If you’re not particularly familiar with Xcode’s signing mechanisms, you might forget (like I did) to back up your Developer Profile. Oops. Now there is a whole mess of certificates that have to be cleaned up and fixed.
Since there are a whole bunch of questions over on Stack Overflow about various errors related to a broken developer profile, and no clear answers, and since it took me a long time to figure out how to fix it, I’m writing this guide, in hopes it can help you:
First, a bit of terminology:
Your “Developer Profile” is really a bunch of certificates. This is so that Apple (and the people using your software) have at least some guarantee that the software came from you… really, that’s the whole point of code signing.
The “Organizer” in Xcode is a fancy front-end to Apple’s developer site and your Keychain that ties everything together in an easy-to use way (until something gets broken)… If you’re not familiar with the Keychain, it’s the secure certificate/password store built into Mac OS X.
You need five certificates to sign and distribute your apps. I don’t really care if another how-to says you can get by with fewer (they’re right, by the way), because it is easier to get everything set up right, and just forget about it. If you went down the path of figuring out which two or three of the five you needed, you might end up needing the rest later – why bother with the trouble?
Those five certificates are:
* 3rd Party Mac Developer Application: Name (ID)
* 3rd Party Mac Developer Installer: Name (ID)
* Developer ID Installer: Name (ID)
* Developer ID Application: Name (ID)
* Mac Developer: Name (ID)
The first two “3rd Party Mac Developer” certificates are used to sign your app for submission to the app store. The two “Developer ID” certificates are used to sign your app for distribution outside of the app store. And lastly, the “Mac Developer” certificate is used for code signing.
There can also be more certificates needed if your app uses push notifications, iCloud, etc. The ramifications are also more serious if you lost your Developer Profile with those certificates, so I don’t cover that in this how-to.
Lastly, fair warning – I don’t work for Apple, so they haven’t endorsed what is below. If you don’t understand what you’re doing, your profile can become even more fubar’ed than it already might be…
Now down to business:
So, the first step to repairing your Developer Profile is to open up Keychain Access.app, go into “My Certificates”, and delete every certificate that matches one of the above names. Make sure you delete the keys that go along with those certificates. Then open up Xcode (it should already have been closed before), and check to make sure there is no one left under “Teams” in the Organizer.
Next, go to the Certificates, Identifiers, & Profiles in Apple’s Member Center. Once there, revoke every certificate that you can under the “Certificates -> All” section. Odds are good that you will have one or two “Developer ID” certificates that you can’t revoke. They can be safely ignored, and you can ask Apple to clean them up later.
Still in Apple’s web tool, start re-creating the certificates necessary to rebuild your developer profile. Remember, you need five certificates (from above). In the web tool, those are:
* Mac Development
* Mac App Store (you’ll need to do this twice, for App and Installer)
* Developer ID (you’ll need to do this twice as well, again for App and Installer)
Once you have re-issued those five certificates, import them into your keychain (they should automatically associate with the keys that you generated earlier). Your keychain should look something like the following:
… and finally, open up the Xcode organizer; it should now look something like this. In particular, notice the little green checkmark next to each identity – that checkmark means you have the private key for each cert… the loss of which caused a great deal of headache, and probably the reason you’re reading this now.
At this point, you should be back up and running. Oh, by the way, if it is working, the very next thing you’ll want to do is click that little “Export” button, and save the resulting file somewhere nice and safe so that you’ll never need to do this again. Good luck!