I am trying to distribute an app for a friend that has already created a distribution certificate on his mac, how do I upload the app for him, because every time I download the certificate it doesn't come with a key (the gray icon key). What do I do?I believe the gray key is the private key.
You need TestFlight. Register there, and send invitation to email of your friend. He will have to open the email in his device and follow instructions. After Your friend will register his device, it will be possible for him to download and install applications from TestFlight site.
The private key can't be downloaded. It has to be exported from the keychain of the Mac that was originally used to request the Certificate from Apple.
Related
I am trying to upload a bundle to I can do Closed Testing with app on my own devices. When I try to upload I am told that I need to opt-in to "Play App Signing":
When I try to upload a private key under App integrity I am being told "The private key doesn't match the current app certificate"
How do I fix this? I don't know where the "current app certificate" is or how I would generate/upload a new certificate.
The only way I could fix this problem was to rebuild the app with completely different package names. So I changed com.myapps.thisapp to com.myapps.thisapp2 and I was able to upload.
I guess whatever keys/certificates that were on my machine from 8 years ago were needed to upload a newer version of my app.
System Preferences / Manage Certificates
The above is a picture of the System Preferences/Manage Certificates area of Xcode (rev 11).
I know this is quite messy, but I'd like to ask the community for help in cleaning up my signing certificates for Xcode.
I am to the point where I cannot Archive any app in Xcode, even a "Hello World" app, due to the state of my signing certificates. I am a paid up developer on Apple Developer.
Below is a picture of the Key Chain Access of my system.
Thanks in advance.
LeonW53
[Key Chain Access Image][1]
I am a little the wiser now.
In order to submit to the Apple App Store, you need a Distribution Certificate and an IOS Distribution Certificate. Both must have the Public and Private key.
The Private Key refers to the computer from which the app will be submitted. The Private Key is password to the Mac that will archive the app and submit.
To start, you need to go onto your distribution Mac and open the Keychain Access app (Applications/Utilities/Keychain Access). Once in, at the top of the screen, go to Keychain Access/Certificate Assistant/Request a Certificate from a Certificate Authority.
Note 1The Request requires a user email address. Use the email address that you use to log into the Apple Developer Site. You do not need a common name. Select Request is Saved to Disk and Continue. You will be allowed to pick the name and Save Folder for the Certificate. Click Save.
You can create All of your Certificates from this one Certificate Signing Request.
Go into the Apple Developer Website and sign in (you need to be paid up to do this). Use the Apple ID that you used to save the Certificate.
Go to Certificates, Identifiers and Profiles.
Click Certificates in the left column. Click the + next to Certificates to add a new Certificate.
You will be asked to what kind of Certificate to Create.
You need to select Apple Development to develop an app on your mac. You may need an iOS App Development to develop iOS apps, but I haven't found this necessary
To Upload and Distribute your app, you need Apple Distribution and iOS Distribution.
Whichever one you pick, click Continue and you will be asked to Upload a Signing Certificate Request. Here you browse to the Certificate Signing Request that you saved (Note 1 above). Click Generate and the Certificate will be created. Click Download and the Certificate will be downloaded to the Downloads folder on your Mac.
You can create several different kind of certificates and you do NOT need to re-create the CSR -- use the same one over and over.
On your Mac, you can just double click the Certificates downloaded and they will be added to your Keychain.
In XCode, select the App root of the App Folder Tree and open "Signing and Capabilities". Select the Team that you have in the Apple Developer Site from the drop down list. Also select Automatically manage signings.
Also in XCode, you go to XCode/Preferences/Accounts. You should selected the Apple ID on the left which is the same as you log into the Apple Developer Account. On the right, you can select the Team which will do the Uploading and click Manage Certificates. You need valid iOS Development, Apple Development and Apple Distribution Certificates.
Note 2 If there are any Certificates that are missing the Private Key, this is because either the CSR was generated on a different PC to your current PC or that you were not logged in as the same developer on the Apple Developer Site. This happened to me, and it was because I wasn't logged into the Developer Site the same as I have logged on my PC in System Preferences.
If you Archive, and you have missing Private Keys, the Archive will ask you to log into Keychain using the password which unlocks the PC for EACH and every missing key. Once done, the archive will be created.
Note 3Make any mistake on this, and you will generate a failed archive with a non-zero exit code. Apple provide no clue as to how to solve this.
My current situation is that I have valid Apple Development, iOS Development and Apple Distribution Certificates and I can archive. In addition to the valid Apple Distribution Certificate, I have two Apple Distribution Certificates which are missing private keys. But, I can archive the app.
Be kind and be safe all.
I created a Mac file upload client application that implements a high-performance reliable data transfer over UDP protocol, based on the UDT library.
My setup:
MacOS Mojave
Xcode 10.3
Deployment Target: 10.10 (minimum for storyboard-based forms)
Now I'm trying to figure out how to sign it properly so end users can run it without doing a Gatekeeper override.
Here's where I'm at:
I have a paid Apple Developer account, delegated to me from an organization paid Developer account
I have roles assigned to me allowing me to manage apps, certificates, provisioning, etc.
I am signed into this account under Xcode accounts under Preferences.
I have created a bundle registration under the account, copied exactly from Xcode
I have created a Mac Distribution certificate, starting with a CSR from my development machine.
I have downloaded and imported the certificate into my machine's keychain (listed as "3rd Party Mac Developer Application:...")
I have created a provisioning profile for this app, with above certificate assigned, the profile type is App Store, but I will be distributing the app myself (is there a more correct provisioning type?)
Under Entitlements I chose "Custom Network Protocol", which sounds like an accurate description of my application.
I have imported the provisioning profile into Xcode and chose it under Signing (Debug) and Signing (Release) of my project's target, it automatically populated Team (the parent organization) and the above certificate.
I changed the scheme in the project to "Release" and built it for "Running", I get a keychain access prompt during build, and signing step completes successfully
codesign -vvv -d xyz.app returns the registered bundle, certificate, team, etc, all matching the above choices.
I placed the produced .app into a .dmg image and emailed it to myself
I downloaded the .dmg on another Mac and mounted it
I tried running the .app but got the following Gatekeeper message:
"XYZ" can't be opened because it is from an unindentified developer.
Your security preferences allow installation of only apps from the App Store and identified developers.
How do I get around this so a downloaded application will have an "Open" button in the Gatekeeper prompt by default. Some applications, GIMP for example, are correctly identified, even though they did not originate from the App Store.
What do I need to to resolve this?
I kept digging at it and I found my answer:
https://developer.apple.com/documentation/xcode/notarizing_macos_software_before_distribution?language=objc
The type if certificate I needed was Developer ID and the type of provision Developer ID Application, which is what is intended for self-distribution of a signed Mac application.
After that it needs to be submitted to Apple for notarization to satisfy the requirement for 10.14.5+. After notarization had completed I was able to send the exported app to myself and it offered me an "Open" option for the app downloaded from Internet. This is the desired behavior.
It required me to request the account holder to issue me the Developer ID certificate by sending them a CSR, as Developer ID certificate option is greyed out for delegated users that are not the original developer account holder (admin role may satisfy, but I am not one so can't say).
Yay.
I want to distribute my mac application outside the App Store (as file downloadable from our servers), but every attempt to export archive from Xcode with option "Export a Developer ID-signed Application" ends with a "Permission failure":
Your account does not have permission to create Mac App Direct
Distribution certificates
I've downloaded and added all certificates to my keychain (system).
I'm using an Organization Apple Developer account, so is it possible to use this type of account to sign applications outside the App Store or must I have an Enterprise Program Account to do it? Or is there other problem?
I consulted this problem with Apple and their answer is:
You certainly don’t need an Enterprise account to distribute Developer
ID signed apps. One gotcha here is that you must be the Team Agent in
order to issue Developer ID certificates. Please double check that.
Problem was, that I have Admin role in our team, but only user with Team Agent role has permission to generate certificates for distribution of app outside the App Store (Developer-ID signed apps). So, I generated a Certificate Signing Request and sent it to our Team Agent, then he creeated and sent a certificate for me and now I can sign apps.
This seems to be a bug or poorly described feature in iTunes Connect & the Apple Developer portal.
I had a developer that joined my team, initially as a "member", but wasn't able to create certificates, even after giving him admin access. It turns out, that I believe we were only giving him admin access to Itunes connect, but not to the developer page.
The correct fix was to go to the developer portal, click the "People" tab (or go to this URL https://developer.apple.com/account/#/people/), remove his access, then use the Invite as Admins to add him to the account. He then had to go into Xcode and remove his developer account information, add it back in, and then he was finally able to upload builds to Testflight without this error.
In my case, I signed the app with another team. Change the team and re-achieve the app solves the issue.
I am trying to publish an iPhone app on my Mac. When building the application, it asks me:
"codesign wants to sign using key "Ryan Rasmussen" in your keychain."
I think that Ryan Rasmussen is my key for my computer.
I think it is supposed to use one of the keys that I installed from iTunes connect for those users.
So when I use Application loader to try to upload the app, it doesn't like the certificate.
How do I get codesign to use the correct certificate?
It sounds like your AppStore build is picking up a development certificate. Make sure that your Release target is set to iOS Distribution.
If that doesn't fix the problem, you can explicitly select the correct distribution certificate in the same setting.
If you don't see the distribution certificate in the Code signing identity dropdown menu, check that the certificate is available in Keychain Access.app. If it isn't there, you need to double click the certificate in the finder to import it.