Your account already has a valid Developer ID Application certificate - xcode

The last couple of days I've struggled with code signing my cocoa app in Xcode. I've read through all similar topic that looked to be related, but nothing has helped.
Whenever I try to export my archive I get this error message:
I've tried to delete everything in my keychain and all profiles/certificates that I'm allowed to delete/revoke in the member center. However, I still get the same error with no "Fix" or "Reset" button. How should I proceed in order to get my application signed for distribution outside of store?

Go to Preferences -> Accounts, choose your account, click "View Details" in the bottom right corner and in the dialog click Download all in the bottom left corner.
Also, take a look at fastlane.tools. It is a great set of tools, which is, among other things, capable of dealing with code signing issues. Calling cert and sigh is sometimes enough to deal with many code signing-related problems.

I had installed my Developer ID Application Certificate on a different Mac and was getting the same error as in the question when I tried to use that certificate on a "new" Mac.
This fixed it for me:
I still have the other Mac so I exported the Developer Accounts from that one again:
Go to XCode | Preferences | Accounts
Click the "cog" in the bottom-left-hand-corner next the the plus and minus signs
Click "Export Developer Accounts"
Save the exported file somewhere accessible to your other Mac
Then, on my "new" Mac:
Go to XCode | Preferences | Accounts
Select the Apple ID that represents my dev certs
Click the minus sign in the bottom left hand corner to delete that account
Quit XCode
Open Key Chain Access
Delete all Developer Certificates
Close Keychain Access
Go to XCode | Preferences | Accounts
Click the "cog" in the bottom-left-hand-corner next the the plus and minus signs
Click "Import Developer Accounts"
Select the file exported on the "old" Mac above and import

I'm hitting this same issue.
The error appears to be telling you that valid Developer ID Certs have been created under your developer account, but they are not currently on your Mac, so they cannot be used.
The solution would be to download the Developer ID Cert(s) from the web. However, you likely do not have the Private Key used to sign these certs. So at this point they are rather useless.
In my case, the further problem is that I already have 5 Developer ID Certificates in my account. I'm not quite sure where these came from. They were created years ago, perhaps when I was attempting to create Mac App Store certs? Or perhaps by clicking that damn Fix Issue button...
There appears to be a limit of 5 Developer ID Certificates per developer account, by default.
Developer ID Certificates are created, now, through Xcode rather than via the Members Center:
However, in Xcode, there is no longer a button to "Create" a new cert. The only button is "Reset". This button simply links me back to the Members Center in my web browser, so is completely useless...
Via the Members Center, Developer ID Certificates cannot be revoked, as you would an iOS or Mac App Store certificate. The "Revoke" button is Grayed out.
You can’t revoke Developer ID or Pass Type ID certificates using Member Center. Instead, send a request to Apple at product-security#apple.com to revoke these types of certificates.
Apple will only revoke these certificates in cases of security, to disable installation of the app on all client machines. I've tried emailing the above address, and they told me they could not revoke the cert.
The solution, then, is to have additional Developer ID Certificate slots added to your account, past the limit of 5.
Product Security told me, rather than revoking the certs,
We encourage you to contact Apple Developer Connection at https://developer.apple.com/support/ to resolve the issue you’re experiencing.
I've now contacted developer support. I recommend calling. They are currently, hopefully, setting up new Developer ID slots on my dev account.
When you create a new Developer ID Certificate that you will actually use, be sure to back up the Certificate and Private Key so that you do not hit this issue in the future.
EDIT:
I waited for over a month, I believe, with no response. I happened to have a ticket to an Apple TV Tech Talk and talked to an Apple representative at their lab. He was able to reset my Developer ID Certificate limit in about 5 minutes. So this is possible, but to expedite the process I would attempt to talk with a Developer Evangelist at Apple either in person or over the phone.

One issue could be the private key is missing for your developer cert. With Keychain Access find your developer cert and verify it has a little triangle beside it. Click on the triangle to reveal the private key.
If it's not there you'll need to restore this private key from the Mac you created your certificate.
Otherwise, delete the cert from the Apple Developer website and then create a new one.

Same issue here but i was using "automatically manage settings" on Xcode 8. And for a particular reason there were two distribution certificates in my developer account.
Xcode seems to choose the most recent automatically and I didn't have it installed on my mac. So I switch to the old way by creating manually my app ID and my provisioning profile (which use the appropriate certificate) and it works :)

I had similar issue. I've discovered that my provisioning profile was invalid since I've updated iOS Developer certificate. After PP regeneration everything works as expected.

I ran into this same issue, and I fixed it at last. There are some tips:
in Xcode -> Preferences -> Accounts, click button View Details, then
click button Download All Profiles
in Keychain Access, check if the certificate exists. if not, choose
File->Import items, then choose the .cer file you download
from developer website
Hope it helps.

On Xcode Version 8.3.3 go to Preferences ->Accounts -> Manage Certificates -> then click (+) ->on dropdown menu click iOS Development. Do the same for iOS App Store -> Done -> Download All Profiles.

If you have changed the machine Exporting the developer account from old mac and then importing into new mac solves the problem

Related

How do I resolve problems with my Signing Certificates in Xcode

System Preferences / Manage Certificates
The above is a picture of the System Preferences/Manage Certificates area of Xcode (rev 11).
I know this is quite messy, but I'd like to ask the community for help in cleaning up my signing certificates for Xcode.
I am to the point where I cannot Archive any app in Xcode, even a "Hello World" app, due to the state of my signing certificates. I am a paid up developer on Apple Developer.
Below is a picture of the Key Chain Access of my system.
Thanks in advance.
LeonW53
[Key Chain Access Image][1]
I am a little the wiser now.
In order to submit to the Apple App Store, you need a Distribution Certificate and an IOS Distribution Certificate. Both must have the Public and Private key.
The Private Key refers to the computer from which the app will be submitted. The Private Key is password to the Mac that will archive the app and submit.
To start, you need to go onto your distribution Mac and open the Keychain Access app (Applications/Utilities/Keychain Access). Once in, at the top of the screen, go to Keychain Access/Certificate Assistant/Request a Certificate from a Certificate Authority.
Note 1The Request requires a user email address. Use the email address that you use to log into the Apple Developer Site. You do not need a common name. Select Request is Saved to Disk and Continue. You will be allowed to pick the name and Save Folder for the Certificate. Click Save.
You can create All of your Certificates from this one Certificate Signing Request.
Go into the Apple Developer Website and sign in (you need to be paid up to do this). Use the Apple ID that you used to save the Certificate.
Go to Certificates, Identifiers and Profiles.
Click Certificates in the left column. Click the + next to Certificates to add a new Certificate.
You will be asked to what kind of Certificate to Create.
You need to select Apple Development to develop an app on your mac. You may need an iOS App Development to develop iOS apps, but I haven't found this necessary
To Upload and Distribute your app, you need Apple Distribution and iOS Distribution.
Whichever one you pick, click Continue and you will be asked to Upload a Signing Certificate Request. Here you browse to the Certificate Signing Request that you saved (Note 1 above). Click Generate and the Certificate will be created. Click Download and the Certificate will be downloaded to the Downloads folder on your Mac.
You can create several different kind of certificates and you do NOT need to re-create the CSR -- use the same one over and over.
On your Mac, you can just double click the Certificates downloaded and they will be added to your Keychain.
In XCode, select the App root of the App Folder Tree and open "Signing and Capabilities". Select the Team that you have in the Apple Developer Site from the drop down list. Also select Automatically manage signings.
Also in XCode, you go to XCode/Preferences/Accounts. You should selected the Apple ID on the left which is the same as you log into the Apple Developer Account. On the right, you can select the Team which will do the Uploading and click Manage Certificates. You need valid iOS Development, Apple Development and Apple Distribution Certificates.
Note 2 If there are any Certificates that are missing the Private Key, this is because either the CSR was generated on a different PC to your current PC or that you were not logged in as the same developer on the Apple Developer Site. This happened to me, and it was because I wasn't logged into the Developer Site the same as I have logged on my PC in System Preferences.
If you Archive, and you have missing Private Keys, the Archive will ask you to log into Keychain using the password which unlocks the PC for EACH and every missing key. Once done, the archive will be created.
Note 3Make any mistake on this, and you will generate a failed archive with a non-zero exit code. Apple provide no clue as to how to solve this.
My current situation is that I have valid Apple Development, iOS Development and Apple Distribution Certificates and I can archive. In addition to the valid Apple Distribution Certificate, I have two Apple Distribution Certificates which are missing private keys. But, I can archive the app.
Be kind and be safe all.

How do I fix "Missing Private Key" for xcode apple provisioning?

On a new mac, I installed xcode and needed to set up provisioning for a hello-world project to deploy to my iPad.
NOTE: I am using the new FREE provisioning (do not have a paid Apple account)
I went to Preferences/Account signed in to my Apple account
In the project, General tab, Team is set to my (free) Apple Dev account. (all seemed well, it recognized this as valid)
I tried to deploy to the iPad and I got a build error "codesign failed with exit code 1"
Supposedly this is to do with certificates. I went to Keychain Access and found "iPhone Developer: my#email.com (...)" in there, which was added when I signed in via my Apple Account.
I DELETED this key (thinking I would simply re-add my Apple Account and thus this key)
I then removed and re-added my Apple account from xcode preferences
I can sign-in, I can see it adds keys, and Keychain Access Get Info on the keys indicates no issues (valid, etc)
In xcode Preferences, when I click Manage Certificates, it shows "David's MacBook Pro (2)" and a bunch of "Untitled" keys ALL of which have a status of "Missing Private Key".
xcode/General/Status section says "The username or passphrase you entered is not correct" even though my "Team" is signed in and valid
Clicking "Try Again" shows "Waiting to repair", followed by "revoking...", followed by "Generating certificates" - which sounds promising, like it's doing exactly what I need, but then fails, private keys still missing, and back to step 9 here in a loop of hell.
ok? How do I get this resolved without flattening my OS back to factory and starting completely over?
Note: there are resolutions on SO that talk about Revoking the keys and generating new private keys from the Dev Console, like this one:
How can I add private key to the distribution certificate?
HOWEVER, on a "free" account I have NO access to the Certificates section! I can't manage anything from the Dev portal online. I do, however, see xcode specifically set up to handle certs (see step 9-10 above) but it is not working. I really don't know where to go from here. I'm new to all things Mac and iOS and xcode. Frustrated. Thanks Apple, so much for a simple on-boarding experience on a simple hello-world app.
After two bounties for this question which gave no results, I managed to find a solution to this problem.
Apparently, it was some keychain related problem.
To fix it:
Open Keychain Access on your Mac.
Right click on the "login" keychain in the left side of the window.
Press Lock keychain "login".
Then do the same to Unlock it.
Go back to Xcode and try to set your app to run with your personal account.
Solution was found using the first comment here:
https://github.com/desktop/desktop/issues/3625
I had this error and it occurred because I had moved to a new Macbook. Although there was a provisioning profile on our Apple account and it was not expired, the private key was on the old Macbook. So downloading and installing the profile did not help, as it was the private key that was missing. I revoked the provisioning profile and created a new one. I had the same issue for the distribution certificate.
If you are concerned whether revoking and creating new certificates/profiles will affect existing deployed applications, take a look at this question and the answers. The bottom line is, for applications on the app store it will have no affect, but for Enterprise Distributions, deployed applications will stop working if you revoke the provisioning profile. So if the application is on an Enterprise Account, then it is best to try find the private key in the keychain of the Macbook where it was created.

Xcode does not show all my teams

Here is what I see at Xcode -> Preferences -> Accounts:
Here is what I see at developer.apple.com -> Certificates, Identifiers & ProfilesWill:
However, according to iTunesConnect I am on another team:
How I got into this situation:
I have previously used my account to upload and release software to iTunesConnect
The admin for Kim Rubin has not made any changes to my access level in the meantime
I have purchased a new MacBook (now regretting) and allowed Xcode to create a new certificate (always clicking whatever the default Xcode response was)
Please explain why Xcode does not recognize my other team membership.
Downstream this is also causing other problems. (Specifically, I cannot upload to iTC because Xcode is trying to sign with the wrong team.) But right now I am only asking about the root cause above.
I tried to get more information in my comments, but without more information, I can explain what I think is happening. You state that your access hasn't changed, but you previously used the account to upload and submit the app through iTunes Connect. You never mention that you used your account to actually build and sign the application that you submitted. I'm guessing you either did not, or if you did it was using manual signing and the old Mac had the iOS distribution code signing identity on it.
It appears you have been granted an iTunes Connect role, but not Apple Developer role. In order to have the team show up in Xcode and allow for things like creation of a certificate / profile, you need to be at least an Admin role on the developer account. When you clicked "Fixed issue" in Xcode, because you only had your personal dev account available, Xcode tried to create a cert and profile on your new account. That will result in a build that was improperly signed, as you need it to be signed with the correct account's certificate and profile.
You can either have the owner of the account add you as a development team admin, or you can have someone on the team send you the iOS distribution certificate and provisioning profile.
In case of my team member who's role was "Customer Support", changing the role to "Developer" was not enough. The solution was to delete his account and recreate it with "Developer" role in Itunes Connect, and only after accepting new invitation the team was showing up in Xcode.

Can't create Developer ID Application code signing identity in Xcode

I can't create a signing identity from Xcode for Developer ID Application.
Xcodeshows the Reset button and clicking that Reset button simply opens developer.apple.com
I have tried creating a new Developer ID Application certificate from the developer.apple.com website and installed it in Keychain Access but Xcode still shows the Reset button. I've tried removing all the previous Developer ID certificates and public and private keys from Keychain Access but the button still says Reset instead of Create.
I've tried installing Xcode on another Mac and when clicking the Create button for Developer ID Application I get a popup saying:
Your account already has a valid Developer ID Application certificate
but it is not installed locally
and then Xcode crashes.
Therefore I ended up with multiple Developer ID Application certificates created in my account but I can't use any of them.
Is there any way to remove those Developer ID application certificates from my developer account and start fresh?
Hopefully this will make Xcode show the "Create" button instead of "Reset" on my Mac.
This is Xcode 7.1.1 on OSX 10.11.1
Any help is highly appreciated.
I had the same problem. And never resolved the fact that the date on the new certificate ending in 2019 and the one that kept showing up, and I kept deleting had 2017. Finally, With Developer ID chosen I switched from my team name to "none." a dialogue came up asking me to ID myself. So I chose my team name in the dialogue. Then everything worked!
If you want to delete them you can do that by clicking on whichever certificate you want to delete and then clicking revoke. At that point if you still have any certificates in your keychain access, delete those as well. From there create a new certificate try downloading it and opening it to add it to your keychain and then seeing if it works in Xcode.
The Private Key for a Developer ID Certificate Is Missing
Optionally, contact Apple at product-security#apple.com if you need to revoke Developer ID certificates. Alternatively, you can continue to develop and distribute apps by creating additional Developer ID certificates, as described in Creating Additional Developer ID Certificates.
https://developer.apple.com/library/ios/documentation/IDEs/Conceptual/AppDistributionGuide/Troubleshooting/Troubleshooting.html

no valid keychain for xcode

after 6 month of break I try to finish my first app.
After I downloaded the new XCode and the new SDK (I needed it, because old XCode and SDK was 4.3, my iPhone was on 5.0.1) I try to build, but it told me my signiture was to old.
So I cleared all things I have found in my keychain: certificates, keys and so on.
I remember that it is a really really mess, but I tried the last 5 hours withour writing a single line of code...
At the moment I created a new certificate in the Apple Online Portal.
I downloaded and double click it, so it's in the Organizer now.
The error from XCode when try to start on my device is now:
There are no valid certificate/private key pairs in the default keychain
Can someone help me? (Skype would be nice), I am really lost in this after 5 ours of triend all I found on google and get very very lost.
When you are installing certificates first time you will have to install "Apple Worldwide Developer Relations Certification Authority".
Check whether it is available in the system tab of keychain access.
If you double click the certificate and provide password, it may be possible that it gets added to system tab. So make sure it is added to the login tab.You can just drag and drop the certificate from system to login.
In xcode organiser window you should see the provisioning profiles. If you don't see your profile there install the profile double clicking it. Also check profiles' expiry date.!
Hope this Helps!

Resources