Ken,
thanks for the reply. I guess I gave the impression that I had created my CSR and private key while still on the PPC laptop and THEN migrated the whole works over to my shiny new Macbook pro. This was not the case. I have been creating them on the new machine. I know not to generate the CSR on one machine and NOT to copy that over to other machines. Apple even puts up a big notice on their developer portal that reminds everyone to back up their private keys.
Both the cert and the private key show up under My Certs in the Keychain and codesigning still fails.
But I did NOT know about the CRL. I will certainly try that.
Thanks! I'll try that tonight.
Bart
On Monday, July 07, 2008, at 03:20PM, "Ken McLeod" <email@hidden> wrote:
>
>You didn't mention having the private key. Without the private key
>(that was generated in your keychain when you created the certificate
>signing request), the certificate is useless. A PKI identity consists
>of both the private key *and* the certificate. When moving your
>identity from one system to another, you MUST copy both the certificate
>and its private key. Typically that's done by selecting them and
>exporting to a PKCS12 (.p12) file, which can be imported on another
>machine.
>
>Find a copy of the original keychain that you had on the PPC laptop
>when you created the CSR. It should contain the private key.
>
>You can tell if the private key and certificate are together in your
>keychain by selecting the "My Certificates" category on the left side
>of the window in Keychain Access... this will show you all identities
>(that is, certificates for which the associated private key exists.)
>
>Now, if you know that you have both the certificate and its private key
>(and they show up under "My Certificates"), but codesigning still fails
>to find the identity, then you may be running into an issue with CRL
>checking. In that case, try turning off CRL checking (in Keychain
>Access > Preferences > Certificates).
>
>-ken
>
>On Jul 6, 2008, at 6:19 AM, Bart W Jenkins wrote:
>
>> I joined the Apple iPhone developer program at the $99 level and got
>> my access to the developer portal. I followed all the directions for
>> creating a certificate signing request, sending it Apple, downloading
>> and installing it along with the WWDC certificate, creating an app id,
>> setting the provision and downloading and installing the provision
>> into Xcode, etc. and when trying to get ANY application to install on
>> the iPhone I keep getting stopped at the same point--codesigning.
>>
>> In desperation, I've tried to isolate the problem by creating a simple
>> Mac os X 10.5 app (not for the iPhone) and codesigning it, outside of
>> the iPhone. Same problem. I always get a "no such identity" error
>> when trying to use the Apple provided cert. I have tried all manner
>> of string combinations: "iPhone Developer: <First> <Last>", "iPhone",
>> "Developer" etc.
>>
>> So, for example, given a simple app called "app1.app", I try something
>> like the following from Terminal:
>>
>> $ codesign -s "iPhone Developer" app1.app
>>
>> and I get the following error:
>>
>> $ iPhone Developer: no such identity
>>
>> I've tried using "sudo" and no difference. I've cleaned out my
>> keychain from any leftover apple provided certs. I've backed up my
>> keychains and started with an empty ~/Library/Keychains directory and
>> created brand new login keychain and imported the certs into that and
>> still the same problem. I've also run the Keychain first aid to fix
>> any issues and rebooting between attempts, etc. I can't get the
>> --verbose flag to tell me anything
>>
>> If I create a self-signed cert, all works well and my app gets signed.
>>
>> The only other unique thing about my environment might be that I
>> migrated from a PPC laptop (a power pc g4 powerbook) to a newer
>> 2.5Ghz, core duo Intel based macbook pro and maybe something got
>> messed up with that. But I used the standard apple tools to do that.
>>
>> I am completely stopped in developing for the Apple platform at this
>> point. I've spent three days trying to figure this out. I've used
>> PKI systems in the past and have never had this much trouble.
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Apple-cdsa mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>> http://lists.apple.com/mailman/options/apple-cdsa/email@hidden
>>
>> This email sent to email@hidden
>
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/apple-cdsa/email@hidden
This email sent to email@hidden
