iOS Build Environment Help Center

Keychain Tool Error

append delete Parkkk

Windows vesion: 11
Builder version: 3.54
iOS SDK version: 16.2

I have enrolled in the Apple Developer Program to create a digital signing identity and obtain my code signing certificates. But I can't find iPhone Developer or iPhone Distribution. So I can't change the Provisioning profile. What I have to do to solve this problems. Thanks.

Certificates that I have:
Apple Application Intergration -
Apple IST CA -
Apple Root -
Apple Software -
Apple Timestamp -
Apple Worldwide Developer -
Developer Authentication -
Developer ID Application -

Reply RSS

Replies

append delete #1. Pierre-Marie Baty

Hello

Well, the certificates don't appear magically in the Keychain utility, you must generate them online on the iOS provisioning portal, download them with your browser, and install them in the Keychain.

Have you followed the documentation which explains how to do that ?

append delete #2. SGS

Was this issue resolved?
I am having the same issue where the provisioning profile does not see anything other than jailbroken.

Followed steps, put the apple certificate downloaded from online into the keychain folder. Am I missing something?

It says "Install" them in the keychain frequently. Does that mean more than just put them in the folder?

Thanks for the help.

append delete #3. Pierre-Marie Baty

Putting a certificate in the Keychain folder doesn't make it usable. Certificates are unusable without their associated private key. In order for a certificate to be usable by the builder (and thus selectable), you must also put the private key which was used to create them.

Please read the documentation which explains what certificates are and their relationship to private keys. If you have a complete signing identity on your Mac, export it to a .p12 file and import it using the Keychain tool in the builder. If you create a new signing identity from scratch, start by creating a private key using the Keychain tool. The documentation explains how to do that. Is there some specific part of the documentation which needs more explanation ?

:: @Pierre-Marie Baty added on 24 Nov ’23 · 14:28

*edit* Additional information. The Migration assistant offers to migrate your existing signing identity, *at the condition that you give it your macOS session password* to access the Mac's secured keychain, in which your private keys are stored. If you declined to give it your session password, the Migration assistant won't be able to migrate your private keys. You'll only get useless certificates and provisioning profiles, because without their associated private key nobody can use them to sign anything.

append delete #4. SGS

Thank you for the quick response.
I have the key and certificate in the keychain folder.

Do you think the initial migration part 2 from the usb not finding the specified path could be the issue? (What we talked about in email?)

append delete #5. SGS

Here is the link to the migration assistant issue. It went far too quickly and couldn't find the path.

https://imgur.com/Vc8y8Wd

append delete #6. Pierre-Marie Baty

Do you also have a *provisioning profile* with this certificate in it in the Keychain directory ?

To sign an iOS app you need 3 things:

- A provisioning profile
- A certificate
- A private key

Provisioning profiles allow the app to be accepted in the Apple ecosystem. They must contain at least one certificate, which must be stamped in your app at code signing time using its associated private key. These latter 2 together make your "signing identity".

If a provisioning profile can't be selected, it's because none of the certificate it has have an associated private key in the Keychain directory.

append delete #7. Pierre-Marie Baty

About #5, thank you for the screenshot. By reading the migration assistant batch script, the only reasons that could cause this message to print is if one of the builder's executables is not here (which would mean an incomplete installation), or a corrupted environment (especially the PATH and TEMP environment variables). Please reinstall the builder and see if this error happens again. If it does, you should check that these 2 session-wide environment variables point to existing directories.

:: @Pierre-Marie Baty added on 24 Nov ’23 · 14:49

*edit* if it went far too quickly, as you said, I'd bet that the unzip.exe tool is missing from the Toolchain directory. Which would mean a broken installation.

append delete #8. SGS

Re-installing now.

I did manage to the the provisioning profile to work properly but it had a greyed out build button. Going to retry however once it's re-downloaded.

The documentation is hard to follow tbh. I think a number list instead of separate paragraphs would work better. There was not much info on the profile - which is a decent sized step to make online.

BRB once its done. Thanks again

append delete #9. SGS

Re-installed and has the same issue.
Where do we go from here?

append delete #10. Pierre-Marie Baty

Actually, the documentation explains what's necessary to understand and that Apple and Xcode don't explain. For the rest (e.g. what's a provisioning profile, how to create one, what the different selectable options mean, etc) you should refer to Apple's documentation. It would be unmanageable for me to document this step, as the provisioning possibilities change too often, are already documented by Apple, and they're the sole authority on this.

A numbered list "do this, then do that" wouldn't be a good idea in my opinion. Readers of a toolchain documentation need to *understand* what they're doing and why they're doing it, instead of just being guided to click here and then there without question.

append delete #11. Pierre-Marie Baty

Do you have a virus scanner or a security software that could have deleted or "quarantined" something in the builder's install directory ?

The builder's installer has a warning messagebox about these cases.

append delete #12. SGS

Re-installed to get the warning given to me. Here they are.

https://imgur.com/7PNFKDd
https://imgur.com/wN28Vth
https://imgur.com/THFyONI

append delete #13. SGS

It tries to unzip it with the Migration assistant. It unloads a .lock file? Then reverts back.

append delete #14. Pierre-Marie Baty

The warning about the virus scanner is given in the second dialog box. Have you done what's advised ?

:: @Pierre-Marie Baty added on 24 Nov ’23 · 16:02

*edit* Please open "Migration Assistant (Step 2, PC).cmd" with a text editor and add these lines near the top of the file, just after the "@echo off" directive: 

%
rem // for safety, rebuild a minimalistic, default PATH. This is the default PATH for Windows 10.
set PATH=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
%

This will make sure no polluted/invalid/bogus PATH environment variable gets in the way and causes the script to call other tools than the Windows-supplied ones. Save your change and re-run the migration assistant. Let me know if it unzips the SDK this time. It should take a few seconds and you should get a "SDK" directory aside your Keychain directory, populated with iOS SDK files. Can you confirm it happens ?

append delete #15. SGS

I have.
The following have been excluded
C:\IOS
C:\Users\(myusername)\IOSProjectBuilderForUnity
C:\Users\(myusername)\AppData\Local\Temp

Same issue. Am I missing a folder?

append delete #16. Pierre-Marie Baty

See my edit in the post above (sorry for cross-posting).

append delete #17. SGS

The same warning popped up but
The SDK folder is there in the builder folder.

I assume that means it is ok?

For the next step, I have the provisioning profile found, password entered. I can't click the build button however as it won't let me put in the build configuration or "Build for" button as shown in the documentation.

append delete #18. SGS

I apologize. I got it to pop up. I will test it out and hopefully you won't have to hear from me again. Thank you for your time really

append delete #19. Pierre-Marie Baty

I think I'll have to add much more error checking in this migration script because something isn't quite right. Thank you for the feedback.

Reply

(Leave this as-is, it’s a trap!)

There is no need to “register”, just enter the same name + password of your choice every time.

Pro tip: Use markup to add links, quotes and more.

Moderators: Pierre-Marie Baty