When you register with Apple and pay your fee, you have to go through several steps in order to be able to build apps and install them on iOS devices. The first step is creating private key and certificate signing request. All your developer certificates will require that you have this private key.
To quote Apple's docs from the provisioning portal on their website:
It is critical that you save your private key somewhere safe in the event that you need to develop on multiple computers or decide to reinstall your system OS. Without your private key, you will be unable to sign binaries in Xcode and test your application on any Apple device.
If your hard drive crashes and you don't have a backup of your private key, you will have to revoke your developer certificate and create a new one, and regenerate all your provisioning profiles. Needless to say, this is bad.
Below are the instructions on backing up the private key that's used to create your developer certificate, extracted from the how to section of Apple's provisioning portal:
It is critical that you save your private key somewhere safe in the event that you need to develop on multiple computers or decide to reinstall your system OS.
Without your private key, you will be unable to sign binaries in Xcode and test your application on any Apple device. When a CSR is generated, the Keychain Access application creates a private key on your login keychain. This private key is tied to your user account and cannot be reproduced if lost due to an OS reinstall. If you plan to do development and testing on multiple systems, you will need to import your private key onto all of the systems youll be doing work on.
When a CSR is generated, the Keychain Access application creates a private key on your login keychain. This private key is tied to your user account and cannot be reproduced if lost due to an OS reinstall. If you plan to do development and testing on multiple systems, you will need to import your private key onto all of the systems youll be doing work on.
[LIST=1]
[*]To export your private key and certificate for safe-keeping and for enabling development on multiple systems, open up the Keychain Access Application and select the Keys category.
[*]Control-Click on the private key associated with your iOS Development Certificate and click Export Items in the menu. The private key is identified by the iOS Developer: public certificate that is paired with it.
[*]Save your key in the Personal Information Exchange (.p12) file format.
[*]You will be prompted to create a password which is used when you attempt to import this key on another computer.
[*]You can now transfer this .p12 file between systems. Double-click on the .p12 to install it on a system. You will be prompted for the password you entered in Step 4.
[/LIST]
Duncan C
Posts: 8,017Tutorial Authors, Registered Users
Replies
I've done it a couple of times. Doesn't really affect App Store distribution.
Maybe you're pushing out a lot of Ad Hoc Dist builds? I bet not many people are doing that.
- Spam
- Abuse
- Troll
0 • Off Topic Insightful Disagree Dislike Like AwesomeDuncan C
WareTo
Animated GIF created with Face Dancer, available for free in the app store.
- Spam
- Abuse
- Troll
0 • Off Topic Insightful Disagree Dislike Like AwesomeSo you are creating different profiles for each product? I only have the distribution profile, the team profile that Xcode automatically creates/maintains, and one ad hoc one (because I do such limited ad hoc). Maybe I'm doing this wrong? :)
Once you re-create your profiles everything is back to normal. It *is* a bit of a hassle, though.
- Spam
- Abuse
- Troll
0 • Off Topic Insightful Disagree Dislike Like AwesomeIf not, I'm taking your're advice and backing up my private key first thing tomorrow to a usb-stick and save it our physical safe.
- Spam
- Abuse
- Troll
0 • Off Topic Insightful Disagree Dislike Like AwesomeIn KeyChain Access, the private key contains my developer certificate, which is set to expire
in exactly one year.
What must I do when this certificate expires? Will I need to go through this process again,
and export another private key?
- Spam
- Abuse
- Troll
0 • Off Topic Insightful Disagree Dislike Like AwesomeAbout main topic: I might be wrong here but I don't think it's a big deal about your local keychain. Your profile is maintain on Apple side. Local keys is just an ssl self signed request to ensure identity, not a validity.
I revoked and recreated my profiles few times with signing process started over and it didn't affected my existing apps being revoked or something.
As long as you paid on time prior to your Dev account on Apple expiration you are good. Even if you screw things up you can call them and they will work with you to help you out. It might take you a lot of waiting and hassle but not the end of the world.
- Spam
- Abuse
- Troll
0 • Off Topic Insightful Disagree Dislike Like AwesomeJust to get this straight in my head, does my private key need to be backed up every year,
since my certificate expires annually, or does it only need to be backed up once?
- Spam
- Abuse
- Troll
0 • Off Topic Insightful Disagree Dislike Like AwesomeCertificate is a processed SSL identity tied up to your Apple Dev ID. Once your certificate expired annualy or revoked by you its pretty much useless and cant be used at all. You will need to recreate a valid certificate anyway, so dont bother.
Back to private key: yes, it is unique and generates on your Mac and must be the same when you get your certificate from Apple. Because certificate is validated versus this key and if its not matched then it wont install.
I give you a good example here: you request a cert from your Mac today and didnt wait for a few minutes to install it. Decided you will do it tomorrow. By morning your Mac fried up and reloaded, or you get a new one, or whatever. You download your key and it tells you that it cant find a valid cert request. Ops!
That the only situation where you regret you dont have a backup of private key. Should you worry? No. Just invalidate your certificate and request a new one. Pretty simple.
Now back to question should you backup your certificate? There are 2 kind of certificates: developer and distribution. Developer is kinda test cert you sign your own apps for your own use. Like test on your own devices or ad hock. You can make as many as you want, wildcard or specific for app. Shouldnt worry about it.
Distribution is an important one. This one you use to code sign your final bundle to submit it to AppStore. Keep in mind that this one ensure your validity as a Developer. So, once you signed it and Apple approved it you dont care about it anymore. If its revoked or expired or lost, you just get another one for your NEW APPS. Again: you dont care about old app, its already on the store. As long as your Dev ID still being paid your app is good.
When you submit any future updates to the old app you simply sign in with the new distribution certificate. Thats all.
P.S.: sorry for the long post, hope that answer your questions.
- Spam
- Abuse
- Troll
0 • Off Topic Insightful Disagree Dislike Like Awesome- Spam
- Abuse
- Troll
0 • Off Topic Insightful Disagree Dislike Like AwesomeAlso sometimes Xcode keep old ID of profile inside project file and fail to compile with error like "profile can't be found..."
Then you have to open .xcodeproject file (it's actually a folder) and search delete all records manually. Anyway google is a good help on any errors.
- Spam
- Abuse
- Troll
0 • Off Topic Insightful Disagree Dislike Like Awesome