Not able to upload the archive to my app store app. XCode is throwing error that I do not have "private key" installed for the distribution certificate I am using, when in fact I have the distribution certificate installed on the keychain and also have exported it as a .p12 key file. I have also tried removing the certificate and add it again from the "Certificates, Identifiers & Profiles" page from my developer account but with no use.
I don't know where I am going wrong here.
Did you solve it ? I got same problem
This means that you have the signing Certificate downloaded in your Keychain, but your do not have the private key that was created along with this certificate in your Keychain.
A Distribution certificate is /only/ half of the equation. A certificate alone will not allow you to sign code or data. You will also need the private key that goes along with that certificate and together a certificate and private key form a signing identity, and that will allow you to sign code or data. You should check to see if the p12 that you are exporting from the Keychain has the private key and the certificate that that make up your signing identity.
If you do not have the private key for your signing certificate then you do not have a signing identity and you cannot sign your app for distribution. To resolve this I would recommend doing one of the following things:
1. Migrate the previous signing identity.
Locate the previous machine that you created your original CSR (Certificate Signing Request) on and migrate it to your current machine. (Note, you may have created the CSR on your machine and deleted it, so you just may need to regenerate this CSR, in which case, move to #2)
A CSR is the cryptographic asset that is used to obtain a Distribution certificate from Apple's certificate authority. You will need to migrate the signing identity out of the Keychain on the previous machine and into the Keychain of the machine your are currently signing your project from.
To migrate your signing identity from your previous Keychain, make sure there is an arrow in the Keychain next to the Certificate, click this arrow to see your private key. This confirms you have a signing identity. Next right click the identity and click export. The file format will be in the form of a p12, or a PKCS12, give it a name and password and click save. Then securely move this signing identity to your new machine and double click it to import the signing identity into your current Keychain. You should now have a signing identity on your machine with a private key to sign code.
If your current machine is the machine that you originally created the CSR on and no longer have access to your private key, then you will need to create a new signing identity. To do that, move on to number 2.
2. Create a brand new signing identity.
First you need to create a CSR. This can be done with the Keychain. The great part about this is that it creates a private key in your Keychain to be used in your future signing identity. To create a CSR, do the following:
Click Keychain Access -> Certificate Assistant -> Request a Certificate from a Certificate Authority. Click saved to disk. Enter your email address or a company email address attached to your Developer Account in user Email Address. (Note that it does not need to be an email attached to a Developer Account, this is just a common pattern)
Click continue and Keychain Assistant will give you a file that looks something like: CertificateSigningRequest.certSigningRequest
Take the CertificateSigningRequest.certSigningRequest file and log into the Developer Portal and click Certificates, Identifiers & Profiles. From there click the blue button at the top next to certificates to create a new distribution certificate. When prompted, upload your CertificateSigningRequest.certSigningRequest file to create your certificate.
Download your new Distribution certificate and double click it on your machine to install it in your Keychain. This will then create the signing identity in your Keychain with the private key that you created with your CSR.
From here you should be able to continue and code sign your code now that you have your private key restored in your signing identity.
If for some reason you are still unable to see the signing identity then the dialog window you are displaying in Xcode may be out of sync with your Keychain. If you have your signing identity in your Keychain, then you should be able to sign code, even if you manually have to select this identity from Xcode.
Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
I downloaded the certificate and the provisioning profile from the developer account and used manual signing in place of automatic signing, that did the trick and I was able to upload to test flight. Also make sure you remove all the other certificates which are not in use.