Login/Register
missing private key in the distribution certificate on keychain
Asked Answered
Solved iosiphonexcodekeychaincodesign
E

20

231

I have the following problem which I could not find a solution for anywhere. Basically, we have a company developer account (not enterprise) and so in order to submit our app, I requested from our team lead to send me the distribution certificate and create and send me a distribution provisioning profile.

With the developer profile, everything works good, but when I installed the cert and the provisioning profile, I did not see the distribution profile on Xcode, and nor do I have a private key under the dist cert in the keychain.

Does anyone know how to solve this? I read in diff places that I will need to revoke the certificate and create a new one, but I can't really do that since we have a bunch of apps in the company and I can't revoke it for everyone.

Eldon answered 12/10, 2012 at 22:18 Comment(2)
Sometime Private key is missing because we are trying to create Certificates with .CSR which were created on any other machine. So , make sure , your CSR file should also created on same machine where you are trying to create and install certificate..or you could use .p12 of certificates to avoid this issueGorey
In my case I have two identical signing certificates in my keychain... It solved simply deleting one of them... Just in case...Sonasonant
B
231

enter image description hereAhh this is a common issue, The solution is simple:

Who ever created the developer credentials originally needs to go to the keychain on their computer and right click on the key(s) for private and public and export the key to a file. Then you just download that file on your computer and open it, and it will be added to your keychain.

You need to have both the private key (.pem file) and the certificate for your provisioning profiles.

Benzene answered 12/10, 2012 at 22:25 Comment(6)
To be more specific it's the .p12 file you need (exported)Gabriella
@Benzene What to do if we don't have access to that computer from which developer credentials were originally created.Jannelle
@NishadArora You'll have to create a new key to use. There's no way to use it without the the private key. AFAIKChemosh
@Benzene How to create New oneArmandinaarmando
If it helps anyone, after having the public cert and private key installed (checked in Keychain Access and it was showing) I also had to restart Xcode to get it pick up the private key. Using Xcode 11.6 on OSX 10.15.5.Janson
if after installing the private key but it's still showing as not installed, check this thread https://mcmap.net/q/112438/-distribution-certificate-private-key-not-installedRemorseless
S
95

As long as you still have access to the mac which was used to generate the original distribution certificate it's very simple.

Just use that mac's Keychain Access application to export both the certificate and the private key. Select both using shift or command and right click to export to a .p12 file.

Attached a screenshot to make it very clear.

On your mac, import that .p12 file and you are good to go (just make sure you have a valid provisioning profile).

Just choose export

Seedman answered 12/10, 2012 at 22:28 Comment(0)
G
65

To add on to others' answers: If you don't have access to the private key anymore, it's fairly simple to get back up and running:

  1. revoke your active certificate in the provisioning portal
  2. create new developer certificate (keychain access/.../request for csr...etc.)
  3. download and install the new certificate
  4. create a new provisioning profile for existing app id (on provisioning portal)
  5. download and install the new provisioning profile
  6. set the appropriate code signing identities in the build settings
Gabriella answered 12/10, 2012 at 22:37 Comment(5)
Here at my company is always a mess, nobody knows in which computer was created a certain certificate. Is just better to revoke and recreateHiles
@Hiles I'm here 6 years later to suggest CI/CD to do this kind of stuff and forget about distributon via xCode.Morpheme
if i already downloaded a distribution certificate, then i revoked it then re request it again. should i remove the old distribution certificate?Choosey
@Choosey yes, since it was revoked and not valid anymoreDialectology
Also check "My Certificates" tab in keychain access, to view cert/key as pairsGad
C
19

For those who are afraid of recreating a Distribution certificate, Apple's documentation says:

Important: Re-creating your development or distribution certificates doesn’t affect apps that you’ve submitted to the App Store nor does it affect your ability to update them.

However, it does affect apps built for the Apple Developer Enterprise ecosystem.

Contrapositive answered 29/8, 2018 at 7:33 Comment(3)
it does if you have an enterprise account!Cory
By "enterprise ecosystem system".... For ex. are you talking about if you work in a large company and 100 developers have that private key for that specific app?Alodee
@Alodee Yes. It is special account for enterprise. With this account you can not publish application to AppStore.Contrapositive
H
15

Delete the existing one from KeyChain, get and add the .p12 file to your mac from where the certificate was created.

To get .p12 from source Mac, go to KeyChain, expand the certificate, select both and export 2 items. This will save .p12 file in your location:

enter image description here

Heartbeat answered 4/10, 2016 at 7:29 Comment(0)
S
14

I lost hours and hours to resolve this issue, but it's fixed by just restarting MAC...

Sequestrate answered 9/8, 2020 at 13:51 Comment(4)
its woking for meAppertain
me too... instead i got it solved by restarting XcodeTurfy
It's 2022 and this is working on the latest XCode and MacOSColorless
It's 2024 and this is working on the latest XCode and MacOS still 🤣🤟Silvana
C
10

In my case, I've lost all private keys in my keychain. New ones were imported correctly but they don't show the private key as well. The only thing that helped me was generating a new Certificate Signing Request.

Crayfish answered 23/12, 2014 at 14:18 Comment(0)
J
6

After you changed a Mac which are not the origin one who created the disitribution certificate, you will missing the private key.Just delete the origin certificate and recreate a new one, that works for me~

Jennyjeno answered 21/11, 2017 at 2:34 Comment(0)
S
6

If you are creating your own Distribution cert, not using someone else's then this could help.

Spent quite a bit of time on this today, issues from not being able to create a SigningRequest to generating a distribution cert and not having it attached to my private key in KeyChain Access. These steps helped solve this for me.

If you are still having issues, revoke your current cert and start fresh.

  1. Creating a new signing request

The Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority is actually contextually aware of what you currently have selected when you launch it. Just to be sure that you aren't accidentally skewing your Request with some random selection, go to your Login Items and select the Apple Worldwide Developer item. Then launch the above Request and create the CertificateSigningRequest.certSigningRequest file.

enter image description here

  1. Go to Apple Dev portal, add new distribution certificate, upload your CertificateSigningRequest.certSigningRequest file and download the newly created distribution certificate.

  2. To import the distribution cert into your keychain, instead of just double clicking it, I recommend opening your keychain, go to "login/Certificates" area and drag and drop the cert here.

I had an issue where my cert would auto-install into the System area, instead of the login area where my private key existed and this caused my key not to be linked to the new cert.

Substructure answered 2/2, 2022 at 21:7 Comment(1)
it works for me by dragging and drop to login items. ThanksIvanaivanah
P
5

When I try to upload iOS build to test flight then error was appear.

"Missing privacy key".

enter image description here

Just 2 step for fix this error.

  1. Remove old certificate from developer.apple.com
  2. Create new certificate from Xcode or developer.apple.com

My problem has been solved (I am using Xcode 9.4.1).

Please check, Xcode created new certificate.

enter image description here

Punctuation answered 27/9, 2018 at 14:23 Comment(0)
V
3

I got into this situation ("Missing private key.") after Xcode failed to create new distribution certificate - an unknown error occurred.

Then, I struggled to obtain the private key or to generate new certificate. From the certificate manager in Xcode I got strange errors like "The passphrase you entered is wrong". But it did not even ask me for any passphrase.

What helped me was:

  1. Revoke all not-working distribution certificates at developer.apple.com
  2. Restart my Mac

After that, Xcode was able to create new distribution certificate and no private key was missing.

Lesson learned: Restart your Mac as much as your Windows ;)

Vibraharp answered 31/10, 2019 at 8:31 Comment(0)
B
2

At the Menu > Visual Studio (mac) > Preferences > Publishing > Apple Developer Accounts > [Select your apple id] > View Details > Create Certificate

To delete unused/invalid certificates, go to website: https://developer.apple.com/account/resources/certificates/list

delete any unwanted certificate there

Next is to create App ID (identifiers), go to website:
https://developer.apple.com/account/resources/identifiers/list

Next, go to website to create provisioning profiles:
https://developer.apple.com/account/resources/profiles/add

use the certificate to bind with your app id.

Next is to download the profiles:
At your mac > At the Menu > Visual Studio (mac) > Preferences > Publishing > Apple Developer Accounts > [Select your apple id] > View Details > Download All Profiles

Blinkers answered 18/1, 2020 at 15:25 Comment(0)
G
1

I accessed that certificate on apple's developer website and after downloaded it I opened it. Likewise, at open I got a little window asking if I wanted to add the certificate to keychain. Just tapped "add" and the "missing private key" error was gone.

Gutenberg answered 19/6, 2019 at 10:11 Comment(0)
B
1

Just to shed some light on this.

After I deleted my p12 certificate from Keychain. I re-downloaded my own certificate from Apple developer portal.

I was only able to download the certificate. But to sign you need the private key as well. So you either:

  • export both private key and certificate from Keychain to get it.

  • Upload a Certificate Signing Request and generate new certificates

That certificate by itself has no value for signing purposes. My guess is that the private key is created by keychain the moment you 'request a certificate from a certificate authority' but isn't shown to you until you add its matching certificate.

Blaineblainey answered 3/6, 2020 at 0:58 Comment(0)
H
1

My problem was that for whatever reason, the login keychain was missing in the Keychain Access. Xcode created a new certificate and added it to the login keychain but could not use it. Restarting the computer solved my problem.

enter image description here

Harmonica answered 20/4, 2021 at 8:12 Comment(0)
O
1

An old XCode version will also cause this. I was on XCode10 (old for 2022). Updated to latest version, which resolved the issue.

Orthocephalic answered 10/8, 2022 at 16:50 Comment(0)
A
0

Check whether you are using Login or not to add the certificates, if you are checking in System at top left hand side then we wont be able to see it.

So drag and drop the .cer into login then check you are able to get the private key or not.

Anderaanderea answered 10/5, 2019 at 7:48 Comment(0)
P
0

I'm the creator of the key, but the key was attached to an expired Certificate.

To solve it I went to -> Xcode/Preferences/Accounts/"Account you use to archive"/Manage Certificates..

Then click on the dropdown menu with the "+" sign on the bottom left corner, and choose the type of certificate you need updated (mine was Apple Distribution).

This updated my new certificate with its key attached.

Photodynamics answered 1/12, 2020 at 16:7 Comment(1)
thats creating a new certificate question is differentAbie
R
0

Contact with the creator of iOS Distribution key and tell to export certificate and private key, then just download and double click it to access in your keychain.

enter image description here

Riggall answered 30/3, 2021 at 10:43 Comment(0)
F
0
  • I assume you have switched device and trying to create a new certificate for your new device,
  • First revive the development certificate form the developers portal,
  • Go to xcode > preferences > accounts > select your apple id with the dev portal access > manage certificates > click on the team account > click on the little + button > click on apple distribution
  • Go to the apple developer portal , you can see a distribution certificate is created ,
  • Go to profiles create a new profile with the new certificate.
  • Download > install done
Flourish answered 19/8, 2021 at 15:8 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.