While trying to create a new Distribution (iOS) certificate after the
old one expired I came across the situation that we do not have the
root certificate that was originally created.
This statement doesn’t make sense. Distribution certificates are issued by Apple, and their chain of trust runs through an Apple intermediate certificate to an Apple root certificate. There’s no way to ‘lose’ those. You can get them from the Apple PKI page.
I suspect one of two possibilities here:
-
You’re having problems due to a missing intermediate certificate. See Fixing an untrusted code signing certificate.
-
You’re missing the private key associated with the public key for your distribution certificate. For the full backstory on that, see Certificate Signing Requests Explained. Fortunately that’s easy to solve [1] in your case: Create a new CSR, with a new private key, and use that to create your replacement certificate
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
[1] There are some cases where it causes real problems, most notably with Developer ID signing identities. If you’re curious, see The Care and Feeding of Developer ID. However, this is never an issue with iOS apps that ship via the App Store.
