iOS Question Yearly Apple renewal pains

[Dave G]

Every year I run into issues trying to renew my Apple Developer account. I've gone into Keychain on Mac and created a .csr using renewed account. Previously the .csr used my first and last name for credentials, but this year it used my company name e.g. iPhone Distribution: META4 TECHNOLOGY INC. So, when I attempt to compile using new .cer and .mobileprovision I get following error:

error: Missing private key for signing certificate. Failed to locate the private key matching certificate "iPhone Distribution: META4 TECHNOLOGY INC (75MRKEVHT2)" in the keychain.

Where is the keychain stored? How do I change it from my first/last name to company name? I've spend 3 days messing with this convoluted process. Not liking Apple much.

I've attached a screen capture of my Keys directory. I contains files for 2020 and 2021.

Thanks

 

[Dave G]

    #CertificateFile: ios_distribution-2021.cer
#If RELEASE
   #ProvisionFile: 2021-storeWinchCalc.mobileprovision
#Else
   #ProvisionFile: 2021adhocWinchCalc.mobileprovision
#END IF

    #CertificateFile: ios_distribution.cer
#If RELEASE
   #ProvisionFile: provisionAppleStore.mobileprovision
#Else
   #ProvisionFile: provisionNonStore.mobileprovision
#END IF

 

[roumei]

1) Are you sure that you used the new csr file to create your Apple certificate and mobileprovision files?
See this post: https://www.b4x.com/android/forum/threads/unable-to-install-b4i-bridge.125827/#post-786681

2) You probably also have to set the new .csr details including the password under Tools > Private Sign Key if you didn't create the csr file there. (I don't know anything about creating csr files on a Mac.)

 

[Dave G]

1) Are you sure that you used the new csr file to create your Apple certificate and mobileprovision files?
See this post: https://www.b4x.com/android/forum/threads/unable-to-install-b4i-bridge.125827/#post-786681

2) You probably also have to set the new .csr details including the password under Tools > Private Sign Key if you didn't create the csr file there. (I don't know anything about creating csr files on a Mac.)

Regarding 1). The fact that my company name appears in the error message rather than my first and last name indicates that the new .cer files are derived from the new csr.
2) This is the key (pun intended). I need to produce a new Private Key based on the new certificates, but there isn't a way to do that in Private Sign Key.

So, my questions continues to be; how do I create a new Private Key using the new csr? BTW, I have 2020 and 2021 in the b4ikeys directory so I can continue to use the 2020 that works until I get the 2021 issue worked out. Once I get 2021 working I'll delete the 2020 files. This happens every year because there doesn't seem to be a way to have different Private Key for different csr's.

Thanks.

 

[roumei]

I can only comment on the process with the hosted builder. If you follow Erel's video (Creating a certificate and provisioning profile) everything will work. The csr file is created as soon as you create a private sign key. Typical advice is to delete all files in the keys folder and start from scratch.

If you've still got a working csr file, you can use it to create the distribution certificate and the provisioning profile on the apple developer website. As far as I know you don't need a new csr file for that (at least it worked for me when I had to renew my certificates).

 

[Dave G]

I can only comment on the process with the hosted builder. If you follow Erel's video (Creating a certificate and provisioning profile) everything will work. The csr file is created as soon as you create a private sign key. Typical advice is to delete all files in the keys folder and start from scratch.

If you've still got a working csr file, you can use it to create the distribution certificate and the provisioning profile on the apple developer website. As far as I know you don't need a new csr file for that (at least it worked for me when I had to renew my certificates).

The .csr is created on the Mac using Key Chain, then copied to Windows B4iKeys directory and used to create the .cer's. I have two .csr's because I've got two different years as required by Apple. I am using the Hosted Builder BTW. So the .csr is not created as part of the Private Key creation, instead B4i.keystore and B4i.p12 are created. Following Erel's video you'll notice that in the Certificate creation it is asks for your .csr and then creates a .cer.

 

[roumei]

As far as I know the csr file is created along with the keystore and p12 files when you create a private signing key and the keys folder is empty. That's where I got my certSigningRequest.csr from.

 

[Dave G]

As far as I know the csr file is created along with the keystore and p12 files when you create a private signing key and the keys folder is empty. That's where I got my certSigningRequest.csr from.

Yes, just figured that out. I got an email from Apple that said I had to create a new CSR using Key Chain, which I did. I also had an old message where Erel

The csr file is created on the Mac. This means that the IDE needs to connect to the local or hosted builder for that step.

, also this from Developer site

Upload a Certificate Signing Request
To manually generate a Certificate, you need a Certificate Signing Request (CSR) file from your Mac.

. So by using the .csr from the Mac instead of letting Private Key create one I caused my problems. So, I deleted it and had Private Key create the new one and everything worked. I thought I needed the new one to get the new expiration date from my new Apple Developer renewal. This whole process is very confusing since it doesn't explain how you get your renewed Developer account date embedded in new .cer etc. Anyway, I have note so I don't get into the same trap next year. Thanks for the help

 

[Dave G]

BTW, by using the .csr from the Mac my Certificates contain the more up to date info from Apple e.g. company name vs first/last name. This info is embedded in the profiles (.mobileprovision). Whereas b4i seems to use certSigningRequest.csr as generated by Private Key when compiling. Oh well, not a total waste of 4 days as I now have it all documented.