Advise anyone on your team: - If you refresh/create a distribution certificate, e-mail the private key to you. - Install that private key in your keychain and you're all set.
> On Jan 27, 2016, at 11:01, Alex Zavatone <[email protected]> wrote: > > Wall of text explaining a distro cert issue that will commonly happen about > every 10 months or so in teams that have more than one person who can > distribute apps. (iOS) > > A summary for what happened was that a month ago, another person on our iOS > team who is allowed to create distributables for their product found out that > the Distribution certificate used in their distro profile was expired. > > This person is on the other side of the planet. > > They refreshed the cert on the dev portal and updated their app's > provisioning profile. > > Then when creating the app distributable through Xcode they found out that > they suddenly lost all code signing privs and their "cert was no longer > found" on their machine, but that "your account has a valid distribution > profile". > > They ended up clicking the Refresh button when exporting their archive as > ad-hoc and provisioning from the Archive: Export window. > > > Fast forward a month. My app needed the push entitlement added to it, so I > added that and noticed that the distro cert used was expired, so I had the > option of using the one that expired next week or using the one that expires > in December. > > I used the one that expired in December. > > I did not create that cert. It is the one that was created by that other > person on the other side of this planet. The cert doesn't tell us who > created it. > > Naturally, I do not have the other person's private key installed on my Mac. > > I download and install the new Ad-Hoc profile, but Xcode wants to use an > older one so, I delete all the profiles in the folder and then refresh and > download all certs from the account window. > > I then try to export the archive with the new provisioning profile. > > Suddenly, I no longer have the ability to code sign my app, because "Your > account has a valid distribution profile, but it is not installed." > > Whaaaaaaa? How did I lose all code signing privs? I have all the certs > installed. I made them, WTF?! > > Fast forward 1/2 a late night of reinstalling developer profiles, and so on > and an early morning text to the other side of the planet. > > What happened was that the new distribution cert that the other person > refreshed ended up being the one that I included in the provisioning profile. > > > ## This is a big issue, because each distribution cert in the developer > portal doesn't tell you who made it. You assume that you have all the certs > installed, because you made them. In this case, the error message in Xcode > is really misleading. Honestly, the only reason I know this happened was > because of a morning call I had with that other person a month ago. > > There was no way to know that the cert I was about to use wasn't one that I > had the private key installed for. > > If I click Refresh in the Export dialog when the error appears, then this > will work for me, but I create the very same problem for the other person > when they need to refresh their profile in 8 months. > > Yes, if more than one person can create app distro certs, then we need to > create the cert, export our private key and send this to all the other people > who can have privs to create or refresh distro certs, BUT… > > this could easily have saved 5 hours stressful hours if each distro cert on > the developer portal displays the user name of the team member who created > (or refreshed) it next to the cert. > > Yeah, we can just click Refresh, but that passes the problem down the chain > to the next developer unless we all expect to create refresh every time > anyone runs into this. > > I do know that I created this very problem for the other team a month ago and > this took up 2 man days of developer time for them when they couldn't figure > out why their ad-hoc distribution profile privs suddenly stopped working and > Xcode reported that their certs. > > If any of you out there have more than one person on a team who can create or > refresh distro certs, please be aware of this. > > If any of you have a better and saner strategy to manage this, I'm all ears. > > Thanks for your time, > Alex Zavatone > > > On Jan 27, 2016, at 9:41 AM, Alex Zavatone wrote: > >> Found out why. This is a dangerous issue for any team who has more than one >> person responsible for creating distributables and will screw teams up at >> least once a year. >> >> Will reply with summary and details on process to manage. >> >> . >> On Jan 27, 2016, at 9:29 AM, Alex Zavatone wrote: >> >>> iOS, Xcode 7.1. >>> >>> Is there any reason that anyone can think of why deleting the provisioning >>> profiles from folder where Xcode downloads them would completely nuke my >>> certificates for code signing all our apps??? >>> >>> I get the dreaded "Your account already has a valid iOS Distribution >>> certificate, but is is not installed" message. >>> >>> I've been the guy in charge of distributing our apps for the past year (on >>> a nearly weekly basis) and now this happens right when we need to >>> distribute to our CEO. >>> >>> >>> What causes this hell? >>> >>> Any ideas? >>> _______________________________________________ >>> Do not post admin requests to the list. They will be ignored. >>> Xcode-users mailing list ([email protected]) >>> Help/Unsubscribe/Update your Subscription: >>> https://lists.apple.com/mailman/options/xcode-users/zav%40mac.com >>> >>> This email sent to [email protected] >> > > > _______________________________________________ > Do not post admin requests to the list. They will be ignored. > Xcode-users mailing list ([email protected]) > Help/Unsubscribe/Update your Subscription: > https://lists.apple.com/mailman/options/xcode-users/clarkcox3%40gmail.com > > This email sent to [email protected] _______________________________________________ Do not post admin requests to the list. They will be ignored. Xcode-users mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/xcode-users/archive%40mail-archive.com This email sent to [email protected]
