With Device | Debug and Code Sign “iPhone Developer” I have no problems getting my app onto the device, but with all other configurations I get this strange error message in XCode Organizer.
That’s a weird error that most of us have encountered one time or the other. Here are my hints how to get it fixed.
Step 1 – Check your Certificates
Make sure that the Login keychain is set to be default. There are applications like supposedly Adobe AIR that change it literally over night. Then you get a message “A valid signing identity matching this profile could not be found in your keychain” in Organizer. Go into keychain access, right-click on the Login keychain and save as default. The message in Organizer should disappear right away.
If you select the Login keychain and “My Certificates” below you want to see your “iPhone Developer” and “iPhone Distribution” certificate with private key attached and valid. The root certificate for these “Apple Worldwide Developer Relations Certification Authority” you want to be present in the system keychain.
Check if XCode is allowed access to the private keys dangling below your certificates. Right-Click on the private key, Get Info. I have it on “Confirm before allowing access” and the following applications are set to always being allowed: codesign, Certificate Assistant (2), Mail, iChat and racoon. I never had to change anything there but it cannot hurt to check.
In Technical Note QA1618 Apple also states that Online Certificate Status Protocol (OCSP) or Certificate Revocation Liste (CRL) might cause problems and recommends leaving them in the default OFF position. Keychain Access – Preferences – Certificates. Again, I never had to change anything there.
Step 2 – Check your Profile
This error means that for some reason the iPhone mobile installer cannot verify the signature of the app. So, first make sure that you actually have a suitable ad-hoc profile loaded onto the device. You can either look in organizer …
Or check on your iPhone itself under General – Profiles:
Several times it happened to me that I was totally sure that I had the correct profile only to find after intensive search that I had not added the device to the ad-hoc profile. I had added my iPhone, but I forgot about my iPod Touch.
If you are uncertain, it does not hurt to quickly check on the dev program portal if your profile includes:
- your device amongst all the others you might have added
- an asterisk or the appropriate bundle identifier prefix
- the correct certificate
Step 3 – Check Your Build Settings
Now that you are sure all is correct with the provisioning profile you need to check if you are using the correct Code Signing Identity. Be sure to check both the project root build settings as well as the settings specific to your target. They might be different!
In the latest version of XCode I found this useful automatic setting. If you choose “iPhone Distribution” it will automatically match your ad-hoc profile. This might also work on earlier versions of XCode but if you want to make absolutely certain that a specific certificate is used then select it there.
Step 4 – The Secret Ingredient!
If you read the documentation on the program portal you know about this step, but Andreas did not. For some esoteric reason for ad-hoc distributions you are required to create an entitlements file in your project and add “Entitlements.plist” in the build settings under “Code Signing Entitlements”.
Add – New File – Code Signing – Entitlements. Make sure the file looks liks this:
In the above build settings you did not see it, I have only added it in the build settings of my target. Right-Click on your target, Get Info.
For Debug and App Store Distribution builds this file and setting are ignored. I have several apps in the store which still have the Entitlements.plist file present, so you don’t need to worry about it. Only for ad-hoc it is mandatory.
Step 5 – Check Your Build
Now you also want to make sure that both the correct certificate is used and the embedded. I routinely Build – Clean All Targets when I am ready to do the finaly build for a release. If you don’t the embedded.mobileprovision file might not get packaged in and without it the app might get rejected right away by the submission process.
Start the Build and switch to the Build Results screen. Switch to text mode by clicking on the small button in the lower left hand corner with the lines.
- your ad-hoc mobile provisioning profile turns into the embedded.mobileprovision
- the Entitlements.plist gets packaged in
- your correct certificate is used for signing
Step 6 – Did You Reboot Your Computer?
If you still get the error you can try out the option to “Empty Caches” under the XCode menu item and build again. I’ve seen that fix the problem a couple of times before.
If all of the above fails you might tap into ancient IT wisdom and do what fixes more than half of IT problems: reboot your iPhone. Don’t laugh, I have seen this fix this error on numerous occasions.
In the end the iPhone is just another computer, sometimes processes might get stuck in a weird state, especially if you do advanced stuff like debugging over USB. A quick reboot and all is well.