Your account already has a valid Developer ID Application certificate

Question

The last couple of days I've struggled with code signing my cocoa app in Xcode. I've read through all similar topic that looked to be related, but nothing has helped.

Whenever I try to export my archive I get this error message:

I've tried to delete everything in my keychain and all profiles/certificates that I'm allowed to delete/revoke in the member center. However, I still get the same error with no "Fix" or "Reset" button. How should I proceed in order to get my application signed for distribution outside of store?

I'm hitting this same issue. Have you by chance submitted a support request or radar to Apple? — pkamb, Dec 03 '15 at 00:53
No, I used my old developer profile export from backup that worked. Sorry. — NeoID, Dec 03 '15 at 11:26

FreeNickname · Answer 1 · 2016-02-19T19:46:41.303

23

Go to Preferences -> Accounts, choose your account, click "View Details" in the bottom right corner and in the dialog click Download all in the bottom left corner.

Also, take a look at fastlane.tools. It is a great set of tools, which is, among other things, capable of dealing with code signing issues. Calling cert and sigh is sometimes enough to deal with many code signing-related problems.

edited Feb 19 '16 at 19:46

answered Dec 03 '15 at 20:08

FreeNickname

7,398
2
30
60

1

I had this issue and the "download all" thing made it go away. thanks! – spinalwrap Dec 05 '15 at 00:32
@user2357250, you're welcome :) I run into this issue periodically too :) – FreeNickname Dec 05 '15 at 09:52
1

@FreeNickname should fastlane.io be fastlane.tools? – Kyle Feb 19 '16 at 18:54
Unfortunately the "Download All" button did not resolve the issue for me. Something else must be awry. – Simon East May 01 '17 at 02:49

score 11 · Answer 2 · answered May 14 '16 at 06:48

I had installed my Developer ID Application Certificate on a different Mac and was getting the same error as in the question when I tried to use that certificate on a "new" Mac.

This fixed it for me:

I still have the other Mac so I exported the Developer Accounts from that one again:

Go to XCode | Preferences | Accounts
Click the "cog" in the bottom-left-hand-corner next the the plus and minus signs
Click "Export Developer Accounts"
Save the exported file somewhere accessible to your other Mac

Then, on my "new" Mac:

Go to XCode | Preferences | Accounts
Select the Apple ID that represents my dev certs
Click the minus sign in the bottom left hand corner to delete that account
Quit XCode
Open Key Chain Access
Delete all Developer Certificates
Close Keychain Access
Go to XCode | Preferences | Accounts
Click the "cog" in the bottom-left-hand-corner next the the plus and minus signs
Click "Import Developer Accounts"
Select the file exported on the "old" Mac above and import

This is the exact right thing to do. The root cause for these errors is that your Mac does not have the private key for your certificate. If you follow these steps it will transfer all that you need( private key, certificate, profiles, etc) in one file which you can import. You HAVE to delete any old invalid certificates from your Keychain Access, this is the key step that I missed which kept screwing me up. — Ted, Aug 18 '16 at 04:06
This was the perfect solution to my issue too. I have just bought a new machine and had a number of issues. This solved it...thanks. — Chris, Jul 01 '17 at 18:35

pkamb · Answer 3 · 2017-03-06T18:55:31.750

I'm hitting this same issue.

The error appears to be telling you that valid Developer ID Certs have been created under your developer account, but they are not currently on your Mac, so they cannot be used.

The solution would be to download the Developer ID Cert(s) from the web. However, you likely do not have the Private Key used to sign these certs. So at this point they are rather useless.

In my case, the further problem is that I already have 5 Developer ID Certificates in my account. I'm not quite sure where these came from. They were created years ago, perhaps when I was attempting to create Mac App Store certs? Or perhaps by clicking that damn Fix Issue button...

There appears to be a limit of 5 Developer ID Certificates per developer account, by default.

Developer ID Certificates are created, now, through Xcode rather than via the Members Center:

However, in Xcode, there is no longer a button to "Create" a new cert. The only button is "Reset". This button simply links me back to the Members Center in my web browser, so is completely useless...

Via the Members Center, Developer ID Certificates cannot be revoked, as you would an iOS or Mac App Store certificate. The "Revoke" button is Grayed out.

You can’t revoke Developer ID or Pass Type ID certificates using Member Center. Instead, send a request to Apple at product-security@apple.com to revoke these types of certificates.

Apple will only revoke these certificates in cases of security, to disable installation of the app on all client machines. I've tried emailing the above address, and they told me they could not revoke the cert.

The solution, then, is to have additional Developer ID Certificate slots added to your account, past the limit of 5.

Product Security told me, rather than revoking the certs,

We encourage you to contact Apple Developer Connection at https://developer.apple.com/support/ to resolve the issue you’re experiencing.

I've now contacted developer support. I recommend calling. They are currently, hopefully, setting up new Developer ID slots on my dev account.

When you create a new Developer ID Certificate that you will actually use, be sure to back up the Certificate and Private Key so that you do not hit this issue in the future.

EDIT:

I waited for over a month, I believe, with no response. I happened to have a ticket to an Apple TV Tech Talk and talked to an Apple representative at their lab. He was able to reset my Developer ID Certificate limit in about 5 minutes. So this is possible, but to expedite the process I would attempt to talk with a Developer Evangelist at Apple either in person or over the phone.

This procedure worked for me, coming from a slightly different scenario: the private key for my original certificate was lost in a hard drive wipe. Thanks! — John Walthour, Jan 25 '17 at 15:46

score 2 · Answer 4 · answered Nov 11 '15 at 13:48

2

One issue could be the private key is missing for your developer cert. With Keychain Access find your developer cert and verify it has a little triangle beside it. Click on the triangle to reveal the private key.

If it's not there you'll need to restore this private key from the Mac you created your certificate.

Otherwise, delete the cert from the Apple Developer website and then create a new one.

answered Nov 11 '15 at 13:48

bbarnhart

6,620
1
40
60

1

That's what I've been trying to do, but it doesn't solve the issue. Logging into the member center I see that I have 7 certificates I for some reason can't revoke. So I created a new "Production->Developer ID", but on the next screen "Developer ID Application" is greyed out for some reason. I've tried multiple times letting Xcode resolve the issue without luck. In my build settings I'm using "Developer ID" and set "Team" to my Companies name.After deleting everything I now get "No valid sign identities... Fix issues" on the General tab. Doing a new export gives me the same error message. – NeoID Nov 11 '15 at 19:52
Please post screenshots. Do you only have "member" access? – bbarnhart Nov 11 '15 at 20:01
No, I have admin-access. There isn't much to show. I have 7 certificates under "Mac developent" and all of them have a greyed out "Revoke" button. I normally let Xcode handle all that...However, I managed to find another Mac lying around with my old developer profile. Exporting and importing that seemed to solve the issue. Even though this might not help the next person Googling this issue. – NeoID Nov 11 '15 at 20:24
If you're only a member you need to create a certificate signing request and your team admin will need to approve it. This is why Xcode can not automatically fix this for you. – bbarnhart Nov 11 '15 at 20:27

score 1 · Answer 5 · edited Nov 29 '17 at 16:59

Same issue here but i was using "automatically manage settings" on Xcode 8. And for a particular reason there were two distribution certificates in my developer account.

Xcode seems to choose the most recent automatically and I didn't have it installed on my mac. So I switch to the old way by creating manually my app ID and my provisioning profile (which use the appropriate certificate) and it works :)

score 0 · Answer 6 · answered Oct 31 '16 at 09:08

0

I had similar issue. I've discovered that my provisioning profile was invalid since I've updated iOS Developer certificate. After PP regeneration everything works as expected.

answered Oct 31 '16 at 09:08

Timur Bernikovich

5,660
4
45
58

score 0 · Answer 7 · answered Apr 20 '17 at 21:43

I ran into this same issue, and I fixed it at last. There are some tips:

in Xcode -> Preferences -> Accounts, click button View Details, then click button Download All Profiles
in Keychain Access, check if the certificate exists. if not, choose File->Import items, then choose the .cer file you download from developer website

Hope it helps.

score 0 · Answer 8 · answered Sep 17 '17 at 14:42

0

On Xcode Version 8.3.3 go to Preferences ->Accounts -> Manage Certificates -> then click (+) ->on dropdown menu click iOS Development. Do the same for iOS App Store -> Done -> Download All Profiles.

answered Sep 17 '17 at 14:42

Dorald

724
7
12

score -1 · Answer 9 · answered Jul 18 '16 at 13:50

-1

If you have changed the machine Exporting the developer account from old mac and then importing into new mac solves the problem

answered Jul 18 '16 at 13:50

Vaibhavi

1
1
4

Your account already has a valid Developer ID Application certificate

9 Answers9

Linked