Xcode iOS App Development Code Signing

Xcode ios app development code signing

I had the same problem and basically did like posted in the comment:

  • Remove my account at Xcode / Preferences at the top right.
  • open keychain. At the left "my certificates": Delete the Mac or iPhone etc Developer certificate.
  • just starting Xcode again and creating a new account like one did when starting Xcode for the first time.

Xcode error: Code signing is required for product type 'Application' in SDK 'iOS 10.0'

With Xcode-8.1 & iOS-10.1

  1. Add your Apple ID in Xcode Preferences > Accounts > Add Apple ID:

Step 1


  1. Enable signing to Automatically && Select Team that you have created before:

Step 2


  1. Change the Bundle Identifier:

Step 3


  1. Code Signing to iOS Developer:

Step 4


  1. Provision profile to Automatic:

Step 5

You can now run your project on a device!

CMake and Code Signing in XCode 8 for iOS projects

If you want automatic signing in CMakeLists.txt

SET_XCODE_PROPERTY(MyTarget CODE_SIGN_IDENTITY "iPhone Developer")
SET_XCODE_PROPERTY(MyTarget DEVELOPMENT_TEAM ${DEVELOPMENT_TEAM_ID})

DEVELOPMENT_TEAM_ID - is your TeamID Eg. 2347GVV3KC

If you want manual signing:

SET_XCODE_PROPERTY(MyTarget CODE_SIGN_IDENTITY ${CODESIGNIDENTITY})
SET_XCODE_PROPERTY(MyTarget DEVELOPMENT_TEAM ${DEVELOPMENT_TEAM_ID})
SET_XCODE_PROPERTY(MyTarget PROVISIONING_PROFILE_SPECIFIER ${PROVISIONING_PROFILE_NAME})

CODESIGNIDENTITY - Set to your preferred code sign identity, to see list: /usr/bin/env xcrun security find-identity -v -p codesigning

eg. AAAAAAC9F10573BBBF25F7445951F3D8

Or you can just write: "iPhone Distribution" but I'm not sure is it general rule :)

PROVISIONING_PROFILE_NAME - file name without extension eg. My full name: Game_AppStore.mobileprovision so here I write Game_AppStore

Provisioning profile previosly should be added to Xcode cache so it will be available in ~/Library/MobileDevice/Provisioning\ Profiles
More info
You can simply do it from Xcode by clicking Provisioning Profile: Name and pick Import Profile... then select it. Remember when you invalidate it you need to remove it from cache.

SET_XCODE_PROPERTY is a macro:

# This little macro lets you set any XCode specific property
macro (set_xcode_property TARGET XCODE_PROPERTY XCODE_VALUE)
    set_property (TARGET ${TARGET} PROPERTY XCODE_ATTRIBUTE_${XCODE_PROPERTY} ${XCODE_VALUE})
endmacro (set_xcode_property)

Code signing issue in Xcode version 8

I faced this too, and fixed it by:

1- removing all certificates of my account from keychain,

2- removing all provisioning profiles from xcode and then

3- downloading provisioning profiles again via xcode and also

4- adding certificates again to the keychain.

What are code signing identities in Xcode about?

You've definitely hit on a topic that gets very deep very quickly and is a common source of headaches when trying to make device builds of iOS applications. First, let me put a little structure around each of the terms involved in the Code Sign process (both for you and anyone stumbling across this question later) and then we can turn to your main question:

CodeSign Terminology

The Code Sign phase of an iOS Device build is the process by which we cryptographically sign and secure a specific arrangement of data in an application including the application executable binary itself, any embedded media assets (like button textures, custom artwork, fonts, etc.), and a set of metadata about our application and represents a unique 'thumbprint' of our application's data. This thumbprint is what is used by Apple and iOS to help ensure that our applications are not tampered with when being delivered to user's devices or when being run on user's iOS devices. To make this possible Developers are required to register with Apple, setup an App Identifier, request Development and Distribution Certificates, Register a set of Test Devices, and finally request a Provisioning Profile for their development efforts. The role each of these elements is as follows:

  • App Identifier (or AppID) - A reverse DNS-style string that uniquely identifies exactly one iOS application on the AppStore.
  • Development and Distribution Certificates - These are digital documents cryptographically signed by Apple certifying the identity of the individual to which the documents were issued. For those familiar with Public Key Infrastructure, the Certificate itself contains a public key that can be used to verify the integrity of signatures later in the process.
  • Test Devices - The only approved standard distribution channels for iOS software is via the AppStore. By registering a test device, developers may circumvent the AppStore and install software directly to devices for development and testing purposes. The total number of test devices allowed in a given membership year is 100 test devices.
  • Provisioning Profile - A document containing three main components: 1) Exactly one App ID, 2) One or more iOS Developer Certificates, and 3) Zero or more registered test devices on which the named iOS app may be directly installed. The contents of this document are cryptographically signed by Apple to ensure its contents can not be tampered with.

It is the presence of this file and the thumbprint checks that determines if a developer-generated app can be installed to device as it contains the notion of the 'Who' (Certificates), the 'What' (AppID), and the 'Where' (which devices).

Great, I got it...Now what about this Code Sign Identity thing?

In the context of an individual build target's build settings, the term Code Sign Identity refers to the Common Name of those certificates that are installed in the Keychain of the Developer's machine. In the Xcode build setting it appears as a list of options from which developers must select an Identity to use for CodeSign -- there's a lot of information encoded in each section of this menu:

Xcode Code Sign Identity

Looking first at the black text - From the image above 'iPhone Developer: Bryan Musial (XXXXXXXXXX)' - This is really the primary item Xcode uses to find the public and private keys used to Code Sign. When selecting this item, you are instructing Xcode to reach into your Keychain and try to find a certificate whose 'Common Name' field matches that string and then grab that certificate (which contains the public key) and the associated private key for use in the Code Sign operation.

Just to be thorough if you open up Keychain Access and double click any of the 'iPhone Development: ...' or 'iPhone Distribution: ...' certificates shows all of the information encoded into the certificates Apple issues to its developers. If I were to select the entry in the first image, Xcode would reach into my Keychain and pull back this certificate (NOTE: Unique identifying details have been X'd or changed):

Keychain Certificate Common Name Example

As you can see, the black text from the Xcode selection exactly matches the Common Name field in my certificate, so Xcode would pull back this certificate and its linked private key for use in Codes Signing my app.

Looking back at the Xcode setting again, we also notice that there is more text in that menu selection as well -- the lighter gray text identifies the Provisioning Profile that will be built into the application. In the case of my example setting, Xcode will go and get the Provisioning Profile "MyiOSApp Testing" which has its AppID set to 'com.myiosapp.*'. Xcode is very greedy with stashing Provisioning Profiles, and fortunately Organizer gives you a great place to look over the Provisioning Profiles that are installed and get a sense about the basic data they contain. Again for the Xcode Code Sign Identity in the first image, the related Provisioning Profile in my Organizer would look like this:

Organizer Provisioning Profile

The 'Name' column and the tail end of the App Identifier column match the light gray text from my Xcode setting so this is the Provisioning Profile that would get selected for use during Code Sign. It is also important to note the 'Status' column at the end of the row. In this case, it is green and indicates 'Valid Profile'. This means that my Keychain has both the Public and Private keys for at least one of the certificates encoded in that Provisioning Profile. If this status is anything other than green then there is a problem with your current setup of Public/Private Keys and/or the Provisioning Profile -- Code Signing can not work unless the Provisioning Profile you are trying to use has its status set to Green. Other possible status options include:

Organizer Provisioning Status Options

  • Valid signing identity not found: You do not have both the Public and Private key for at least one of the Certificates encoded in this Provisioning Profile. Delete the profile from Organizer, then return to the Certificates, Identifiers & Profiles tool on developer.apple.com/ios and ensure you have your Development Certificate included in the Provisioning profile. Verify your certificate in Keychain Access is not expired or revoked and has a private key linked to the public key certificate.
  • Profile has expired: The expiry date for the provisioning profile has lapsed. Delete this Provisioning Profile from Organizer, then revisit the Certificates, Identifiers & Profiles tool on developer.apple.com/ios and reissue this Provisioning Profile (if it is actually still needed)

Other items that can trip you up

In addition to all of the nuances about making sure you have both Public and Private keys installed, and that the Provisioning Profiles are set just right, there are a few other things that can trip developers up. First, Xcode collects Provisioning Profiles and hangs on to them until you tell it to delete them. In theory, this isn't a super huge deal except in scenarios where you make changes to a Provisioning Profile, download and install a newer version. Many times Xcode will grab the right profile, but sometimes it doesn't get it right and you'll spend hours looking over the Certificates, Identifiers & Profiles tool as well as your keychain to try and get an idea about what is going on.

Suggestion 1: When installing a newer version of a Provisioning Profile, delete older ones so that Xcode isn't put in a position where it may have to make a decision.

A similar thing can happen if you reissue a Development or Distribution Certificate -- Most times Xcode will trigger a warning during the build about an ambiguous certificate.

Suggestion 2: Pay attention to ambiguity warnings during the build. It implies that you have an old certificate floating around that meets the build criteria and could be inadvertently used potentially causing a build problem.

Suggestion 3: Anytime you are in Keychain dealing with your certificates, look for 'iPhone Developer: ...' or 'iPhone Distribution: ...' certificates that have a red 'X' on them. This is an indicator that the certificate has expired or has been revoked. Either way, this Public Key (and potentially linked Private key) is of no further use to you for build purposes and can be deleted.

Finally, the Code Sign Identity setting also has an option that lists as 'Automatic Profile Selector'. In many cases you will want to use this option as it will do its best to automatically look up your AppID from your build target's settings, look for a Provisioning Profile that matches that AppId and contains certificates that you have both a public and private key for. In some custom build circumstances it may not be possible to use this option and you'll have to use one of the fixed, specific options, like my demonstration setting in the first image. Be advised if you go with a fixed option -- any time you update the Provisioning Profile, you will need to also update the Code Signing Identity build setting to match the newer version.

Key Takeaways

  • Make sure you keep both your Keychain and Xcode Provisioning Profile lists clean and deduplicated.
  • After installing a Certificate and Provisioning Profile, make sure the Organizer reports that provisioning profile's status as Green ('Valid profile'). Any other status indicates a problem exists between your keychain and provisioning profile that needs to be addressed before you even consider running a build.
  • Try and use the 'Automatic Profile Selector'. Your teammates and any automated build systems will be happier with you if they too don't have to think about Code Sign Identity settings.
  • If you can't use the Automatic Profile Selector, make sure you always keep that setting up-to-date as newer iterations of your provisioning profile are made.

Good luck with your build configuration, and please let me know if you have any other follow up questions!

How can I skip code signing for development builds in Xcode?

To turn the code signing off, go to your project and target "Build Settings", search for "Code Signing Identity" change its value to "Don't Code Sign" in both of them.

To make this effective you need to change this value in the Project and all of the Targets separately.


Related Topics

Cncopycurrentnetworkinfo with iOS 13

Apple Push Notification Service Server Certificate Update

Too Few Items in Teams

How to Customise Uislider Height

Filter Array by First Letter of String Property

How to Get All Available Wifi Network Name Listings in iOS

How to Get the iPhone Type from Simulator (Ios)

Not Getting the Email Using Google Authentication in Firebase

How to Animate Changing a Uilabel's Textalignment

Sequence Animation Using Caanimationgroup

Where Does a Swift iOS Application Begin Its Life

Wkwebview and Uimenucontroller

Possible to Send Automated Email

What's Wrong Here: Instance Member Cannot Be Used on Type

Uipickerview as Inputview of Uitextfield

Ms Excel Type Spreadsheet Creation Using Objective-C for iOS App

How to Use Afnetworking or Sthttprequest to Make a Request of a Soap Web Service

How Long Does a Push Notification Sit in Queue Before Being Removed


Leave a reply



Submit