1

About a week ago our Apple Distribution Certificate expired. XCode detected this the next time I tried to send an app to Apple, and offered to generate a new certificate.

This process works correctly and the certificate is generated. However, when we try to use it to send the app to Apple, we receive a message saying that the private key is not in our Keychain. As this is a newly generated certificate, the private key is generated at the same time (I exported it) and I have tried installing it manually into the keychain on both 'login' and 'system' but nothing seems to work.

I have checked Distribution certificate / private key not installed and tried some of their suggestions:

  • Logging into developer.apple.com and revoking all old distribution certificates
  • Removing old certificates from Preferences -> Accounts -> Manage Certificates (I've also tried clicking the '+' icon and generating a new distribution certificate - this gets added underneath the earlier one)
  • Restarting XCode and the apple machine
  • Deleting older private keys in case they are interfering.

Is there something I'm missing? A lot of the guides seemed to suggest that generating a new certificate would be the way to go, but it just doesn't seem to 'link' with the private key it generates at the same time.

Many thanks.

EDIT: I am not alone in this it seems: https://developer.apple.com/forums/thread/671484

GreenGiant88
  • 11
  • 6
  • I have issues every single year with this. In February I generated things, downloaded, got them in my keychain, etc. In the end it was looking at the Xcode target (not project) and the "Signing and Capabilities" tab for everything being correct. Maybe that is where you are having an issue? –  Apr 06 '21 at 15:21
  • Thank you for your suggestion. I have played around with the 'Signing and Capabilities' tab a little bit too but I still can't get it to recognise the private key. When I use the 'automatically manage signing' checkbox and select the correct team, everything seems to look correct. Do you use this checkbox, or do you manually set it up? – GreenGiant88 Apr 06 '21 at 16:44
  • I *always* use the automatic things in Xcode. :-) But last February, when I needed to generate some profile keys, things didn't *just* work automatically for some reason. I couldn't download anything through Xcode, could through the developer site, clicked on the downloads, and even had to quit and relaunch Xcode before it recognized them enough to "automatically" use them. –  Apr 07 '21 at 00:13
  • Thanks for your help, managed to fix it by actually switching to manual signing and selecting the correct distribution certificate. – GreenGiant88 Apr 07 '21 at 09:42

1 Answers1

0

Just in case anyone sees this in the future, I managed to resolve the issue by manually signing the app as I'm sending it to Apple.

After lots of investigation, I realised for some reason that XCode was creating two versions of the new Distribution Certificate, one that has the private key and one without. When attempting to send to Apple, it was defaulting to the version without the private key. I switched the signing to manual (and downloaded a manual provisioning profile) so that I could select the correct Distribution Certificate that has the private key installed.

GreenGiant88
  • 11
  • 6