Certificates, Identifiers & Profiles

RSS for tag

Discuss the technical details of security certificates, identifiers, and profiles used by the OS to ensure validity of apps and services on device.

Certificates, Identifiers & Profiles Documentation

Post

Replies

Boosts

Views

Activity

Can't add provisioning profile to iPhone
I've added my iPhone's correct UDID in the "Devices" section in Apple Developer account, and I created a Development Profile. I then downloaded it (as a .mobileprovision file) and am trying to add it to my connected iPhone via XCode. I'm getting this error message: Failed to install one or more provisioning profiles on the device. Please ensure the provisioning profile is configured to this device. If not, please try to regenerate a new profile. I have ensured the provisioning profile is configured to this device and have tried regenerating it. Same result. My iPhone has "Developer Mode" turned on. How do I troubleshoot this further?
1
0
671
Apr ’24
In-App Provisioning Entitlement
Hello, Can anybody help me with some info about the following situation? We have an app that is published in the store and it is used by the users. We want implement in the app the In App Provisioning flow and we are analyzing all the steps the we need to check. One of the steps is the request for a special entitlement from apple. Let's say that we've checked the following: Request In App Provisioning entitlement Receive the entitlement Create a new provisioning profile with the received entitlement Start the development of In App Provisioning flow in the app At some point a bug is identified in production and we need the develop a hotfix that needs to be published before finishing the In App Provisioning feature. Wil it be possible to publish a new version of the app that doesn't contain the In App Provisioning functionality even though we have received the entitlement from apple? Should we create a new provisioning profile without the entitlement for this new release? Please let me know if you need more info.
1
0
671
Apr ’24
Convert Service Id to App Id and create Provisioning Profiles
I have an app already uploaded to app store and its bundle id is service id not app id and i have an update with this app and when i tried to upload a new versions i found errors with bundle id registration and that is no Provisioning Profiles found for this bundle id so i tried to create new Provisioning Profiles with the service id that already connected with my app on app store connect and no luck to create Provisioning Profiles for service id and i cannot now upload a new updates
1
0
478
Apr ’24
Provisioning profile KVS identifier issue after app transfer
Hello, after migrating one of our apps, APP, from the one developer account to another, we are experiencing an issue with provisioning profiles. In the provisioning profile of APP (com.SOME.APP), we have a wrong value for the com.apple.developer.ubiquity-kvstore-identifier key used for iCloud KVS. The value is OLDTEAMID.com.SOME.APP.EXTENSION while it should be just OLDTEAMID.com.SOME.APP. The previous value must be instead present in the provisioning profiles for the EXTENSION (OLDTEAMID.com.SOME.APP.EXTENSION) for the com.apple.developer.ubiquity-kvstore-identifier key. Please let me know if you know something about this issue. This is blocking us from releasing the application. Thank you!
2
1
606
Apr ’24
How to renew ad-hoc provisioning profile without outage
Hello, We currently have an IOS Mobile app using the ad-hoc provisioning profile with a distribution certificate. We are wanting to renew the ad-hoc provisioning profile BEFORE it expires. How do i do this without causing the application to break AND prevent the user from having to re-trust the. Can i simply create a new ad-hoc provisioning profile associated with the old certificate, rebuild the app, and send the link to the user?
1
0
654
Apr ’24
key not found in keychain error when debugging on local device connected to my windows dev machine
I made some changes to my MAUI app in VS 2022 on Windows 11. I had no trouble testing my app on a locally connected iPhone before, but now when I try to debug the same app (with changes), on the same iPhone, and the same Windows machine, with the same valid certificates in the VS Apple Accounts Details, I get this error: iOS code signing key 'Apple Development: B... (...)' not found in keychain. Why is it even referring to the keychain when I'm on a Windows machine using VS2022 valid certificates in the VS Apple Accounts Details Also, I'm getting "MSB6006: 'codesign' exited with code 3." error when trying to test/debug on a remote mac machine.
1
0
612
Apr ’24
One app Multi-platform. The concern of a novice developer
Hello . Currently, only the ios version is on sale on the App Store. The application is offering an icloud-linked, auto-renewable subscription. I want to sell to the app store connect with the same identifier, AppID at the same time. I simply added visionos to the existing app project to provide the visionos version early, but the existing UI-related code and the location-related code are not compatible. We used the same identifier with the same name, duplicated and optimized only what could be implemented, and created it without any problems on the actual device. However, when I added the visionos platform to the App Store cennect and tried to upload it through the archive in the app for visionos that I created as an addition, there was an error in the identifier and provisioning, so the upload was blocked. The result of looking up to solve the problem App Group -I found out about the function, but it was judged that a separate app was for an integrated service, so it was not suitable for me. Add an APP to an existing app project via target and manually adjust the platform in Xcode -> Build Phases -> Compile Soures -> Archive upload success?( I haven't been able to implement this stage of information yet.) I explained the current situation. Please give me some advice on how to implement it.visionos has a lot of constraints, so you need to take a lot of features off.
0
0
553
Mar ’24
Developer ID certificate missing private key
Hi, I created a developer id certification from my apple developer account a couple of year ago and downloaded it as .cer file into my Laptop. Now I want to use this certificate to sign my application, but unfortunately Xcode shows an error message like 'Missing Private Key" and I can also see that there is no private key under my developer id certificate(there is no grey arrow to expand to see private cer) in keychain access. Moreover my developer account is expired and I do not want to extend it yet so unfortunately no solutions with apple developer account will work like creating a new certification etc. Do you have any other solutions like using Keychain Access or Xcode to link my private key again into my developer id certificate? Note: 1-.cer file was created on my laptop by me, which I am using now. So I would expected that the related private key should already exist in my Keychain Access(if I did not delete it mistakenly.) but I do not know which private key is the relevant one, I have several of them. 2-I have also a CertificateSigningRequest.certSigningRequest file which was copied near my .cer file. Maybe it could be useful for a solution? 3-No! unfortunately I do not have any .p12 file. 4-I had already installed current AppleWWDRCAG3 file before I import my .cer file into my Keychain Access Tool. 5-Get Info shows that my cer file is still valid till sep 2025. 6- I have already restarted my Xcode and laptop. 7-I tried all solutions here: https://stackoverflow.com/questions/12867878/missing-private-key-in-the-distribution-certificate-on-keychain 8-https://developer.apple.com/account/resources/ shows me no certificate with the reason that my membership expired 9-I removed and re-added my apple account into Xcode. the same error occurred. XCODE:Version 15.3 (15E204a) OSX:macOS Sonoma 14.2.1 Thanks a lot in advance.
1
0
1.4k
Mar ’24
Codesign fails when executed in CI runner
Hello, I am setting up a build (Gitlab CICD) runner. I create a keychain and imported certificate and my signing key. $ security find-identity -v XXXXXX "Developer ID Application: XXXXXX, INC. (XXXXXX)" (CSSMERR_TP_NOT_TRUSTED) 1 valid identities found $ security find-identity -p codesigning -v XXXXXX "Developer ID Application: XXXXXX, INC. (XXXXXX)" 1 valid identities found Codesign fails with unable to build chain to self-signed root for signer "Developer ID Application: XXXXXX, INC. (XXXXXX)" errSecInternalComponent On the local machine everything is fine. I think the point is that the identity is both valid and CSSMERR_TP_NOT_TRUSTED. What can I do about it?
1
0
598
Mar ’24
An error has occurred. Unable to display information about the selected item.
Hello, I'm have a new Macbook and setup my Enterprise account. Part of my job is to view the expiration dates on certificates for other users. This should be a simple process but when I click on the certificate, there's a button "view certificates" I should be able to click on and see the expiration date and basic details on that specific certificate. The problem I have is that when I click on "view certificates", I get the error: "An error has occurred. Unable to display information about the selected item." I've tried steps online but to no avail. How can I get this fixed? My two other coworkers are able to just click on that button and view the certificate details, except for me. I've attached the screenshot. Thank you for your help Regards JJ
6
0
719
Mar ’24
Asset validation failed (90284) Invalid Code Signing. The executable must be signed with the certificate that is contained in the provisioning profile
Electron-Builder Version: 24.12.0 Electron-Builder-notarize Version: 1.5.1 Node Version: v15.14.0 Electron Version: 11.3.0 Electron-updater version: ^4.3.5 Target: Mac Apple Store (mas) Hello, I am trying to build and sign a new version of my electron app for the mac apple store (mas), but when I get to the final step of uploading the RenderTune.pkg file to the mac transporter app, I get a failed status with 22 errors all the same formatting like so: Asset validation failed (90284) Invalid Code Signing. The executable 'com.martinbarker.digifyunique.pkg/Payload/RenderTune.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/etc....dylib' must be signed with the certificate that is contained in the provisioning profile. (ID: abc-abc-abc-abc-abc) In order to build and sign this RenderTune.pkg file, first I run the command npm run build-mas locally while on branch v1.1.5 ( code here ) Which runs the following command: "build-mas": "electron-builder build --mac && sh signmasscript.sh", So first it runs electron-builder build --mac and gives this output: Martins-MacBook-Air:rendertune-v1.1.5-feb-24 martinbarker$ npm run build-mas > rendertune@1.1.5 build-mas > electron-builder build --mac && sh signmasscript.sh • electron-builder version=24.12.0 os=20.6.0 • loaded configuration file=package.json ("build" field) • writing effective config file=dist/builder-effective-config.yaml • packaging platform=darwin arch=x64 electron=11.3.0 appOutDir=dist/mac • signing file=dist/mac/RenderTune.app platform=darwin type=distribution identity=ACBACBACBACBACBACBACBACBACB provisioningProfile=none • skipped macOS notarization reason=`notarize` options were not provided • building target=DMG arch=x64 file=dist/RenderTune-mac.dmg • building target=macOS zip arch=x64 file=dist/RenderTune-mac.zip • building block map blockMapFile=dist/RenderTune-mac.dmg.blockmap • building block map blockMapFile=dist/RenderTune-mac.zip.blockmap Completes without issue. The next part is running the signmasscript.sh file, which does complete but gives these errors: Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1 Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1 Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1 Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1 Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1 Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1 Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1 Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1 Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1 Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1 productbuild: Adding component at /Users/martinbarker/Documents/projects/rendertune-v1.1.5-feb-24/dist/mas/RenderTune.app productbuild: Signing product with identity "3rd Party Mac Developer Installer: Martin Barker (LV6WXG529F)" from keychain /Users/martinbarker/Library/Keychains/login.keychain-db productbuild: Adding certificate "Apple Worldwide Developer Relations Certification Authority" productbuild: Adding certificate "Apple Root CA" productbuild: Wrote product to /Users/martinbarker/Documents/projects/rendertune-v1.1.5-feb-24/RenderTune.pkg productbuild: Supported OS versions: [10.10.0, ) The final output RenderTune.pkg file gives 22 error messages saying `` when I try to deliver it via the mac os transport app. Asset validation failed (90284) Invalid Code Signing. The executable must be signed with the certificate that is contained in the provisioning profile Is my app even being signed correctly? Or is there just one file that I need to fix? Please help me out !
5
0
2k
Feb ’24
Distribution profile : Bundle ID mismatch issue
Hi , In one of our application we are having issues of bundle Id mismatch in the distribution profile. Say there are two applications X and Y. Issue Description : On the developer portal inside the distribution profile the App Id shown is correct I.e of X but when we download the distribution profile and open it in the textedit we can see that the bundle id is of another application i.e of Y . Due to which are are unable to submit or upload the application. 
 Note: Both of them have contact notes as additional permission.
0
0
519
Feb ’24
Developer cert says revoked on one Mac but not on another
I've installed the same developer certificate onto three different Macs. When viewed in the keychain (or in Xcode) on one Mac it says its revoked, on another it says its not trusted, but on a third there's no issue reported. How could there be a difference between the three Macs? (Both Macs have the date/time set to be the same). Can 3rd party software, VPNs etc. interfere in this at all?
1
0
556
Feb ’24