It's made me crazy! it's so hard upload an app to appStore!!
I'm working now with Application Loader.
I solved a lot of mistakes, and there is one more I can't, this one:
Application failed codesign verification. The signature was invalid, contains disallowed entitlements, or it was not signed with an Iphone Distribution Certificate.
I read I have to set:
Product-> Edit scene -> archive -> release.
what I'm missing?
Edit
Is that what I should have?
I think is this, but I'm having so many trouble that I'm not sure about anything!
I have this distribution certificate, next step is install, but, where should I do this? Xcode? application uploader? in the same website?
Thanks!
Try creating a Distribution Certificate:
Go to http://developer.apple.com
Click Member Center
Sign in with your apple ID
Click iOS provisioning Portal
Click Certificates
Click Distribution (From this point I'm working from memory as I have already done this)
Follow the instructions for making a certificate (this will involve Keychain Access)
Download your certificate and open it.
Go back to the provisioning portal and click provisioning
Click distribution
Make and download a distribution profile.
Install that profile.
Make sure you are building with this when you create the archive
Related
System Preferences / Manage Certificates
The above is a picture of the System Preferences/Manage Certificates area of Xcode (rev 11).
I know this is quite messy, but I'd like to ask the community for help in cleaning up my signing certificates for Xcode.
I am to the point where I cannot Archive any app in Xcode, even a "Hello World" app, due to the state of my signing certificates. I am a paid up developer on Apple Developer.
Below is a picture of the Key Chain Access of my system.
Thanks in advance.
LeonW53
[Key Chain Access Image][1]
I am a little the wiser now.
In order to submit to the Apple App Store, you need a Distribution Certificate and an IOS Distribution Certificate. Both must have the Public and Private key.
The Private Key refers to the computer from which the app will be submitted. The Private Key is password to the Mac that will archive the app and submit.
To start, you need to go onto your distribution Mac and open the Keychain Access app (Applications/Utilities/Keychain Access). Once in, at the top of the screen, go to Keychain Access/Certificate Assistant/Request a Certificate from a Certificate Authority.
Note 1The Request requires a user email address. Use the email address that you use to log into the Apple Developer Site. You do not need a common name. Select Request is Saved to Disk and Continue. You will be allowed to pick the name and Save Folder for the Certificate. Click Save.
You can create All of your Certificates from this one Certificate Signing Request.
Go into the Apple Developer Website and sign in (you need to be paid up to do this). Use the Apple ID that you used to save the Certificate.
Go to Certificates, Identifiers and Profiles.
Click Certificates in the left column. Click the + next to Certificates to add a new Certificate.
You will be asked to what kind of Certificate to Create.
You need to select Apple Development to develop an app on your mac. You may need an iOS App Development to develop iOS apps, but I haven't found this necessary
To Upload and Distribute your app, you need Apple Distribution and iOS Distribution.
Whichever one you pick, click Continue and you will be asked to Upload a Signing Certificate Request. Here you browse to the Certificate Signing Request that you saved (Note 1 above). Click Generate and the Certificate will be created. Click Download and the Certificate will be downloaded to the Downloads folder on your Mac.
You can create several different kind of certificates and you do NOT need to re-create the CSR -- use the same one over and over.
On your Mac, you can just double click the Certificates downloaded and they will be added to your Keychain.
In XCode, select the App root of the App Folder Tree and open "Signing and Capabilities". Select the Team that you have in the Apple Developer Site from the drop down list. Also select Automatically manage signings.
Also in XCode, you go to XCode/Preferences/Accounts. You should selected the Apple ID on the left which is the same as you log into the Apple Developer Account. On the right, you can select the Team which will do the Uploading and click Manage Certificates. You need valid iOS Development, Apple Development and Apple Distribution Certificates.
Note 2 If there are any Certificates that are missing the Private Key, this is because either the CSR was generated on a different PC to your current PC or that you were not logged in as the same developer on the Apple Developer Site. This happened to me, and it was because I wasn't logged into the Developer Site the same as I have logged on my PC in System Preferences.
If you Archive, and you have missing Private Keys, the Archive will ask you to log into Keychain using the password which unlocks the PC for EACH and every missing key. Once done, the archive will be created.
Note 3Make any mistake on this, and you will generate a failed archive with a non-zero exit code. Apple provide no clue as to how to solve this.
My current situation is that I have valid Apple Development, iOS Development and Apple Distribution Certificates and I can archive. In addition to the valid Apple Distribution Certificate, I have two Apple Distribution Certificates which are missing private keys. But, I can archive the app.
Be kind and be safe all.
After upgrading to macOS 10.13.4 and Xcode 9.3, my project now makes all my Provisioning Profile ineligible! They worked before upgrade.
The error message for the distribution profile is:
Provisioning profile "distribution profile name" doesn't include signing certificate "development certificate name"
So I search through the forum,
remove ALL items in keychain My Certificate
redownload the distribution profile
(double tap to install to Xcode)
create new distribution profile (double tap to install to Xcode)
recreate the Production certificate (double tap to install to Keychain)
redownload the Development certificate (double tap to install to Keychain)
So now my keychain has two production certificate (one is newly created), and one development certificate, and the error is still there. I found it weird that it asked for the development certificate in distribution profile? (I think this is a clue but I don't know why and what to do.)
So now what should I do? Please help!
I got two options for you:
1) open KeyChain and find the signing certificate that shown in the error message then delete it.
2) you specified the signing certificate in the Build Setting->Signing, so go to the Build Setting->Signing and click the Code Signing Identity. Do not select Automatic (iOS Developer or iOS Distribution), select the one of the signing certificates in the Identities in Keychain which is valid and have associated with the Provisioning Profile.
For XCode 11 and later make sure to update the profile certificate updated with "For use in Xcode 11 or later" which resolves the issue for me.
I temporary solved the issue by going into Build Settings, and manually set Code Signing Identity (the old way). "Automatically manage signing" no longer work properly, but at least it work.
"Automatically manage signing" is not working on Xcode 9.3. Code signing identify should be selected manually in Build Settings.
It is right.
You can select Code Signing Identity as iOS developer for development and iOS distribution for production in Signing of build settings.
check out screenshot it says it all...
Targets>>Build settings>>(search)Product bundle identifier>>this was wrong for me :(
You need to make sure that:
Your Apple Development -> Certificates, Identities & Profiles all have the correct provisioning profile "distribution profile name" that include signing certificate as in fig 1. below
Same inside xCode
fig 1.
"Automatically manage signing" is not working on Xcode 9.3.
Code signing identify should be selected manually in Build Settings.
I had to juggle a bit more too. I deleted my keychain, enabled and disabled autosigning before recreating my certificates.
Then I toggled the certificates in Build Settings section and finally I was able to select the correct certificates in general section.
Really missing the simplicity of signing for Android.. :P
In my case, the Provisioning Profile on developer.apple.com listed two developer certificates. One was selected, and one was not. Changed it so both were selected, saved that, installed the updated profile and that fixed it.
In my case, I changed the Provisioning Profile to solve the problem by changing the Certificate whose type is "iOS Distribution" to another Certificate whose type is "(Distribution) For use in Xcode 11 or later", then download it and import it to keyChain, select it form Xcode.
For anyone running in this issue in 2022 an later..
Sometimes it doesn't include Profiles, so go to below screen and click Edit.
Select the profiles you want to include.
After that, you can go back to xcode and download the profile again.
For me, adding the certificate to the Keychain which is linked to the provisioning profile did not help, which was very strange.
What I did to solve the issue is close XCode and re-open it, which seems stupid but worked! Apparently, it seems XCode does not dynamically read newly added certificates in the Keychain, so you have to close it (if it is kept open while adding the certificate to Keychain) and open it again.
My XCode version: 14.1
In my case I had multiple profiles and various certs. I had to go to Apple developer and edit the profile from the error, and add every cert to it, and then it worked.
in my case, previous certificate got expired , while creating the new provisional certificate i missed to select ios distribution (in house).
If you have this certificate on another machine, you can export it from keychain and import on the other.
My problem was that I didn't know how to match private keys with certificates because I used "all items" filter in KeyChain.
If you switch to Certificates private keys are arranged under certificates, so you can easily export the right pair.
I am trying to submit my app to iTunes Connect. I have submitted it before(TestFlight) but at some point my certificates have stopped working. I have tried to renew them with 2 different approaches without any success.
Approach 1: In XCode I get the error that says that the developer profile already has a distribution certificate and suggest me resetting it. Resetting results in the same pop up window so this goes into a loop and does not work.
Approach 2: If I create the certificates and profiles manually in developer portal the archiving process only works if I select the correct identities in the build settings, otherwise the build fails and XCode says that it can not find code signing identities. But I cannot submit the archive because the following error occurs:
I have also tried exporting the .ipa from the archive(to upload it with Application loader) but this does not find the signing identities as well with the same error:
So now I am trying to go the suggested route where XCode is supposed to do all the work for me.(https://developer.apple.com/library/ios/qa/qa1814/_index.html) For a clean slate I have deleted all certificates, key-pairs and provisioning profiles from my mac and developer center.
I have removed all relevant keypairs and certificates from keychain. I have deleted all the provisioning profiles from my mac. I have also deleted all certificates and profiles from the developer site. I have also deleted and re-added the developer account in XCode settings.
I set the project's build settings:
I also set the team in general tab.
Now I guess XCode is supposed to fix my signing issues but after I press fix issues below the team option in general tab
I still go to the reset development/distribution certificate loop.
One thing I notice is that XCode does generate a key-pair to the keychain but not the certificate.
How can I upload my app to iTunes Connect with or without these problems?
Im using XCode 7.2 and this is a Unity3D app.
I have removed all relevant keypairs and certificates from keychain
Okay, but that is what Xcode is complaining about (each time it says "but it is not installed locally" in all the messages you have displayed). You need the private/public certificate pairs in your keychain. If you deleted the private half of the certificates, that is a huge mistake, because you can never restore it (Apple does not have it — it is private). You now will probably have to start all over again by throwing away absolutely everything — all certificates, all provisioning — both locally and at the member center, and beginning from scratch.
This can be done, but it is not trivial, because if you launch Xcode while any remnant remains, Xcode will try to install the certificate back into your keychain. To do it, you would need to delete everything from the keychain, mobile provisions folder, and member center, with Xcode not running.
I managed to upload the package by extracting the .ipa from the archive with
xcodebuild -exportArchive -exportFormat ipa -archivePath {path-to-xcarchive} -exportProvisioningProfile {“profile name”} -exportPath ~/Desktop/MyApp.ipa
and then uploading it with Application Loader.
I am trying to publish an iPhone app on my Mac. When building the application, it asks me:
"codesign wants to sign using key "Ryan Rasmussen" in your keychain."
I think that Ryan Rasmussen is my key for my computer.
I think it is supposed to use one of the keys that I installed from iTunes connect for those users.
So when I use Application loader to try to upload the app, it doesn't like the certificate.
How do I get codesign to use the correct certificate?
It sounds like your AppStore build is picking up a development certificate. Make sure that your Release target is set to iOS Distribution.
If that doesn't fix the problem, you can explicitly select the correct distribution certificate in the same setting.
If you don't see the distribution certificate in the Code signing identity dropdown menu, check that the certificate is available in Keychain Access.app. If it isn't there, you need to double click the certificate in the finder to import it.
I have an app that is ready for testing on my iPad, and I've created a development provisioning profile, matched up the bundleID and lowered the iOS deployment target.
However when I downloaded the profile and dragged it into the organizer, it says 'Valid signing identity not found'. I'm pretty sure this has got to do with the certificates in the keychain and private keys (???) however I have no idea how to fix this problem.
Can someone please point me to a tutorial or give me some advice on adding certificates into the keychain without using Xcode; stuff like the 'use for development' button isn't working for me!
Note:
The only valid Provisioning Profiles are distribution.
When I try to click 'Renew' Xcode says 'No value was provided for the parameter 'CertificateIDs'. I hope this helps!
The .p12 file associated with your provisioning profile is not found in your system keychain.
Check the below few things!
Make sure you have enabled the correct certificate while generating the provisioning profile in the apple developer site.
Check if you have any duplicates of the your certificate & private key more than once in your keychain access.
If you do not have the .p12 corresponding to the provisioning profile, Get it exported from the mac system on which it was created & install it in your mac system.
Check your code signing identity set your profile there.
and your Provisioning profile bundle id is same as your app bundle identifier.
To do a valid code-signing - without using XCode - you need a valid certificate and key, corresponding to the provisioning profile :
check with Keychain Access that you indeed have a 'iPhone distribution' certificate, with its own private key.
Make sure this is the same certificate that was used on 'provisioning portal' to create you developement / distribution profile. If not, create a new one, or import the certificate from the other Mac you used when you created the provisioning
Download the provisioning profile, and just double-click it.
Posting this here because none of the other answers really went into enough detail to help me and I still had to figure it out on my own.
On the apple developer website, log in and under certificates click 'All'. The certificate needs to be generated on YOUR machine and with YOUR account or things do not build. This is what confused me... You can click the + icon and make a new certificate (development, or distribution). If it does not let you select for example Distribution, it's because there are already too many certificates in the account. So first, you have to delete an older certificate.
1) Delete the oldest certificate in the portal
2) Click the + and create a new certificate -- this will guide you through opening Keychain Access on your machine and requesting a certificate from apple, and you will have to save a file and upload it to the developer portal to create the certificate.
3) Download the new certificate and it will add to Keychain access
4) Go back to provisioning profiles on dev portal, click EDIT on the one you are trying to use and change it to use the newly generated certificate.
5) Download and click the provisioning profile
6) Everything works great.
This process actually was not that difficult, but for some reason I could not find the correct explanation anywhere. I hope this will help someone.
I had the same issue. I did have all the private keys and everything was correct, but xcode refused to build and kept saying that I didn't have a valid provisioning profile and organiser showed 'valid signing identity not found'.
The solution involved:
revoking my developer certificate and development provisioning profiles from the ios provisioning portal
deleting those certificates from keychain
try building again and tell xcode to 'fix issue'
This lets XCode manage the certificates, and it magically worked.
However on another project I still had the problem, and it was solved by this answer:
https://stackoverflow.com/a/18966088/1192732