187

Using Xcode 9.1, after building an iOS app, I want to archive it and upload it to the appStore for beta-testing. But I get the following issue after clicking the button Upload to the App Store... and choosing Automatically manage signing:

"My Name" has one iOS Distribution certificate but its private key is not installed. Contact the creator of this certificate to get a copy of the private key.

I do not know why this "private key is not installed", but the Distribution certificate may have been created on a different computer or something. In any case:

What is the simplest way to retrieve the missing private key and install it? In order to make things work.

pkamb
  • 33,281
  • 23
  • 160
  • 191
Michel
  • 10,303
  • 17
  • 82
  • 179

20 Answers20

541

Up to date (January 2021) (Xcode 10 - 12)

  1. Go to Xcode - Preferences - Accounts - Manage Certificates
  2. Click on the + at the bottom left, then Apple Distribution
  3. Wait a little, then click Done

That's all. You may want to revoke the old certificate on developer.apple.com too.

Old answer

Step 1: Xcode -> Product -> Archives -> Click manage certificate

Click manage certificate

Step 2: Add iOS distribution

Add iOS distribution

ABM
  • 565
  • 7
  • 18
Tanjima Kothiya
  • 5,695
  • 2
  • 8
  • 17
  • 12
    This doesn't work because nothing happens when I click the plus sign. I am not given an option for 'iOS Distribution'. – arnoldbird Jul 20 '18 at 18:32
  • 2
    If I access Manage Certificates via Xcode > Preferences > Accounts, then the plus sign is active as shown in Step 2 above. – arnoldbird Jul 20 '18 at 18:42
  • 2
    It worked for me & now I have 2 iOS Distribution in Certificates, Identifiers & Profiles with different dates. revoking the previous distribution certificate will affect the existing apps? – Anirudha Mahale Sep 05 '18 at 12:00
  • I followed the steps in this solution, then it gave me another warning: Provisioning profile failed qualification. I opened Keychain manager, deleted the old Developer Certificate (not the new Distribution certificate), created new one at Xcode prompt, and things work fine afterward. – CodeBrew Sep 15 '18 at 14:13
  • 1
    Btw it's faster to get to this using preferences. Archive compiles the project. – Oliver Dixon Oct 06 '18 at 08:06
  • 5
    when I did it appear this "You already have a current IOS DIstribution certificate or a pending certificate request", what can i do? Thanks – Camilo Andres Oct 22 '18 at 06:55
  • Keychain manager in old developer certificate existing problem accurate , deleted old developer certificate and create new certificate – Tanjima Kothiya Oct 23 '18 at 05:48
  • 3
    Currently in Xcode 10.3 Xcode - Preferences - Accounts - Manage Certificates – Anton Aug 06 '19 at 11:30
  • I don't have iOS Distribution and all 3 certificates is labeled Apple Distribution (xCode 11.3) – CodeBy Mar 26 '20 at 07:50
  • I've updated the answer to reflect the process on xcode >= 10 – Hugo Gresse Jul 21 '20 at 12:36
  • This worked for me, but I did need to restart XCode for it to find the certificate in my keychain – Jake Cronin Aug 22 '20 at 05:08
  • That adds a development cert, but Xcode is complaining about a missing distribution cert and this doesn't change that. I can't add a distribution cert because Xcode claims "you already have a current Distribution certificate or a pending certificate request." – Oscar Oct 09 '20 at 19:29
  • 2
    Worked for me. Black magic. The updated text should say "Distribution" not "Development" – MadMac Jan 13 '21 at 21:00
  • 1
    Note to the 2021 version: You may need to create an `Apple Distribution` Certificate, not `Apple Development` one. – alistairv Feb 08 '21 at 22:25
126

You can only have one distribution certificate. It unites a public key, known to Apple, with a private key, which lives in the keychain of some computer. If this distribution certificate was created on another computer, then the private key is on the keychain of that computer. And this distribution certificate does not work without it.

So to use this distribution certificate on this computer, you must find that computer, open Keychain Access, locate and export the private key, mail it or otherwise get it to this computer, and import it into the keychain of this computer.

If you go into the Accounts pref pane in Xcode and double-click your Team, you'll see a dialog that gives you help with this. If you see your distribution certificate and it says Not In Keychain, you can control-click that certificate to get a menu item that lets you email whoever created the certificate and ask them to send it to you. That person can use this same import to choose Export Certificate and can email you exported certificate.

Either way, the private key or exported certificate will be passworded. You'll need to know the password in order to use it.

matt
  • 515,959
  • 87
  • 875
  • 1,141
  • 1
    My first trial following your suggestion did not work. Most likely because I did not do it right. One question I have is when going to Keychain Access where the certificate was created How do I locate the private key? It seems like Keychain Access shows, at some places, zillions objects all called the same name. So I am not sure at all I did that part as I should. – Michel Nov 13 '17 at 04:40
  • 87
    Well, sending a mail to myself asking the question I am now asking you is not likely to be effective :) – Michel Nov 13 '17 at 05:33
  • 2
    But I still think your answer put me on the right track, so I need to dig a bit more into it. – Michel Nov 13 '17 at 05:36
  • I finally found my way around this issue. But I am unfortunately not done with the whole signing business. I made a different post with a separate question: https://stackoverflow.com/questions/47258499/profile-doesnt-include-certificate – Michel Nov 13 '17 at 06:49
  • Thanks for this @matt! In my case, I created an iOS Distribution certificate using the CSR I created on my device, but then when I installed it in the keychain, there is no private key tied to the cert. I can compile, but I don't know where the private key is, so I couldn't give the p12 file to my teammates. Although a different case, thanks to your advice on going to the Xcode Accounts pane, I was able to export it to p12. :) Now, all is well, but I'm just left wondering where the heck is that private key hidden that it's not showing together with the cert in the Keychain. – KarenAnne Aug 23 '19 at 02:51
  • 7
    I exported the certified from my oldest notebook and I had that restart of XCode for to refresh of changes of keychain – Jonathan García May 07 '20 at 21:47
  • It shall be OKay even if that old computer cannot be found. Go to the developer's portal (https://developer.apple.com), "Certificates, Identifiers & Profiles", choose "Certificates", click on the certificate, then click on "Download" button. In you "Download" folder, double click the downloaded certificate will install it into you Keychain. Then in Xcode's Preferences/Account, click on "Manage Certificates" and then click on "+", the downloaded certificates saved in your Keychain will be added. And then you will be able to upload your archive. – Zhengqian Kuang Dec 16 '20 at 19:30
  • 9
    Yes! Restarting seemed to do the trick for me. – Oritm Feb 20 '21 at 16:28
38

This answer is for "One Man" Team to solve this problem quickly without reading through too many information about "Team"

Step 1) Go to web browser, open your developer account. Go to Certificates, Identifiers & Profiles. Select Certificates / Production. You will see the certificate that was missing private key listed there. Click Revoke. And follow the instructions to remove this certificate. enter image description here Step 2) That's it! go back to Xcode to Validate you app. It will now ask you to generate a new certificate. Now you happily uploading your apps.

Paul
  • 1,180
  • 11
  • 21
21

Add a new Production Certificate here, then download the .cer file and double click it to add it to Keychain.

All will be fine now, don't forget to restart Xcode!!!

Community
  • 1
  • 1
fujianjin6471
  • 5,168
  • 1
  • 36
  • 32
14

EDIT: I thought that the other computer is dead so I'm fixing my answer:

You should export the certificate from the first computer with it's private key and import it in the new computer.

I prefer the iCloud way, backup to iCloud and get it in the new computer.

If you can't do it with some reason, you can revoke the certificate in Apple developers site, then let Xcode to create a new one for you, it'll also create a fresh new private key and store it in your Keychain, just be sure to back it up in your preferred way

Yitzchak
  • 3,303
  • 3
  • 30
  • 50
11

People's answer here about having the key from the computer is generated are accurate. But if things are still failing, try restarting Xcode after installing a cert

MobileMon
  • 8,341
  • 5
  • 56
  • 75
9

revoke all distribution certificate for developer.apple.com and the validate your app in Xcode there will be the option to create a new distribution certificate after you can export key for further use.

This work for me.

Sohaib Siddique
  • 387
  • 6
  • 13
8

Just for anyone else who goes through this, the answers above are correct but it can still be a bit confusing especially if you have multiple certificates. These were the steps that I took:

  1. First take note of the date in the actual distribution certificate that is missing its private key. Then go to the keychain application on the other computer and type iOS in the search bar. It will show all of your iOS Developer and Distribution keys so you have to find the right one.

  2. Click the right arrow of each iOS Distribution entry to reveal the certificate and find the one with the correct date and export that one by right clicking and selection export.

  3. Then just import it in the keychain of the new computer and at least with Xcode 9.3 it immediately recognizes it and corrects the error so you can now upload your achieve.

pkamb
  • 33,281
  • 23
  • 160
  • 191
Sam
  • 134
  • 1
  • 5
  • Thanks! I would add that in the default view you don't see the left arrow that lets you expand the key to reveal the certificate. You need to select Keys in the Category panel. Only then can you select the certificate and export it. If you export the private key instead, you'll get an error when you import it on the other computer. – Clafou Sep 20 '18 at 11:52
5

If you are using the certificate in a new computer or not. The easiest thing to do would be to revoke the previous certificate relating to the project. Then re-upload to the store. Xcode will generate a new one.

Chinedu Etoh
  • 153
  • 3
  • 11
5

In my case Xcode was not accessing certificates from the keychain, I followed these steps:

  1. delete certificates from the keychain.
  2. restart the mac.
  3. generate new certificates.
  4. install new certificates.
  5. clean build folder.
  6. build project.
  7. again clean build folder.
  8. archive now. It works That's it.
M. Mubeen Asif
  • 107
  • 1
  • 7
4

i tried all mentioned solutions available on the internet but no solution working on my Mac, then i created a provisioning profile manually on apple developer website from certificates and identifiers. By importing that file manually app successfully uploaded on appStore follow below steps

On Developer website

1-go to this link https://developer.apple.com/account/resources/certificates

2- In profile Section create new profile by using app bundle identifier

3-Download it and save it an where

On Xcode

1-Go to Signing and certificates

2-Disable automatically manage signing

3- Select provisioning profile in its section

4- Archive the app

5-Click Distribute App ->ApStore connect ->Upload->Next-> Then Select Profile from XXXX-app section when it download it show inside this section and now upload it

Asad Farooq
  • 191
  • 1
  • 13
3

Click on Manage Certificates->Apple Distribution->Done

Siddharth Sogani
  • 321
  • 1
  • 10
3

In my case, after revoking the old certificate and creating a new one, Xcode was showing the same error (I've done a clean build and removed the derived data folder).

In that case, try to manually manage signing.

enter image description here

After that, check the second field and set the appropriate one.

enter image description here

Note: After uploading the build, I needed to wait for 15 min to see my build in the app store connect.

Sam
  • 488
  • 1
  • 5
  • 14
2

Adding to the above answers, If you have admin access on this account create new certificate and use it to publish. I just did that and it passed.

1- Create new Certificate Signing Request (KeyChain Access > Certificate Assistant ) and save to the disk https://help.apple.com/developer-account/#/devbfa00fef7

2- Login into your apple developer account > Certificates and Identifiers > Click + to add new certificate)

3- Upload the signing cert you created in step 1, click next and download the certificate

4- Double click the certificate to install it. Make sure it is trusted and showing "This certificate is valid".

5- Try to archive again now and choose automatic signing.

That should do it.

MSaudi
  • 4,442
  • 2
  • 40
  • 65
2

just click "manage certificates" -> "+" -> "iOS distribution"

Lucas Paiva
  • 21
  • 1
1

  1. go to this link https://developer.apple.com/account/resources/certificates/list

  2. find certificate name in your alert upload then

  3. Revoke certificate that

  4. if you have certificate you download again
  5. upload testflight again
Machavity
  • 30,841
  • 27
  • 92
  • 100
Papon Smc
  • 576
  • 4
  • 11
1

If you are being stuck on this problem. After switch the computer and not able to upload your build to App Store. Simply click manage certificate on the error page, the + plus on the bottom left corner and create a new distribution certificate. Then you'll be good to go.

Legolas Wang
  • 1,951
  • 1
  • 13
  • 26
1

I am also facing the same issue in xCode (v12.4) and created two more distribution certificates but nothing get worked for me.

enter image description here

Solution : Restarting xCode seemed to do the trick for me.

RviOS
  • 33
  • 6
0

I was facing the same problem with Xcode v11.3

Upgrading to Xcode 11.6 solved the problem for me

Dharman
  • 30,962
  • 25
  • 85
  • 135
anass filali
  • 1
0

This can happen if your MacBook has a battery issue and powers out unexpectedly. Your date is reset to an old date and if you opened XCode, it probably recorded that date and that may have caused the signing issue with certificate.

THIS IS HOW I RESOLVED IT

  1. Went to Settings and set the correct date and time.
  2. Clicked on the XCode option on the top left.
  3. Clicked on Quit XCode.
  4. Restarted the MacBook.
  5. I reopened XCode, archived my app and it had no issues with the signing certificate.

I hope it works for you. An upvote if it does.

Junior
  • 1,007
  • 4
  • 16
  • 26