Certificates, Identifiers & Profiles

RSS for tag

Discuss the technical details of security certificates, identifiers, and profiles used by the OS to ensure validity of apps and services on device.

Certificates, Identifiers & Profiles Documentation

Post

Replies

Boosts

Views

Activity

How to renew ad-hoc provisioning profile without outage
Hello, We currently have an IOS Mobile app using the ad-hoc provisioning profile with a distribution certificate. We are wanting to renew the ad-hoc provisioning profile BEFORE it expires. How do i do this without causing the application to break AND prevent the user from having to re-trust the. Can i simply create a new ad-hoc provisioning profile associated with the old certificate, rebuild the app, and send the link to the user?
1
0
664
Apr ’24
Provisioning profile KVS identifier issue after app transfer
Hello, after migrating one of our apps, APP, from the one developer account to another, we are experiencing an issue with provisioning profiles. In the provisioning profile of APP (com.SOME.APP), we have a wrong value for the com.apple.developer.ubiquity-kvstore-identifier key used for iCloud KVS. The value is OLDTEAMID.com.SOME.APP.EXTENSION while it should be just OLDTEAMID.com.SOME.APP. The previous value must be instead present in the provisioning profiles for the EXTENSION (OLDTEAMID.com.SOME.APP.EXTENSION) for the com.apple.developer.ubiquity-kvstore-identifier key. Please let me know if you know something about this issue. This is blocking us from releasing the application. Thank you!
2
1
616
Apr ’24
Convert Service Id to App Id and create Provisioning Profiles
I have an app already uploaded to app store and its bundle id is service id not app id and i have an update with this app and when i tried to upload a new versions i found errors with bundle id registration and that is no Provisioning Profiles found for this bundle id so i tried to create new Provisioning Profiles with the service id that already connected with my app on app store connect and no luck to create Provisioning Profiles for service id and i cannot now upload a new updates
1
0
484
Apr ’24
In-App Provisioning Entitlement
Hello, Can anybody help me with some info about the following situation? We have an app that is published in the store and it is used by the users. We want implement in the app the In App Provisioning flow and we are analyzing all the steps the we need to check. One of the steps is the request for a special entitlement from apple. Let's say that we've checked the following: Request In App Provisioning entitlement Receive the entitlement Create a new provisioning profile with the received entitlement Start the development of In App Provisioning flow in the app At some point a bug is identified in production and we need the develop a hotfix that needs to be published before finishing the In App Provisioning feature. Wil it be possible to publish a new version of the app that doesn't contain the In App Provisioning functionality even though we have received the entitlement from apple? Should we create a new provisioning profile without the entitlement for this new release? Please let me know if you need more info.
1
0
682
Apr ’24
Can't add provisioning profile to iPhone
I've added my iPhone's correct UDID in the "Devices" section in Apple Developer account, and I created a Development Profile. I then downloaded it (as a .mobileprovision file) and am trying to add it to my connected iPhone via XCode. I'm getting this error message: Failed to install one or more provisioning profiles on the device. Please ensure the provisioning profile is configured to this device. If not, please try to regenerate a new profile. I have ensured the provisioning profile is configured to this device and have tried regenerating it. Same result. My iPhone has "Developer Mode" turned on. How do I troubleshoot this further?
1
0
684
Apr ’24
Error in signing installers using Apple Developer ID Installer Certificate
Hi, I have been using a Developer ID Installer Certificate to sign my installer packages since a long time now. Recently, the sign command started giving me error, Error - Certificate is expired or not yet valid. Please check certificate validity. The certificate itself is valid till 2025, so I am confused on the issue. To get a clearer understanding, I created a new certificate by following instructions in the link, https://developer.apple.com/help/account/create-certificates/create-developer-id-certificates However, when I try to use this to sign my installer package, I get the following error, Unable to build a valid certificate chain. Please make sure that all certificates are included in the certificate file. I am using ZXPSignCmd to sign the installers. Hoping for guidance to a quick resolution.
3
0
759
Apr ’24
Issues while signing macOS app
Hi everyone! We use to have an intel Mac machine where we generate the Developer ID Installer & Application certs for signing and notarization process. This process works sweet. Now, we move from an intel to a m1 Mac machine, where we want to do the same process as before. I had try two different approaches, but ending up with the same result. I export the cert with the private key from my intel to the m1 machine, but when I try to sign, I get: Invalid signature. (Not sure what this error means in this case as everything works on the intel machine. I am guessing the cipher for creating either the private key or the signature differs between the architecture) I try to generate new certs for this m1 machine, but I get the following error: You already have a current Developer ID installer certificate or a pending certificate request. I try with the same account, but also with a different account. In both cases got the same error. I create a ticket for apple, where they said to expect a reply between one and two business days, but no luck yet.
9
0
974
May ’24
Target release_unpack_ios failed: Exception: Failed to codesign
I'm trying to compile my project to upload to the Apple Store, but I'm encountering the following error and I'm not finding a solution. Target release_unpack_ios failed: Exception: Failed to codesign /Users/projetos03/Library/Developer/Xcode/DerivedData/Runner-fawumbalfprcejfqeukpogdffliw/Build/Intermediates.noindex/ArchiveIntermediates/Runner/BuildProductsPath/Release-iphoneos/Flutter.framework/Flutter with identity 8AEA2F49955A0 9A7CD98E041ABA46E18BAE7745E . /Users/projetos03/Library/Developer/Xcode/DerivedData/Runner-fawumbalfprcejfqeukpogdffliw/Build/Intermediates.noindex/ArchiveIntermediates/Runner/BuildProductsPath/Release-iphoneos/Flutter.framework/Flutter: replacing existing signature Warning: unable to build chain to self-signed root for signer "Apple Development: Flavio Alves (36WNMDQCH4)"
2
0
2.1k
May ’24
DriverKit: embedded.mobileprofile has the wildcard USB Vendor ID instead of my assigned Vendor ID
I've added my Vendor ID to the appropriate entitlement files but my binary fails validation when trying to upload it to the store for distribution. The embeded.mobileprovision file in the generated archive shows an asterisk instead of my approved Vendor ID. How can I make sure the embedded provisioning file has my Vendor ID?
4
0
921
May ’24
How does one create a provisioning profile for embedded DEXT for iPhoneOS that is signed with a distribution cert?
I've been developing a solution that has an embedded USB driver. I can build and run my solution just fine but I cannot pass verification for uploading to App Store Correct and TestFlight The problem is that the provisioning profile I am using (for development) does not have the explicit Vendor ID (idVendor) but is using the development value of asterisk "*". I've created a release version of my entitlements file with the proper Vendor ID and I have a distribution certificate for iOS. Further, I've created a provisioning profile for app-store distribution (not development) and imported it via Xcode. When I select this provisioning profile, I get the following errors from Xcode: Xcode 14 and later requires a DriverKit development profile enabled for iOS and macOS. Visit the developer website to create or download a DriverKit profile. Provisioning profile "MyProvisioningProfile - App Store" doesn't match the entitlements file's value for the com.apple.developer.driverkit.transport.usb entitlement. If I create and use a DriverKit profile, The Xcode UI errors go away on the "Signing & Capabilities" page. However, these profiles seem to be for development only. I then get an error, during compilation, telling me that the app and extension have two different signers, one for development (DEXT) and one for distribution (App). To sum up, using a DriverKit profile fails during the build process and using a distribution profile is a non-starter for Xcode. I can't even build. What do I need to do to get this to work?
2
0
708
May ’24
Mobile provision "cannot be copied to this iPad because it cannot be played on this iPad"
Trying to install a mobile provision on my iPad from Windows 10 using iTunes. The error message is as above. I've checked and rechecked the mobile provision. The UUID of my device is contained within my mobile provision. I also tried on MacOS with the same error code. I'm not sure what else to try. I tried making a new mobile provision, I tried readding my device (which isn't possible since it's just the same UUID as an already existing device. I updated iTunes to the latest verison, I've upgraded my iPad OS to the latest version (17.5)
2
0
450
May ’24
About ITMS-91065
In order to facilitate management, we integrate some SDKs such as Firebase into one of our own internally used SDKs. Recently, when submitted to the appstore, we were prompted that FirebaseCrashing included in the SDK lacked the necessary signature (ITMS-91065). The information that can be confirmed is that after packaging the SDK through secondary packaging, the original signature is lost. And we have a static reference. So what I want to ask is whether we can only manually sign our secondary packaging sdk (the signature is our own certificate different from the original Firebase) to solve this ITMS-91065 problem. According to the description of the Apple Developer Conference, Apple only verifies the consistency and security of the SDK and does not record the signature of each SDK on Apple's servers. Therefore, you should only need to ensure that the SDK is in a signed state to comply with Apple's review requirements. (My guess is still being verified)
2
0
1.4k
May ’24
profile doesnt support tap to pay iphone
I'm trying to upload my app with Tap to Pay on iPhone functionality. However, I'm getting error message "Profile doesn't include com.apple.developer.proximity-reader.payment.acceptance entitlement." I've confirmed many times that I have the distribution profile with this capability. Any idea what might be the issue? The development environment works perfectly. please check my post on apple forum. https://forums.developer.apple.com/forums/thread/755736
1
0
902
May ’24
security set-key-partition-list valid values
Hi Devs, i have a question concerning the security set-key-partition-list -S command. I want to use it to enable a code signing certificate being used by codesign and productbuild to sign without sudo or a password prompt. Some sources indicate i need to add codesign: as partition but some don't even mention this. So my question is what partitions are even possible to add? What does partitions in this context mean? How can i find out which i need for productbuild and codesign? Thanks in advance Paul
1
1
777
May ’24
No profiles for ... were found
Hi, I'm having some problems signing my application. Everything was working fine until recently when the certificates expired and I got these kinds of errors when I try to upload the app to AppStoreConnect. I can build the app in dev and production mode without any issue and I can create an archive. Problems occur when uploading to AppStoreConnect. The idea would be to let Xcode take care of signing everything necessary by checking the "Automatically manage signing" box. All my targets are in "Automatically manage signing" mode. I tried to delete all the certificates and provisioning profiles that I found on the Apple portal and then generate them again, but the problem is the same. There are two of us on the team, plus a CI machine (this should be the CI that takes care of signing everything needed to send a release to AppStoreConnect). If you have an idea, I'm interested! Thanks in advance, Alexandre
1
0
1.5k
Jun ’24
Apple TV as iPod in Apple Developer Center
I have a bizzare issue with my Apple TV that is shown as "iPod" in Apple developer portal. It's correctly visible in Xcode as Apple TV, but when I add it to developer portal it says "iPod". The problem is since it's there as an iPod I can't use it to my provisioning profile to build on the device Anyone has any idea how this can be solved? [Edited by Moderator]
3
1
574
Jun ’24