Xcode Code Sign error because of no Keys in Keychain

Asked 28/2, 2013 at 14:46 Answered 30/3, 2020 at 19:33

You might think, not again such a question where are already thousands of topics about. However, I've not been capable of finding the answer I needed to fix this problem.

None of these topics go as deep as the Keychain.

When I'm trying to deploy my app to an iPhone, I'm receiving the following message:

Code Sign error: The identity 'iPhone Developer: [Name] ([ID])' doesn't match any valid, non-expired certificate/private key pair in your keychains.

Now, as said, I have been looking for multiple guides or fixes, however, none of them seemed to fix this issue.

Things I've tried:

Use Apple's walkthrough for app deployment for countless of times
Searched the internet for guides for app deployment
Changed the content of the 'pbxproj' file inside the 'xcodeproj' package.
Retrieve all available profiles from Apple's server using the Refresh button in Xcode 4.6 (allows you to obtain automatically)

After trying all of these ways, I've still not been able to solve the issue. One problem I've seen is that at first hand, the certificate in the Keychain was showing an invalid status, which is now solved.

However, if I'm right, there are supposed to be two keys attached to the certificate. A public and private key, and these are not showing.

Neither are there any keys showing in the Keys tab in the Keychain Access.

Solution

(Thanks to nsgulliver)

Do everything what the post (marked as Solution) of nsgulliver says.
If you already have an active Certificate, click the Revoke button, this won't cause any trouble, you'll simply have to re-create the keys of which then will be generated a new certificate.
Make sure you have the WWDR of Apple installed to mark the certificate authority as valid.
Follow the default Provisioning Assistant guidelines.

Kind answered 28/2, 2013 at 14:46 Comment(1)

Apparently WWDR is to expire soon and Apple wants the updated one to be installed. However, if I simply removed WWDR from keychain, XCode installs the old one instead of the newer one. That makes newly generated profiles not trusted, though generated via XCode or the portal and there is no clue given about why. Getting newer WWDR online solves the problem. – Deel 1/10, 2020 at 15:45

Provisioning profiles installed on the devices or signed with for the target might not be valid, try to go to Organizer->Provisioning profile and see if the profiles have the valid status? if not try to delete & refresh them, if they appear valid after refreshing then it might solve your problem if not then you should remove all the entries from keychain and delete profiles on your provisioning portal and try to create from scratch, if you still face the problem then take help from step by step guide tutorial

Richardricharda answered 28/2, 2013 at 14:49 Comment(11)

This is partly the same as the fourth option, no they did not indicate valid in this screen. I'll have to start from scratch i think, is there a website which exactly guides me from step to step?? Since i'm in some sort of tunnel vision and i'm keeping to make the same mistake over and over again.. – Kind 28/2, 2013 at 15:8

check my answer, i have written in the last line link step by step guide, you could follow it and it has two parts – Richardricharda 28/2, 2013 at 15:10

I have been in this situation, reason might be that you created the provisioning profiles first time, and then you lost your keychain values but profiles in provisioning profile still exists, only solution at the end was start from scratch by deleting keychain values and profiles from provisioning portal. – Richardricharda 28/2, 2013 at 15:13

Perhaps a dumb question.. but do you also have to delete the 'active' provisioning profiles? Which also includes the 'iOS Team Provisioning Profile' , which indicates it is managed by Xcode ? – Kind 28/2, 2013 at 15:22

I am not sure but I as I remember I deleted everything and started from scratch, it wont hurt, everything will comes normal if you follow the right steps, if you face problems then you are welcome, and if you find my answer useful then you could accept also thanks – Richardricharda 28/2, 2013 at 15:25

Do i need to delete the 'Current Developments Certificates' too? -- and yes, i will mark your answer as solution.. but not yet while i'm busy and the problem isn't solved yet – Kind 28/2, 2013 at 15:26

yes you can delete and start from scratch, just follow the tutorial, it will guide you as you want – Richardricharda 28/2, 2013 at 15:27

I'll be tomorrow morning at my work again, i'll notify of any changes :) – Kind 5/3, 2013 at 20:51

Haven't recieved permission from my employer to clean up the entire account yet, since he would first like to get it touch with his contacts, still awaiting permission. I'll inform you asap :) – Kind 6/3, 2013 at 7:25

Problem solved. I'll add the solution + extra to the end of my question :) – Kind 7/3, 2013 at 14:14

Solution is not working for someone who does not have paid account, as there is no certificate tab visible. So looks Apple does not want me to code, – Provo 10/6, 2021 at 21:21

You cannot re-create matching keys, that would defeat the whole purpose of them. You need to find the old keys or start the signing procedure from scratch.

Are you using the same machine that you generated the keys on? If not, go to the other machine, export the developer profile, then import it on the new machine.

Can you restore the keys from backups? If not, stop everything you are doing and configure your computer for backups before you do anything else.

If you are really stuck, you will have to follow the signing procedure right from the very beginning, where you request a certificate from a certificate authority. This will generate new keys, and you will have to create matching provisioning profiles, then set your application to be signed with these. Dlete the old provisioning profiles, they will be useless without the old keys.

Sunder answered 28/2, 2013 at 14:53 Comment(2)

No, A few months ago I've tried deploying too, but it didn't work out for me for the same reason. Then another employer took the project home and tried to deploy there, which succeeded. Now it is the case, that he has the keys, but has quit his job, and so i'm not capable of obtaining those keys. Would it hurt the apple developer account if i delete everything in it, except for the registred devices? – Kind 28/2, 2013 at 15:11

You can't delete everything in the account, nor do you need to. Just create a new key pair, certificate and provisioning profile. Delete the old provisioning profiles, and you should be set. – Sunder 28/2, 2013 at 16:37

Required reading when you're having code signing problems:

Technical Note TN2250: iOS Code Signing Troubleshooting

Nothing will help you more than really understanding what's in your certificates and what isn't, where the necessary pieces are kept, and how they're used. This isn't the last time that you'll have code signing issues, and this tech note provides a long checklist that should help you make sure that everything is in the right place to help you develop your app and ultimately sign and submit it to the app store.

Horned answered 28/2, 2013 at 16:6 Comment(0)

You need to lock keychain. Please see screenshot:

Chiarra answered 6/7, 2018 at 0:20 Comment(1)

And if "Lock keychain login" is greyed out? – Procrustes 18/7, 2021 at 17:6

When I've had this problem in the past I've just deleted everything on my local machine and started again. So:

Delete the keys associated with your developer account in Keychain access.
In XCode open the 'Organizer' (window->organizer)
In Devices (top menu) and Provisioning Profiles (left menu), select all of the profiles and delete them.
Now hit refresh. It will ask you to sign in and whether you want to generate new keys etc, select yes and wait.

I find that this is the quickest way to fix any provisioning / key problems, as you can spend hours finding that you've missed something small.

Spun answered 28/2, 2013 at 14:55 Comment(4)

This was the fourth option i've tried, it didn't ask me however to generate new keys,, it simply retrieved all items from the remote apple server. – Kind 28/2, 2013 at 15:7

Ah ok. This means that you haven't deleted everything in your keychain yet. Have you deleted the developer certificates? As the generation of these causes a new key pair to be created. – Spun 28/2, 2013 at 15:47

Yes, i had deleted all developer related certificates, the one i didn't delete was the overall developer certificate from apple.. MWSDDN or something like that.. – Kind 28/2, 2013 at 16:2

I don't have "devices" menu in organizer. – Provo 10/6, 2021 at 21:23

After removing all old provisioning profiles (~/Library/MobileDevice/Provisioning Profiles/) and updating xCode, the certificates can be found again.

Tyrolienne answered 30/3, 2020 at 19:33 Comment(1)

Xcode 11.2 your solution not works. Xcode tries to create new developer certificate and fails in infinite loop – Provo 10/6, 2021 at 21:25

Solution

Recommended topics

Hot tags