Expired code signing certificate
tatiang
Member, Sous Chef, PRO, Senior Sous-Chef Posts: 11,949
It's been a while since I published anything and I'm running into common problems I've read about in the forums. Specifically, my Apple Code Signing Certification Authority has expired and I'm trying to figure out how to renew it.
Apple's instructions at https://developer.apple.com/library/content/documentation/IDEs/Conceptual/AppDistributionGuide/MaintainingCertificates/MaintainingCertificates.html and https://developer.apple.com/support/code-signing/ haven't seemed to help as I keep double-checking private keys, iOS developer and distribution validity, XCode account preferences, etc.
Is there a way to download that certificate directly? Or some way to generate it? I feel like this question is a broken record but I'm stuck.
New to GameSalad? (FAQs) | Tutorials | Templates | Greenleaf Games | Educator & Certified GameSalad User
Best Answer
-
pHghost London, UKPosts: 2,342
Did you generate everything you need on the Developer Portal?
There are two things you need:
First, the developer Certificates -- which identify you as a developer.
Second, the Provisioning Profiles -- which are for signing, in combination with the Certificate.For ad-hoc testing, you only need one Provisioning Profile (a wildcard one). For Store Distribution, you need a separate Provisioning Profile for each app, with the corresponding App Identifier: com.xxxx.xxxx
Once you've deleted all from the Keychain, to begin with, go to the Developer Portal and download the dev Certificates. If the ones showing up are expired, delete them in the Developer Portal. Generate new ones, also in the Developer Portal. Once they are downloaded to to your computer, double-click them to install into Keychain. If given an option to choose, install them in your login Keychain. Be careful not to install any of them twice, as that usually gives you an error during signing -- so you want to end up with one iOS dev Development Certificate and one iOS dev Distribution Certificate in the Keychain.
If you have generated a new Certificate, you will need to regenerate the Provisioning Profiles as well (on the Dev Portal), as they are strictly linked to one specific Certificate and the old ones won't work with the new Cert.
Next, launch Xcode. If you are logged in with your dev credentials, select yourself in the Preferences. Click on Manage Certificates. Make sure that there is only one iOS dev Cert of each type. Do not use the small plus button to add Certificates in Xcode. It doesn't install the downloaded Certificates, but creates brand new ones, which I have always had problems with. Instead, click 'done' to go back. Press 'Download All Profiles.' This should automatically download all the Provisioning Profiles. I don't think there is a way to see those listed anymore in Xcode, the way it used to be in older versions. But if they are set up in the Dev Portal, they should get transferred correctly.
If in doubt, in the Finder system menu, select Go > Go To Folder...
Paste in
~/Library/MobileDevice/Provisioning Profilesand check the created date on the Profiles. If the date doesn't correspond to the creation date on the Active profiles in the Dev Portal or today's date and/or the number of Profiles in the folder is either more or less than the amount that should be there, delete all the Provisioning Profiles from the folder. Empty Trash. Restart the computer, reopen Xcode and re-download all with the 'Download All Profiles' button.Now everything should work.
Answers
I'm using XCode 8.3.1 on OS X 10.12.4 (Sierra). I just deleted and re-downloaded XCode before this problem occurred. I had even more errors before I did that...
New to GameSalad? (FAQs) | Tutorials | Templates | Greenleaf Games | Educator & Certified GameSalad User
Isn't it fun??? It works fine until it doesn't. I've thrown things trying to get it to work.
From what I can remember is I deleted ALL the expired signing identities from Xcode. Then all the bad ones in Key chain. Then regenerated signing identities from Xcode.
The original Signing authority certificate is loaded on my computer. I've been reading here. That was three years ago.
So if you try and generate new identities in Xcode what error is it telling you?
Well, one problem is that the version of Xcode I'm using doesn't seem to allow me to delete certificates -- I assume that's what you mean by signing identities. I can see the certificates but that's about it. Unless I'm missing something.
So I deleted the expired certificates from Keychain Access but only those related to iOS development. Maybe I should get rid of other expired ones? Willing to try anything at this point.
If I generate new certificates in Xcode, it allows me to but creates duplicates in Keychain Access.
New to GameSalad? (FAQs) | Tutorials | Templates | Greenleaf Games | Educator & Certified GameSalad User
Everything is now handled on the developer portal. Just renew and delete things there and then hit that download all profiles. All the other certs can be deleted in keychain.
Guru Video Channel | Lost Oasis Games | FRYING BACON STUDIOS
My recommendation would be to delete all of the from Keychain first, then do what @The_Gamesalad_Guru suggests. Then restart Xcode. Worked that way for me!
Thanks, guys. I've deleted all iOS certificates from Keychain Access and restarted Xcode. It had me revoke my existing certificates and then gave me an automated signing error. So... feels like progress.
New to GameSalad? (FAQs) | Tutorials | Templates | Greenleaf Games | Educator & Certified GameSalad User
@pHghost I appreciate the lengthy suggestion. I was about to try it but decided to give it a go on a different computer running a slightly older version of XCode and... whatdyaknow it worked!
New to GameSalad? (FAQs) | Tutorials | Templates | Greenleaf Games | Educator & Certified GameSalad User
Certificates expire, and when they do the provisioning profiles they link to become invalid. When that happens, I log on to iTunes Connect, revoke the certificates, delete the profiles, and start again.
I also find it helps to create new user accounts specifically for Apple uploads. That way, when the certificates expire I can just trash that account, create a new one and run through the process again. I find that much easier than trying to figure out what certificates and provisioning profiles to remove from where.
Glad you got it working, though!
Contact me for custom work - Expert GS developer with 15 years of GS experience - Skype: armelline.support
I think I might try that next time.
New to GameSalad? (FAQs) | Tutorials | Templates | Greenleaf Games | Educator & Certified GameSalad User
Interesting approach, not a bad idea at all!