I have two certificates in my Accounts>Manage Certificates section. One is active, the other is greyed out with a status of "Not in Keychain". I only have ONE certificate in the developer account online.
Timeline:
-
Had an issue with fastlane codesigning and was trying to resolve that. In that attempt I deleted my related Certificates from my keychain
-
Xcode showed them as disabled (greyed out) and not in Keychain.
-
Look up how to resolve, need to revoke certificates in Developer account online. I go and revoke those certificates. Nothing changes
-
I create new certificate and try to add it to xcode>account>certificate managment>"Apple Development". Get an error saying I can't add a new can't do that because a certificate is already pending.
-
I waited a day because I assumed like somethings with apple, updates are not immediate.
-
I come back the next day and am able to add a new certificate. However, the previous one that is greyed out and reads "Not in Keychain" under Status, is still there.
How do I remove that "Not in Keychain" certificate? I emailed developer support and they directed me here.
I’ve always wondered about those status values, so I did some experimentation today (-:
Remember that to sign code you need a code-signing identity. This is a digital identity, that is, the combination of a certificate and a private key that matches the public key in that certificate. For more background on this, see TN3161 Inside Code Signing: Certificates.
So, there are four possibilities for the Manage Certificates UI:
- No row — If the certificate is not known to the Developer website, there’s simply no row for it in the list.
- Not In Keychain — This means that the certificate is known to the Developer website but there’s no copy of that certificate in your keychain.
- Missing Private Key — This means that the certificate is known to the Developer website and is available locally, but the associated private key is not in your keychain.
- Blank status — If the Status column is blank, everything is copacetic; Xcode will offer that code-signing identity as an option to sign code.
Note If both the certificate and the private key are missing from your keychain, you’ll get the Not In Keychain status:
- If you add just the private key, it’ll continue to be Not In Keychain.
- If you add just the certificate, it’ll switch to Missing Private Key.
- If you add both, it’ll switch to a blank status, indicating that you’re good to go.
How do I remove that "Not in Keychain" certificate?
You should be able to revoke it on the Developer website.
Getting the right certificate is tricky because the name in Xcode doesn’t always match the name on the Developer website. I do this as follows:
- Locate the certificate you want to get rid of in Xcode.
- Hover the mouse over the Name column and you’ll see a tooltip with an expiry date and a serial number. Note those both down.
- On the Developer website, find the certificate with that expiry date.
- Click on it.
- Click the Download button.
- In the Finder, Quick Look the certificate and confirm that its serial number matches the one from step 2.
- Back in Safari, click Revoke and then confirm the revocation.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
