just cleaning the build folder worked for me.
Open “Product” menu
Select “Clean Build Folder”
Build / Archive your app
I’ve seen some other answers reference which certificates they’ve had, so I’ll just add that I also have the 2030 “Apple Worldwide Developer Relations Certification Authority” cert and the old one is still in my keychain as well, which I’ll probably need to delete at some point.
In addition to the other answers, make sure that if you are sudoed to root, exit out before you try to codesign, so that you are signing as the login user. My codesign was failing when I forgot that I was running as root.
It work for me:
macbook air,m1 2020
delete old root CA(if existed): Apple Worldwide Developer Relations Certification Authority
reinstall root CA from certificateauthority,and double click to intall.
reinstall yourself cer. example: Apple Development: XXX Tang (9DHXXX87D)

Renew iOS developer certificates

After expiring of the Apple Worldwide Developer Certificate I've installed the new AppleWWDRCA certificate.
My Developer and Distribution certificates still say, the signing authority is not valid.
In Xcode preferences/accounts there are Reset buttons next to this Signing Identities. When I click on Reset, the buttons are grayed out but nothing happens. The certificates stay invalid.
What to do?
Problem solved. I had made all things correct, but I've overseen one important:
In Keychain Access, System, Certificates -- View: Show expired certificates
Then delete all expired certificates.
If it expired then you have recreate it.

Provisioning Profile 'Valid signing identity not found' error

I have an app that is ready for testing on my iPad, and I've created a development provisioning profile, matched up the bundleID and lowered the iOS deployment target.
However when I downloaded the profile and dragged it into the organizer, it says 'Valid signing identity not found'. I'm pretty sure this has got to do with the certificates in the keychain and private keys (???) however I have no idea how to fix this problem.
Can someone please point me to a tutorial or give me some advice on adding certificates into the keychain without using Xcode; stuff like the 'use for development' button isn't working for me!
Note:
The only valid Provisioning Profiles are distribution.
When I try to click 'Renew' Xcode says 'No value was provided for the parameter 'CertificateIDs'. I hope this helps!
The .p12 file associated with your provisioning profile is not found in your system keychain.
Check the below few things!
Make sure you have enabled the correct certificate while generating the provisioning profile in the apple developer site.
Check if you have any duplicates of the your certificate & private key more than once in your keychain access.
If you do not have the .p12 corresponding to the provisioning profile, Get it exported from the mac system on which it was created & install it in your mac system.
Check your code signing identity set your profile there.
and your Provisioning profile bundle id is same as your app bundle identifier.
To do a valid code-signing - without using XCode - you need a valid certificate and key, corresponding to the provisioning profile :
check with Keychain Access that you indeed have a 'iPhone distribution' certificate, with its own private key.
Make sure this is the same certificate that was used on 'provisioning portal' to create you developement / distribution profile. If not, create a new one, or import the certificate from the other Mac you used when you created the provisioning
Download the provisioning profile, and just double-click it.
Posting this here because none of the other answers really went into enough detail to help me and I still had to figure it out on my own.
On the apple developer website, log in and under certificates click 'All'. The certificate needs to be generated on YOUR machine and with YOUR account or things do not build. This is what confused me... You can click the + icon and make a new certificate (development, or distribution). If it does not let you select for example Distribution, it's because there are already too many certificates in the account. So first, you have to delete an older certificate.
1) Delete the oldest certificate in the portal
2) Click the + and create a new certificate -- this will guide you through opening Keychain Access on your machine and requesting a certificate from apple, and you will have to save a file and upload it to the developer portal to create the certificate.
3) Download the new certificate and it will add to Keychain access
4) Go back to provisioning profiles on dev portal, click EDIT on the one you are trying to use and change it to use the newly generated certificate.
5) Download and click the provisioning profile
6) Everything works great.
This process actually was not that difficult, but for some reason I could not find the correct explanation anywhere. I hope this will help someone.
I had the same issue. I did have all the private keys and everything was correct, but xcode refused to build and kept saying that I didn't have a valid provisioning profile and organiser showed 'valid signing identity not found'.
The solution involved:
revoking my developer certificate and development provisioning profiles from the ios provisioning portal
deleting those certificates from keychain
try building again and tell xcode to 'fix issue'
This lets XCode manage the certificates, and it magically worked.
However on another project I still had the problem, and it was solved by this answer:
https://stackoverflow.com/a/18966088/1192732

Resources