Search code examples
xcodecode-signingp12

Xcode -How to add a private key to Development Certificate if it's created using the Revoke button


By mistake I pressed the Revoke button.:

enter image description here

I went to developer.apple > Certificates I downloaded the new Development Certificate that was created from pressing the Revoke button. Afterwards one of the errors I got is

enter image description here

The second part of the error says the certificate needs a private key (in orange).

In Xcode > Preferences > Accounts > App ID > Team > plus sign it says the expiration of that Development Certificate is 10/30/20, 12:04 AM:

enter image description here

When I look in keychain the certificate with that expiration date is there but there isn't an arrow on the left of it to toggle the nested private key:

enter image description here

How do add a private key to the Development Certificate that was created using the Revoke button?

Btw the Distribution Certificate that was created after pressing the Revoke button did have a private key attached to it.


Solution

  • When you press the Revoke button you get issued a new iPhone Distribution certificate and a new iPhone Developer certificate. You can view these certificates inside the developer portal at developer.apple > certificates. Those certificates will also be inside your keychain. You use the certificate expiration dates to see which certificates correspond to what.

    The problem with pressing the Revoke button is you will get a iPhone Distribution certificate with a private key but as far as the iPhone Developer certificate it won't have a private key.

    If you look into your keychain you will see this pic below. Notice the iPhone Distribution certificate has a gray arrow next to it but the iPhone Developer certificate doesn't:

    enter image description here

    That will cause the following 2 errors:

    enter image description here

    It causes a cycle where you press the Revoke button again and you wind up with the same 2 errors. I'm not sure why Apple did it this way but someone definitely made a mistake.

    When you go to Keychain > login > My Certificates you will only see certificates that have a private key (the gray arrow indicates that). Since the iPhone Developer certificate from pressing the Revoke button doesn't have a key it won't be in there. According to this you need that key otherwise you'll get the errors:

    If your iOS developer and distribution certificates do not appear in "My Certificates", then they are not correctly configured for use on your Mac. Please note that "Certificates" is a repository of all certificates your Mac holds, whereas "My Certificates" is the subset of certificates valid for your Mac to actually use - a certificate appearing in "Certificates" only is not enough.

    If the certificate is not in My Certificates then this is most likely because you do not have the correct key for that certificate also on that Mac. You will need to locate the private key made for that certificate (i.e., from the original Mac which requested the certificate or a backup server).

    As long as they do appear in My Certificates, then they key is there.

    Since the iPhone Developer certificate won't appear in My Certificates the fix is after you press the Revoke button, delete the iPhone Developer certificate that it generates from BOTH the developer portal at developer.apple > certificates AND keychain. It's VERY important you delete it from keychain! Use the expiration date to locate it. Please keep the iPhone Distribution Certificate because that should work fine and have a key (indicated by the gray arrow).

    After it's deletes from both BOTH places you can manually generate a developer certificate yourself following these directions:

    Generate a Code Signing Certificate manually

    1- Open your Keychain Access.

    2- In the upper left hand corner next to the Apple sign select Keychain Access > Certificate Assistant > Request a Certificate From a Certificate Authority...

    3- Fill in User Email Address(just use yours) and the Common Name (just use your name) and select Saved to Disk. I selected Let me specify key pair information (maybe it's not necessary) but on the next screen just use the Key Size: 2048 bits and algorithm: RSA. Click on Continue and save the generated certSigningRequest file to your desktop.

    4- Go to https://developer.apple.com and log in to your account.

    5- Select Certificates, IDs & Profiles from the left sidebar.

    6- Go to Certificates and click on the + button on the top right corner.

    7- Select iOS App Development and click Continue.

    8- On the next page you see the instructions for creating the certSigningRequest file. Click continue.

    9- Upload the created certSigningRequest (from the 3rd step, the one saved to your desktop) to the form and click continue. It will generate your code signing certificate for you.

    10- Download the certificate and double click to install it. Once installed it will be added to your Keychain Access app. Assuming it saves to your download folder you can just go in there and double click it.

    Once you do those steps both errors should go away.

    If you continue to have errors look at the certificates in both the portal at developer.apple > certificates and keychain > My Certificates. If anything is in the portal but isn't in My Certificates then you need to find it keychain access (look in keychain > Certificates), delete it, and delete it from the portal.

    It took me a while to figure this out but the expiration date is the key to locating messed up certificates.