Missing Code Signing Certificate in Profile Manager

Similar Messages

• "Invalid Provisioning Profile. The provisioning profile included in the bundle {BUNDLENAME} [{BUNDLENAME}.app] is invalid. [Missing code-signing certificate.]" for brand new, vanilla Mac App

  In OS X Maverick's XCode, I created a brand new Mac > "Cocoa Application", with Core Data and Spotlight Importerl; about as vanilla a Cocoa application I could muster. 
  Under Preferences > Accounts, I signed in to my Mac Developer Account.
  In Targets > Identity, I set Signing to "Mac App Store", and was able to select my Mac Developer Account for "Team".
  I then went to Product > Clean, and then Product > Build for... > Running, and then Produt > Archive.
  In the Organizer, I select the resulting .app and click "Validate", and hit the Mac App Store radio, and hit "Next", and it's able to log into my Mac Developer Account.
  I select my Provisioning Profile in the dropdown, and click "Validate".
  It comes back with several errors:
  1 - "Invalid Provisioning Profile. The provisioning profile included in the bundle {BUNDLENAME} [{BUNDLENAME}.app] is invalid. [Missing code-signing certificate.] For more information, visit the Mac OS Developer Portal."
  2 - "The bundle identifier cannot be changed from the current value, '{DIFFERENT-BUNDLE-FROM-OTHER-PROJECT}'.  If you want to change your bundle identifier, you will need to create a new application in iTunes Connect.
  3 - Invalid Code Signing Entitlements.  The entitlements in your app bundle signature do not match the ones that are contained in the provision profile.  The bundle contains a key that is not included in the provisioning profile: 'com.apple.applications-identifier' in '{BUNDLENAME}.app/Contents/MacOS/{BUNDLENAME}'
  I was able to do the same process before, for a vanilla app, before Mavericks.  I'm not sure if this is a Mavericks error, or a fact that now I have multiple app projects.  Particularly odd is that DIFFERENT-BUNDLE-FROM-OTHER-PROJECT in error (2) is not the same bundle name as the current project's bundle.
  Would love any help you can provide!  Thank you!

  Seen this thread?
  New codesign behavior, --deep option 
  "Code signing has some interesting changes in Mavericks (that apparently haven't made it into the release notes yet...). Note that this is a change to the operating system, not to the devtools."

• What kind of code signing certificate do I need for Profile Manager?

  I'm new to Lion Server and the Profile Manager, and I'm wondering what kind of CA-recognized code signing certificate I would need to buy to use in the Profile Manager -> Sign configuration profiles? For example, Verisign sells a bunch of different kind (http://www.verisign.com/code-signing/): Microsoft Authenticode, Java, etc.
  Patrick

  The cable should be just the normal one, the special smarts that tell the tablet to charge at full speed is in the power brick.

• Code Signing Certificate Renewal for Profile Manager

  Currently we have around 800 ipods/iphones around the globe that were all enrolled into our Profile Manager in the past year.  In one month our Code Signing Certificate will expire on ALL of those devices.  I have updated the certificate on our Profile Manager server and installed that into the Profile Manager.
  How do I update all of the devices in the field with the new certificate?  It is not possible for every one of those devices to be re-enrolled.  These are systems that we give to our customers to use for a specific purpose and they have no clue how to do anything with the MDM or the profile manager.  Apple - this wasn't well thought out...

  After loading the new certificates into the OS X Server box, the client devices will have to use the Profile Manager User Portal to load the updates.
  Here is the Apple documentation on updating the Profile Manager certificate (HT5358), though you may well have found that document already. 
  Unfortunately, the users have to navigate to the portal for that, or you'll have to manage a short-notice device swap.  (If it were even possible here, I'm not sure I'd want folks loading new certs via email, either...)
  If the existing Profile Manager solution doesn't meet your particular needs, then there are alternative MDM solutions around from other vendors, and that are also compatible with the OS X Server and iOS provisioning mechanisms.
  {FWIW, this is a user forum and the folks from Apple may or may not see your report.  If you have acccess to it, the Apple bugreport tool is a common way to log an enhancement request that the folks from Apple will see.}

• Profile Manager Code Signing Certificate from GoDaddy .spc

  Convert the .spc to .cer for Profile Manager compatability.
  Thought I'd share how to convert a code signing certificate acquired from go daddy as it downloads as a .spc file that Profile manager will not accept.
  When you download your code signing certificate from go daddy it will be a .spc file as stated above, and profile manager needs a .cer file.
  Take your .zip file over to a Windows 7 or better PC and double-click the .zip file.
  Then double-click the enclosed certificate.
  This will open the windows certmgr.
  Expand the certificate and locate your certificate (Should be the one with your company name )
  Right-Click the desired certificate, select all tasks, then Export
  Export the certificate as a DER .cer file.
  Now copy the exported .cer certificate to your Server App/Certificates and import it into the Pending Certificate.
  Once that's done also add the .cer certificate to your keychain.
  Remember to replace the expiring certificate if applicable
  LJS

  After loading the new certificates into the OS X Server box, the client devices will have to use the Profile Manager User Portal to load the updates.
  Here is the Apple documentation on updating the Profile Manager certificate (HT5358), though you may well have found that document already. 
  Unfortunately, the users have to navigate to the portal for that, or you'll have to manage a short-notice device swap.  (If it were even possible here, I'm not sure I'd want folks loading new certs via email, either...)
  If the existing Profile Manager solution doesn't meet your particular needs, then there are alternative MDM solutions around from other vendors, and that are also compatible with the OS X Server and iOS provisioning mechanisms.
  {FWIW, this is a user forum and the folks from Apple may or may not see your report.  If you have acccess to it, the Apple bugreport tool is a common way to log an enhancement request that the folks from Apple will see.}

• Profile Manager - no code signing certificate?

  I'm starting with a clean install of Lion Server. DNS is on an Xserve running Leopard Server.
  - CA signed certificates in place
  - DNS working fine
  - I create an OD Master (I've done this through Server.app, Server Admin and from hitting the "configure" button in Profile Manger, which triggers building an OD Master), and when the OD Master is built, an OD-based CA is created along with an OD-based intermediate certificate, but (and this is my problem), the OD-based code signing certificate is never produced, thus I don't have a code signing certificate to select when trying to enable "sign configuration profiles"?
  This is driving me insane. Anyone know why the code signing certificate isn't being generated?
  Thanks,
  Kristin.

  I'm starting with a clean install of Lion Server. DNS is on an Xserve running Leopard Server.
  - CA signed certificates in place
  - DNS working fine
  - I create an OD Master (I've done this through Server.app, Server Admin and from hitting the "configure" button in Profile Manger, which triggers building an OD Master), and when the OD Master is built, an OD-based CA is created along with an OD-based intermediate certificate, but (and this is my problem), the OD-based code signing certificate is never produced, thus I don't have a code signing certificate to select when trying to enable "sign configuration profiles"?
  This is driving me insane. Anyone know why the code signing certificate isn't being generated?
  Thanks,
  Kristin.

• Configuration Profile Code-Signing Certificates

  Today, I learned that the Code-Signing Certificate used for signing Device Configuration Profiles is _different_ (and much more expensive) than the SSL Certificate used by other Lion Server services.
  I understand that these certificates follow a trust _chain_, and that Lion Server creates a default Code-Signing certificate based on the self-signed certificate it creates during setup. Since then, I've replaced my self-signed SSL Cert with a fully verified one.
  How can I use OpenSSL to create a Code-Signing certificate based on my purchased SSL Certificate, just like Lion Server did?

  You must obtain a code-signing cert from a trusted authority or it won't be trusted by any of your clients.
  ** Code-signing your profiles is kind of pointless if you're a small business or school. This is only useful if you're a large enterprise (or maybe a college or university) deploying profiles to many devices and are worried about tampering. A signed SSL cert more useful than a code-signing cert.
  ** (This is totally my opinion but that's how I see it. Code-signing certs allow your clients to determine that the code is in fact from you and it hasn't been altered in transit to the client. If this is really a concern for you then you would need to obtain a cert from a trusted authority, but I bet it's not...)

• Managing Windows Phone's and Symantec Code Signing certificate

  Hi,
  We need to renew the code signing certificate from Symantec. However, we only use it to manage the Windows Phone devices and don't publish apps. Do we still need to spend $300 on renewing this cert? Can't I manage them for free like our iOS and Android devices?

  You REQUIRE the Symantec Code Signing Certificate to manage Windows Phones via Windows Intune. This is a requirement of the device rather than the management solution.
  You CAN manage Windows Phones without this cert using only Exchange active sync management in Intune. However this management is very basic and has no advanced features (basically the features provided by Exchange rather than Intune).
  Gerry Hampson | Blog:
  www.gerryhampsoncm.blogspot.ie | LinkedIn:
  Gerry Hampson | Twitter:
  @gerryhampson

• The name ("common name") of a valid code-signing certificate in a keychain within your keychain path.   A missing or invalid certificate will cause a build error.  [CODE_SIGN_IDENTITY]

  The name ("common name") of a valid code-signing certificate in a keychain within your keychain path.   A missing or invalid certificate will cause a build error.  [CODE_SIGN_IDENTITY]

  If you could ask a coherent question, maybe...
  Perhaps you should be posting in the developers forums...

• ERROR ITMS-9000: Missing Code Signing Entitlements when adding app to Apple App Store

  My client is getting the following error when sending my app (compiled in Flash Pro CC 2014 with AIR SDK 15.0.0.356) to the Apple app store:
  ERROR ITMS-9000: "Missing Code Signing Entitlements. No entitlements found in bundle
  'com.xxxxxx.xx.xxx' for excutable 'payload/xxxxx.app./xxxx'.""
  He is saying that I need to send them the entitlements file.
  I can't find out any information about this with regards to Adobe Air compiled iOS apps, apart from this old post:
  Adding iOS entitlements to AIR apps
  which states that 'the packager configures the entitlements file '
  Can anyone explain what might be missing here?
  Thanks,
  Alan.

  It looks as if this problem is solved by doing step 2 from here:
  http://dev.mlsdigital.net/posts/how-to-resign-an-ios-app-from-external-developers/
  It basically states that the client needs to produce the entitlements file and lists the following that the client will provide themselves:
  A “Mobile Provisioning Profile”
  An “Entitlements.plist”
  An “iOS Distribution Certificate”
  iReSign OS X app (or you could use command line)
  Hope this helps someone. We've run into quite a few problems trying to get the Flash Air compiled App to both enterprise and Apple Store as it can't come from us (the developers) it has to be signed and delivered from the client.

• Code Signing Certificate Options

  Hi Guys,
  Have just finished and Air application and need to sign it before distribution.  Anyone got any good advice on the pros and cons of the various Code Signing options for Adobe Air out there?
  Richard

  I have just created a self-signed code-signing certificate, I used XCA to generate it which is a front-end for openssl. Obviously being generated from a self-signed rootCA it is not going to be trusted by the outside world but it is good enough for an internal Profile Manager setup since the enrollment process will automatically trust your own self-signed rootCA.
  Anyway, when trying to install it I did come across a gotcha which might help you and others here. I found that if I imported the certificate in to Keychain Access e.g. by double-clicking on it, then Server.app did not list it as an available certificate for Profile Manager code-signing. However if instead I used the option in Server.app under Profile Manager to import the code-signing certificate it was accepted.
  In theory importing via Keychain Access should work as well but it did not, so if you have been doing it that way try importing via Server.app instead.
  If you have already imported it via Keychain Access just delete it from your Keychain and try again.
  With regards to the suggestion from ajm_from_WA for buying one from www.ssls.com I could not find any code-signing certificates listed on their website. These are different to ordinary website certificates.

• Renew my code sign certificate?

  I run a Mavericks server that serves profile manager, file, and time machine services. My code sign cert expires in a couple weeks. When you go into Server.app > Certificates and double click on it, there isn't a "Renew" button like there is for other certs I've renewed.
  How would I renew this? And what impact would it have on my running services (ie. would I have to re-enroll everyone in profile manager)? Thank you.

  Does OS X Server: Renewing Profile Manager's code signing certificate - Apple Support help?

• Certificate and Profile Manager

  I've had my server setup and running for awhile now and its working fairly well for the first time in months.
  However, when trying to enable Profile manager, I got this error:
  The error occurred while processing a command of type 'exportIdentity' in plug-in 'servermgr_certs'.
  I've had OD up and runnig for awhile and the system made its typical OpenDirectory Intermediate CA as part of that process.
  But in addition to the above error, when I go to profile manager, no certificate shows up.  Any ideas how to fix this error?

  I'm running into the same problem.  I upgraded an Open Directory server from 10.6.8 to 10.8.2.  I'm running the latest version of Server.app.  I have a valid code signing certificate from DigiCert.  When I try to import it I get errors and now when I open up the Profile Manager service I receive the error "'exportidentity' in plug-in 'servermgr_certs'".  I can only choose a self-signed cert and even with that chosen I still receive that error.

• Code-signing Certificate Provider for Mavericks Server?

  Our Digicert Code Signing Certificate [which worked fine in Mountain Lion Server but doesn't work in Mavericks Server no matter what I try] is about to expire, and I'm wondering if anyone could recommend a vendor whose code-signing certificates definitely work with Mavericks Server?

  I have just created a self-signed code-signing certificate, I used XCA to generate it which is a front-end for openssl. Obviously being generated from a self-signed rootCA it is not going to be trusted by the outside world but it is good enough for an internal Profile Manager setup since the enrollment process will automatically trust your own self-signed rootCA.
  Anyway, when trying to install it I did come across a gotcha which might help you and others here. I found that if I imported the certificate in to Keychain Access e.g. by double-clicking on it, then Server.app did not list it as an available certificate for Profile Manager code-signing. However if instead I used the option in Server.app under Profile Manager to import the code-signing certificate it was accepted.
  In theory importing via Keychain Access should work as well but it did not, so if you have been doing it that way try importing via Server.app instead.
  If you have already imported it via Keychain Access just delete it from your Keychain and try again.
  With regards to the suggestion from ajm_from_WA for buying one from www.ssls.com I could not find any code-signing certificates listed on their website. These are different to ordinary website certificates.

• Lion Server: Why is our Code Sign Certificate not accepted ?

  Hello,
  our Lion Server (10.7.5) is running fine, but since we restored it from a back-up Profile Manager no longer accepts the Code Signing certificate despite the fact that it is shown as valid in Server App's Manage Certificates.
  I tried everything from deleting the device manager postgrep db, and restoring it as described in
  https://discussions.apple.com/thread/3791994?start=0&tstart=0
  Backup and delete db:
  sudo pg_dump -U _postgres -c device_management > $HOME/device_management.sql
  /usr/share/devicemgr/backend/wipeDB.sh
  Restore the db :
  sudo serveradmin stop devicemgr
  sudo serveradmin start postgres
  sudo psql -U _postgres -d device_management -f $HOME/device_management.sql
  sudo serveradmin start devicemgr
  I tried to recreate the Code Sign certificate as described in:
  http://support.apple.com/kb/HT5358
  The certificate is successfully created but it is just NOT accepted. (It does not show in the "Sign Configuration Profiles" dialog)
  I would be very, very grateful for a hint.
  (When running the server from the external clone, from which we copied the server back, the problem is not present)
  Regards,
  Twistan

  This also applies to the 470 IDES install!
  Any ideas?
  Tx JB