50

Am landed with following error "“System Roots” keychain cannot be modified" when I double tap the certificate. After googling I come to know that drag and drop the certificate is the solution for this.

But even after doing this also in code it says "profile doesn't match valid certificate/private key chain pair in the default key chain"

Any solution?

Null
  • 1,950
  • 9
  • 30
  • 33
nik
  • 2,289
  • 6
  • 37
  • 60

12 Answers12

167

Just try below three steps

Step 1: Open your Keychain Access app.
Step 2: You will see list in left side as 'Login' ,'System' and 'System Roots', just drag your certificate in 'Login' option.
Step 3: You will get certificate install successfully in Keychain Access.

Sunil Targe
  • 7,251
  • 5
  • 49
  • 80
  • 10
    If doesn't work - drag to system and enter pass, certificate will appear in login too – HotJard Jun 28 '13 at 05:18
  • 4
    @Bo Persson I followed your listed steps.But it does not works for me.It always says the warning dialog as "The system Roots key chain cannot be modified".The warning message is To change whether a root certificate is trusted, open it in Keychain Access and modify its Trust Settings. New root certificates should be added to the login keychain for the current user, or to the System keychain if they are to be shared by all users of this machine. – Android_kalai Oct 21 '13 at 06:22
  • 1
    Any idea why I used to just be able to double click a cert to load it up, but now I need to drag it in? – rob5408 Mar 09 '15 at 21:34
22

Step 1 - download your developer certificate and drop in into your DEFAULT keychain

step 2 - download apple WWDRCA certificate and drop into the same keychain.

step 3 - CHECK if there is a private key along with your certificate. (you should be able to see tiny triangle beside your certificate. Click on it to see if your private key is present or not)

step 4 - download the provisioning profile from the developer portal and drop into your xcode.

Try to do these things first. If you still get a error, then delete the extra apple certificates in your keychain and try the process once again.. it will do the trick...

A for Alpha
  • 2,904
  • 8
  • 42
  • 76
  • NO.... certificate without private key is almost useless. i faced the same problem 2 weeks ago and it took me almost a week to get rid of it – A for Alpha Mar 23 '11 at 06:01
  • is it possible to add key to existing certificate ..? – nik Mar 23 '11 at 06:11
  • as far as my knowledge goes you can not do it explicitly.... i am not sure about it.. but it is better for you to follow the above 4 steps which would just take 15 mintes of your time to solve the problem – A for Alpha Mar 23 '11 at 06:18
  • actually am trying to import the certificate which is sent by another person but it doesnt contain WWDRCA certificate. now i only have developer and distribution identity certificate. – nik Mar 23 '11 at 06:22
  • you can download WWDRCA certificate manually also..thats not a big deal actually.. Do u know the process for downloading the WWDRCa certificate??? – A for Alpha Mar 23 '11 at 06:37
  • WWDRCA certificate with my apple developer account or their account's WWDRCA certificate.....? – nik Mar 23 '11 at 06:48
  • certificate from ur developer account would be sufficient... try to request certificate from your keychain and try it out... – A for Alpha Mar 23 '11 at 06:54
  • thanks.. actually they not configured private key for certificate think so bcoz it is not showing any discloser in keychain access .. so i have to request for new certificate.... – nik Mar 23 '11 at 07:14
  • hey dude finally i got the things working... private key is the only thing that caused all these problem..... – nik Mar 24 '11 at 05:20
  • +1 thanks man ..... really works ... Actually I was following Guide from Apple account and it tells to double click but it works with drag n Drop. – Azhar Aug 08 '11 at 12:42
  • @Azhar: Cooool... nice to hear that from you and thanks for the +1 :-) – A for Alpha Aug 09 '11 at 04:49
  • @ A for Alpha: I am not able to see private key in my keychain. Step 3 of your solution. What should I do now. – JiteshW Jun 26 '12 at 12:30
  • http://stackoverflow.com/questions/5989368/add-private-key-to-certificate-or-vice-versa. please check this link. – A for Alpha Jun 27 '12 at 08:38
  • +1 from me, too. Same thing, double clicking caused the error but drag and drop worked. Thank you. These certs are doing my head in. – Nick M Dec 12 '13 at 05:36
  • https://developer.apple.com/certificationauthority/AppleWWDRCA.cer down load certificate from here – Kamleshwar Jun 30 '16 at 07:38
11

I had the same issue when I tried to install an iOS push service certificate with the Keychain Access application opened, to solve this problem, I just closed the application, and double click the certificate, then the certificate was installed without any problem.

Tony
  • 1,405
  • 3
  • 20
  • 31
9

enter image description here

I also faced this problem with the APNS certificate by double click on it getting the error but manually import certificate works for me.

enter image description here

Anand Nimje
  • 6,163
  • 4
  • 24
  • 43
3

I've solved the issue by running following commands in terminal. (from googling)

cd /System/Library
sudo chmod -R 777 Keychains

Add the certificate and you should not get the error.

sudo chmod 755 Keychains
sudo chmod 644 Keychains/*

NOTE: This was me eons ago, trying to get through problem at that time. I would not recommend doing this.

palaniraja
  • 10,432
  • 5
  • 43
  • 76
  • 4
    Or just unlock the System keychain by clicking padlock, otherwise you can run Keychain access by root e.g. ```sudo /Applications/Utilities/Keychain\ Access.app/Contents/MacOS/Keychain\ Access``` – kenorb Oct 24 '13 at 12:23
  • Whatever you are hoping to accomplish, **`chmod 777` is *wrong* and *dangerous.*** You will want to revert to sane permissions ASAP (for your use case, probably `chmod 755`) and if you have had world writable system files on a public-facing system, at the very least investigate whether it could have been breached and used as a pivot point for breaking into your organization’s network. – tripleee Aug 28 '21 at 12:11
2

The default keychain is the one that Keychain Access shows in boldface in the list of keychains. Usually, it's the "login" keychain. Open up the default keychain and look for your certificate. If you find it, make sure there's a little disclosure triangle to its left. Clicking on that triangle should reveal the private key. If you don't have all that, you won't be able to sign binaries.

Caleb
  • 124,013
  • 19
  • 183
  • 272
  • 1
    oh yes.. you are right there is no discloser triangle on left so how to fix this... – nik Mar 23 '11 at 05:32
  • Make sure you dropped your certificate into the right keychain, for starters. If I remember correctly, I think you can drop the certificate file that you downloaded from the portal onto Xcode and Xcode will try to put it in the right spot. If all else fails, you may need to create a new certificate signing request, upload to the portal, download your certificate, and try again. That shouldn't really be necessary, but neither of us probably knows exactly where you went wrong, so it might be the most expedient solution. – Caleb Mar 23 '11 at 05:40
  • Find the file in your Downloads folder and drop it onto Xcode's application icon. – Caleb Mar 23 '11 at 05:51
  • ya i dropped like that but nothing happening – nik Mar 23 '11 at 05:55
  • Things may have changed since I last did this. Best advice: carefully follow steps in the developer portal under Certificates->How To. Those instructions are generally up-to-date, and even wizened old developers sometimes go back to them and learn new things. ;-) – Caleb Mar 23 '11 at 06:00
0

In my case, I had to create a new .certSigningRequest file by following the steps here.

And Then I've to create the certs again with this new file.

Napa
  • 306
  • 3
  • 14
0

Just had the same error. Found that after quitting keychain access and double-clicking the AppleWWDRCA.cer and developer_identity.cer it worked fine. It added them to the login keychain instead of attempting an add to system roots keychain.

Neelesh Aggarwal
  • 1
0

Quit keychain access and double-clicking the AppleWWDRCA.cer and developer_identity.cer it worked fine. It added them to the login keychain instead of attempting an add to system roots keychain.

Apple Discussion link: https://discussions.apple.com/thread/2343078

Yogendra Singh
  • 2,063
  • 25
  • 20
0

This work for me:
_Log to root with your terminal:

> chmod 755 your-certificate (You can use 777 if 755 not work actually 755 = read & execute)
> Drag the certificate file into Certificates Category in Keychains

I hope this helps you like it to help me too, cheer.

Rattanakoudom Sambath
  • 306
  • 3
  • 9
  • 1
    Whatever you are hoping to accomplish, **`chmod 777` is *wrong* and *dangerous.*** You will want to revert to sane permissions ASAP (for your use case, probably `chmod 755`) and if you have had world writable system files on a public-facing system, at the very least investigate whether it could have been breached and used as a pivot point for breaking into your organization’s network. – tripleee Aug 28 '21 at 12:11
0

I know there could be many unknown reasons for this to happen.

For me it was the following:

  • As many of you did/do, I too had the Keychain Access app and Xcode opened behind while I double tapped on the downloaded certificate (.cer) file(s).

  • Soon after I closed the Keychain Access app and tried it out again, the following things happened accordingly:

    • OS prompted me the OS Login prompt asking to allow access to modify the Keychain just to install the Certificate

enter image description here

  • Soon after I entered the Password and allowed it, the certificate got installed, automatically opened the Keychain app, and displayed that the Certificate related log was enlisted.
E_net4
  • 27,810
  • 13
  • 101
  • 139
Randika Vishman
  • 7,983
  • 3
  • 57
  • 80
-1

I have a similar issue, may be the certificate which you are trying is not valid.Create a new certificate from developer portal and try again.it should work.

Sandeepkumar Rachha
  • 1
  • 1