error: The specified item could not be found in the keychain.

During build process, I have been encountering an error "error: The specified item could not be found in the keychain." for the code signing process.

My apple ID joins a developer program of my company. I have 2 macbook - 1 for my personal, and 1 for my company. I can build apps with my personal macbook, but failed with my company one. I have exported the developer account from xcode of my personal macbook, and also imported to the company macbook's xcode.

Both macbooks are macOS Monterey, and both xcode are the same version 13.2.1

For building an app, I've chosen "Automatically manage signing"

Up vote post of stephenman Down vote post of stephenman
2.2k views
Posted by
stephenman
Reply

  • Thx. I just had the same problem for the first time. Can't create a new signing request :(

    fcandi
Add a Comment

Replies

And the certs and keys are separate, don't know why not shown in pairs

Posted by
stephenman
Up vote reply of stephenman Down vote reply of stephenman
Add a Comment

On the Mac that’s having problems, what does the following print?

% security find-identity -p codesigning -v

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo

  • Thank you for your reply!

    The result of the command is:

    0 valid identities found

    stephenman
Add a Comment

OK, that’s not good )-:

In your screen shot I noticed that you have Certificates selected at the top. This, combined with the results from find-identity, suggest that you have copied across these signing certificates but not their matching private keys. Thus you have signing certificates but not signing identities.

If you don’t understand the difference — and, trust me, you’re not the only one, our industry is plagued by this problem — read Certificate Signing Requests Explained for the backstory.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo

  • So, is this problem resolvable? Could you advise what I should do next? Thank you.

    stephenman

  • BTW, I’ve tried to generate a CSR and uploaded to developer portal and got the cert and key installed.

    And also I’ve tried to copy cert and key by exporting from my personal MacBook( the one can go thru the code signing process) in one-go and imported to keychain access of my company MacBook(the one that code signing not working , as well as tried to export the developer account from Xcode from my personal MacBook and import to my company MacBook.

    I know that I need to prepare the cert and key together, but have no ways to get certs and keys in pairs and to show in my certificates tab... sigh...

    stephenman
Add a Comment

I’ve tried to copy cert and key by exporting from my personal MacBook

This should work. The trick is to export the digital identity as a .p12 file. See this post for specific instructions.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo

  • yes, I've exported into .p12 file and double-clicked it in my problem macbook, and inputted the password without error, but the cert and key still not in My Certificate tab, but Certificates tab and Keys tab separately.

    And for this .p12 file, I can use it in MS App Center for building app successfully. So, the problem seems my keychain doesn't work well....

    stephenman
Add a Comment

the cert and key still not in My Certificate tab, but Certificates tab and Keys tab separately.

Hmmm, it’s true that Keychain Access has its fair share of bugs. I know this sounds stupid, but did you try quitting and relaunching it?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo

  • Yes, I’ve quitted and relaunched it. And also restarted the OS but no luck. Do you know if we can re-install the keychain access? I’ve tried to find it in App Store, but not found it...

    stephenman
Add a Comment

Do you know if we can re-install the keychain access?

No. Keychain Access is built in to the OS and, assuming you didn’t go out of your way to disable SIP, can’t be modified.

Just for testing purposes, create a new user account on your Mac (using System Preferences > Users & Groups), log is as that user, and then import the .p12 there. What happens?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Good idea to have a try! Unfortunately, after a try... The below is my new account on the same macbook and after double-clicked the .p12 file....

Posted by
stephenman
Up vote reply of stephenman Down vote reply of stephenman
Add a Comment

Are you sure that this is actually a PKCS#12 file? What does this print:

% file /path/to/my.p12

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo

  • it prints: /path/to/my.p12: data

    stephenman

  • And I just have airdropped this to my another old macbook air to have a try, this file has just added to the My Certificates tab in Keychain Access. So, it works in my personal macbook pro (the source), App Center for building app, my old macbook Air, but my company's macbook pro....

    stephenman
Add a Comment

it prints: /path/to/my.p12: data

OK, that’s what I was expecting.

So, it works in my personal macbook pro (the source), App Center for building app, my old macbook Air, but my company's macbook pro....

Are you missing a “not” in that last clause?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo

  • yes, sorry, but not working in my company's macbook pro...

    stephenman
Add a Comment

not working in my company's [Mac]

I recommend that you escalate this via your company’s IS department.

Importing a digital identity into a keychain should work, and we know it works on your personal machine. Moreover, the fact that it fails when you use a fresh user account means that there’s no lingering configuration issue on your main user account. All that remains is a configuration issue with the Mac itself, and that’s not something I can help you with [1].

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] My experience is that companies often install ‘security’ software that causes all sorts of weird and wonderful problems. The obvious next step here is to disable that software, but I’m not going to advise you to do that without talking to your IS department first.

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo

  • Got it, thank you Eskimo for following up this issue for many days.

    stephenman
Add a Comment