NOTE: You might want to check out my guide to fix code signing problems.
I am getting tons of reports of developers who had to renew their expired certificates and who now find their new profiles unusable. Also affected a developers who had to add new devices to their ad-hoc profile.
Even though everything is done by the book, they are get a “A signing identity matching this profile could not be found in your keychain”.
I experienced certificate expiration first hand, but that was some time before WWDC and so I had no problem creating new certificates and provisioning profiles. But last week, right after WWDC, Apple amended the online process to accommodate new provisioning profiles for push-enabled apps. You have to create a new app id and thus provisioning profile for each and every push-enabled app you want to distribute.
It currently seems as if this change to the process causes non-push-enabled profiles to be faulty in a way that even though the poor developers do everything right they still wind up with the above error message and no way to fix it. Not even my handy guide on how to fix code signing errors helps. I know because I went through it together with several affected developers.
So far we were unable to find a method to make XCode recognize the valid signing identity being present in the login keychain.
Regarding this error Apple has updated Technical Note QA1618 on May 29th. Of the mentioned 4 possible causes only the last one was new to me.
- Your Keychain is missing the private key associated with your iPhone Developer or iPhone Distribution certificate.
- Your Keychain is missing the Apple Worldwide Developer Relations Intermediate Certificate.
- Your certificate was revoked or has expired.
- Online Certificate Status Protocol (OCSP) or Certificate Revocation List (CRL) are turned on in Keychain Access preferences.
If you are one of the unlucky ones who are affected, please let me know if a solution presents itself. I guess all you can do is call Apple and demand that they fix it. Otherwise this is a major failure on their part.
UPDATE: GGG reported that Apple has acknowledged the problem as being on their side:
This is a follow up to Bug ID# 6975707. After further investigation it has been determined that this is a known issue, which is currently being investigated by engineering. This issue has been filed in our bug database under the original Bug ID# 6975258. The original bug number being used to track this duplicate issue can be found in the State column, in this format: Duplicate/OrigBug#.
Thank you for submitting this bug report. We truly appreciate your assistance in helping us discover and isolate bugs.
UPDATE: If you open such a non-working provisioning profile with any text editor you might find when comparing it to a working on that the
Yes. This is a known bug that was reported last night (rdar://6975258/)
We non-Apple folk cannot open those bugs with the rdar URL. But the “Yes” tells the whole story.
UPDATE: A workaround has manifested for people with expired certificates. Last time my certificates expired I was able to continue to use them for a while by setting back the system clock by a day. Loungefan tested it using the magic of his timemachine and reports success:
You are a genius! I also love my time machine. I had been messing up with both my key chain as well as my provisioning profiles in XCode. I restored a bunch of files from the following locations using time machine’s copy of yesterday morning (which is before I started changing things):
After restoring the above items using time machine, I dated back my computer to before the expiration (Jan 16, 2009). Now I can build and deploy into my device again. I don’t have a 3.0 device yet but at least things have started working again. I am using XCode with the latest GM SDK seed. So the problem is not XCode.
UPDATE (the next morning): Developers are reporting that after a downtime the creation of provisioning profiles started functioning again. Apple has silently repaired it without further ado. There was no official announcement but only developers telling other developers the good news via their social media of choice.