Code Sign Errors: profile doesn’t match any valid certificate/private key pair in the default keychain
December 25, 2009 § 25 Comments
In order to audit and test the app on device before app submission you would have to build the app with valid matching certificate and provisioning profile.
Possible causes to trigger a Code Sign error
- switch from individual developer account to corporate developer account on the same mac
- upgrade iPhone SDK version
- upgrade device iPhone OS version
- switch to another mac
- lost public/private key
- certificate expired
- certificate invalid
Possible Code Sign Errors:
- developer certificate can’t be found
- provisioning profile can’t be found
- profile doesn’t match any valid certificate/private key pair in the default key chain
Code sign errors will cause device errors showing orange light
I am sharing the process of removing the Code Sign errors and/or device error orange light. Keep in mind you would have to follow the Program Portal instruction for detail steps. Don’t skip any steps or mix any step orders.
Provisioning profile would throw you errors if you didn’t use the valid certificate to generate the public/private key and provisioning profiles.
What can be kept the same
- App IDs
First of all you must delete the following to avoid unnecessary troubleshooting and matching conflicts on your mac in keychain, harddrive, Xcode organizer, and on your device.
- keychain > developer certificate
- keychain > private/public key
- device > settings > general > profile > provisioning profile
- xcode > organizer > devices > provisioning > provisioning profile
- iphone configuration utility > provisioning profiles > provisioning profile
Note: iphone Configuration Utility is a FREE tool you can download. If you don’t have it you can manually delete the provisioning profile.
Revoke your certificate even it is not expired. Revoke your existing certificate and re-create your certificate again. Every step must be executed in the right order. If you forget a single step you would get the same Code Sign error.
Step 1) Generate a Certificate Signing Request (CSR)
Applications > Utilities > Keychain Access
In the Preferences menu, set Online Certificate Status Protocol (OSCP) and Certificate Revocation List (CRL) to “Off”.
Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority
Name and email address entered matches the information that was submitted when you registered as an iPhone Developer.
Select the ‘Saved to Disk’ radio button and if prompted, select ‘Let me specify key pair information’ and click ‘Continue’. No CA (Certificate Authority) Email Address is required.
If ‘Let me specify key pair’ was selected, specify a file name and click ‘Save’. In the following screen select ‘2048 bits’ for the Key Size and ‘RSA’ for the Algorithm. Click ‘Continue’.
CertificateSigningRequest.certSigningRequest CSR file on your desktop is created on desktop.
Step 2) Submitting a Certificate Signing Request for Approval
Certificates > Development
Request a certificate. Click the ‘Choose file’ button, select your CSR and click ‘Submit’. Request your page until you see the update status. Click the ‘Approve’ button.
Step 3) Download & Install Developing Certificates
Certificates > Distribution
Control-click the WWDR Intermediate Certificate link and select “Saved Linked File to Downloads” on desktop
Double-click the WWDR Intermediate certificate AppleWWDRCA.cer to launch Keychain Access and install
Download their certificates. Double-click the downloaded .cer file developer_identity.cer to launch Keychain Access and install your certificate.
To verify the success install, you would see 1) Apple Worldwide Developer Relations Certfication Authority Certificate 2) iPhone Developer: Team Leader Certificate
Step 4) Update the existing Provisioning
No need to remove the provisioning profile. Click the ‘Modify’ button. Check the box on Certificates. Submit to save the Development Provisioning Profile.
Step 5) Install a Development Provisioning Profile
Download the profile developer_profile.mobileprovision
Drag the downloaded file into the ‘Organizer’ window within Xcode. This will automatically copy the .mobileprovision file to the proper directory. If the directory does not exist you will need to create it. Click on the ‘+’ button in the Provisioning section of the Organizer window to install your .mobileprovision file.
Step 6) Build & Install App on device
Launch Xcode and open your project. Select ‘Device – iPhone OS’ from the ‘Device | Debug’ drop down menu.
Highlight the project Target and select the ‘Info’ icon from the top menu bar. Navigate to the ‘Build’ pane. Click the ‘Any iPhone OS Device’ pop-up menu below the ‘Code Signing Identity’ field and select the iPhone Development Certificate/Provisioning Profile pair you wish to sign and install your code with.
Your iPhone Development certificate will be in bold with the Provisioning Profile associated with it in grey above. In the example below, ‘iPhone Developer: Team Leader’ is the Development Certificate and ‘My Development Provisioning Profile’ is the .mobileprovision file paired with it.
If the private key for your iPhone Development certificate is missing, or if your iPhone Development certificate is not included in a provisioning profile, you will be unable to select the iPhone Development Certificate/Provisioning Profile pair and you will see the following. Re-installing the private key or downloading a provisioning profile with your iPhone Development certificate included in it will correct this.