Login/Register
key chain warning The “System Roots” keychain cannot be modified [closed]
Asked Answered
Solved iphoneioscertificatekeychainios-provisioning
H

12

50

Am landed with following error "“System Roots” keychain cannot be modified" when I double tap the certificate. After googling I come to know that drag and drop the certificate is the solution for this.

But even after doing this also in code it says "profile doesn't match valid certificate/private key chain pair in the default key chain"

Any solution?

Hazaki answered 23/3, 2011 at 5:6 Comment(1)
This answer from Apple worked for me: support.apple.com/en-in/guide/keychain-access/kyca11871/mac 1. In the Keychain Access app on your Mac, select a keychain from one of the keychains lists, then double-click a certificate. 2. Next to Trust, click the arrow to display the trust policies for the certificate. 3. To override the trust policies, choose new trust settings from the pop-up menus.Paraclete
L
21

Step 1 - download your developer certificate and drop in into your DEFAULT keychain

step 2 - download apple WWDRCA certificate and drop into the same keychain.

step 3 - CHECK if there is a private key along with your certificate. (you should be able to see tiny triangle beside your certificate. Click on it to see if your private key is present or not)

step 4 - download the provisioning profile from the developer portal and drop into your xcode.

Try to do these things first. If you still get a error, then delete the extra apple certificates in your keychain and try the process once again.. it will do the trick...

Lackluster answered 23/3, 2011 at 5:56 Comment(15)
NO.... certificate without private key is almost useless. i faced the same problem 2 weeks ago and it took me almost a week to get rid of itLackluster
is it possible to add key to existing certificate ..?Hazaki
as far as my knowledge goes you can not do it explicitly.... i am not sure about it.. but it is better for you to follow the above 4 steps which would just take 15 mintes of your time to solve the problemLackluster
actually am trying to import the certificate which is sent by another person but it doesnt contain WWDRCA certificate. now i only have developer and distribution identity certificate.Hazaki
you can download WWDRCA certificate manually also..thats not a big deal actually.. Do u know the process for downloading the WWDRCa certificate???Lackluster
WWDRCA certificate with my apple developer account or their account's WWDRCA certificate.....?Hazaki
certificate from ur developer account would be sufficient... try to request certificate from your keychain and try it out...Lackluster
thanks.. actually they not configured private key for certificate think so bcoz it is not showing any discloser in keychain access .. so i have to request for new certificate....Hazaki
hey dude finally i got the things working... private key is the only thing that caused all these problem.....Hazaki
+1 thanks man ..... really works ... Actually I was following Guide from Apple account and it tells to double click but it works with drag n Drop.Cephalopod
@Azhar: Cooool... nice to hear that from you and thanks for the +1 :-)Lackluster
@ A for Alpha: I am not able to see private key in my keychain. Step 3 of your solution. What should I do now.Lamblike
#5989868. please check this link.Lackluster
+1 from me, too. Same thing, double clicking caused the error but drag and drop worked. Thank you. These certs are doing my head in.Brendanbrenden
developer.apple.com/certificationauthority/AppleWWDRCA.cer down load certificate from hereFaubion
C
170

Just try below three steps

Step 1: Open your Keychain Access app.
Step 2: You will see list in left side as 'Login' ,'System' and 'System Roots', just drag your certificate in 'Login' option.
Step 3: You will get certificate install successfully in Keychain Access.

Cockaleekie answered 7/5, 2012 at 5:56 Comment(3)
If doesn't work - drag to system and enter pass, certificate will appear in login tooCrush
@Bo Persson I followed your listed steps.But it does not works for me.It always says the warning dialog as "The system Roots key chain cannot be modified".The warning message is To change whether a root certificate is trusted, open it in Keychain Access and modify its Trust Settings. New root certificates should be added to the login keychain for the current user, or to the System keychain if they are to be shared by all users of this machine.Fuchsia
Any idea why I used to just be able to double click a cert to load it up, but now I need to drag it in?Hydrophobic
L
21

Step 1 - download your developer certificate and drop in into your DEFAULT keychain

step 2 - download apple WWDRCA certificate and drop into the same keychain.

step 3 - CHECK if there is a private key along with your certificate. (you should be able to see tiny triangle beside your certificate. Click on it to see if your private key is present or not)

step 4 - download the provisioning profile from the developer portal and drop into your xcode.

Try to do these things first. If you still get a error, then delete the extra apple certificates in your keychain and try the process once again.. it will do the trick...

Lackluster answered 23/3, 2011 at 5:56 Comment(15)
NO.... certificate without private key is almost useless. i faced the same problem 2 weeks ago and it took me almost a week to get rid of itLackluster
is it possible to add key to existing certificate ..?Hazaki
as far as my knowledge goes you can not do it explicitly.... i am not sure about it.. but it is better for you to follow the above 4 steps which would just take 15 mintes of your time to solve the problemLackluster
actually am trying to import the certificate which is sent by another person but it doesnt contain WWDRCA certificate. now i only have developer and distribution identity certificate.Hazaki
you can download WWDRCA certificate manually also..thats not a big deal actually.. Do u know the process for downloading the WWDRCa certificate???Lackluster
WWDRCA certificate with my apple developer account or their account's WWDRCA certificate.....?Hazaki
certificate from ur developer account would be sufficient... try to request certificate from your keychain and try it out...Lackluster
thanks.. actually they not configured private key for certificate think so bcoz it is not showing any discloser in keychain access .. so i have to request for new certificate....Hazaki
hey dude finally i got the things working... private key is the only thing that caused all these problem.....Hazaki
+1 thanks man ..... really works ... Actually I was following Guide from Apple account and it tells to double click but it works with drag n Drop.Cephalopod
@Azhar: Cooool... nice to hear that from you and thanks for the +1 :-)Lackluster
@ A for Alpha: I am not able to see private key in my keychain. Step 3 of your solution. What should I do now.Lamblike
#5989868. please check this link.Lackluster
+1 from me, too. Same thing, double clicking caused the error but drag and drop worked. Thank you. These certs are doing my head in.Brendanbrenden
developer.apple.com/certificationauthority/AppleWWDRCA.cer down load certificate from hereFaubion
V
11

I had the same issue when I tried to install an iOS push service certificate with the Keychain Access application opened, to solve this problem, I just closed the application, and double click the certificate, then the certificate was installed without any problem.

Vodka answered 4/2, 2014 at 16:40 Comment(0)
O
9

enter image description here

I also faced this problem with the APNS certificate by double click on it getting the error but manually import certificate works for me.

enter image description here

Origan answered 2/6, 2016 at 5:13 Comment(0)
D
3

I've solved the issue by running following commands in terminal. (from googling)

cd /System/Library
sudo chmod -R 777 Keychains

Add the certificate and you should not get the error.

sudo chmod 755 Keychains
sudo chmod 644 Keychains/*

NOTE: This was me eons ago, trying to get through problem at that time. I would not recommend doing this.

Duarte answered 19/5, 2011 at 6:55 Comment(2)
Or just unlock the System keychain by clicking padlock, otherwise you can run Keychain access by root e.g. sudo /Applications/Utilities/Keychain\ Access.app/Contents/MacOS/Keychain\ AccessKnowitall
Whatever you are hoping to accomplish, chmod 777 is wrong and dangerous. You will want to revert to sane permissions ASAP (for your use case, probably chmod 755) and if you have had world writable system files on a public-facing system, at the very least investigate whether it could have been breached and used as a pivot point for breaking into your organization’s network.Heterochromatin
L
2

The default keychain is the one that Keychain Access shows in boldface in the list of keychains. Usually, it's the "login" keychain. Open up the default keychain and look for your certificate. If you find it, make sure there's a little disclosure triangle to its left. Clicking on that triangle should reveal the private key. If you don't have all that, you won't be able to sign binaries.

Londrina answered 23/3, 2011 at 5:28 Comment(5)
oh yes.. you are right there is no discloser triangle on left so how to fix this...Hazaki
Make sure you dropped your certificate into the right keychain, for starters. If I remember correctly, I think you can drop the certificate file that you downloaded from the portal onto Xcode and Xcode will try to put it in the right spot. If all else fails, you may need to create a new certificate signing request, upload to the portal, download your certificate, and try again. That shouldn't really be necessary, but neither of us probably knows exactly where you went wrong, so it might be the most expedient solution.Londrina
Find the file in your Downloads folder and drop it onto Xcode's application icon.Londrina
ya i dropped like that but nothing happeningHazaki
Things may have changed since I last did this. Best advice: carefully follow steps in the developer portal under Certificates->How To. Those instructions are generally up-to-date, and even wizened old developers sometimes go back to them and learn new things. ;-)Londrina
C
0

In my case, I had to create a new .certSigningRequest file by following the steps here.

And Then I've to create the certs again with this new file.

Calie answered 2/5, 2018 at 11:23 Comment(0)
T
0

Just had the same error. Found that after quitting keychain access and double-clicking the AppleWWDRCA.cer and developer_identity.cer it worked fine. It added them to the login keychain instead of attempting an add to system roots keychain.

Tapis answered 4/9, 2018 at 15:45 Comment(0)
P
0

Quit keychain access and double-clicking the AppleWWDRCA.cer and developer_identity.cer it worked fine. It added them to the login keychain instead of attempting an add to system roots keychain.

Apple Discussion link: https://discussions.apple.com/thread/2343078

Pedroza answered 30/10, 2018 at 6:15 Comment(0)
V
0

This work for me:
_Log to root with your terminal:

> chmod 755 your-certificate (You can use 777 if 755 not work actually 755 = read & execute)
> Drag the certificate file into Certificates Category in Keychains

I hope this helps you like it to help me too, cheer.

Voyageur answered 28/8, 2020 at 5:6 Comment(1)
Whatever you are hoping to accomplish, chmod 777 is wrong and dangerous. You will want to revert to sane permissions ASAP (for your use case, probably chmod 755) and if you have had world writable system files on a public-facing system, at the very least investigate whether it could have been breached and used as a pivot point for breaking into your organization’s network.Heterochromatin
J
0

I know there could be many unknown reasons for this to happen.

For me it was the following:

  • As many of you did/do, I too had the Keychain Access app and Xcode opened behind while I double tapped on the downloaded certificate (.cer) file(s).

  • Soon after I closed the Keychain Access app and tried it out again, the following things happened accordingly:

    • OS prompted me the OS Login prompt asking to allow access to modify the Keychain just to install the Certificate

enter image description here

  • Soon after I entered the Password and allowed it, the certificate got installed, automatically opened the Keychain app, and displayed that the Certificate related log was enlisted.
Jews answered 28/8, 2021 at 9:51 Comment(0)
S
-1

I have a similar issue, may be the certificate which you are trying is not valid.Create a new certificate from developer portal and try again.it should work.

Shy answered 30/5, 2017 at 5:28 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.