Renewing provisioning profiles

One of the joys of developing for the iPhone is the need to renew the various certificates from time to time. This starts out easy enough but can soon get complicated when you need to manage developer certificates, provisioning profiles and maybe Apple Push Notification certificates for development, distribution and ad hoc distribution builds. Since these certificates all expire at different times you quickly become a frequent visitor to the Apple iPhone Provisioning Portal.

Renewing Development Provisioning Profiles

The development provisioning profiles expire every 3 months so even if you never submit an application to the App Store you have to deal with renewing this certificate. There is normally plenty of warning that it will expire since your test device will pop up warning messages for several weeks before the expiration. Once the profile has expired the application will no longer launch on the device and if you attempt to build and install the app from Xcode you will get the following build error:

Code Sign error: Provisioning profile 'App-name' has expired

A good place to see in advance when the profiles will expire on a device is within the Settings application. Under General > Profiles you should see a list of all profiles installed on the device. Selecting an individual profile will show when it was installed and when it will expire. You can also remove the profile from this screen. You can see similar detail from the Xcode organizer window when the device is attached.

To renew the profile you need to visit the iPhone Provisioning Portal. From the iPhone Provisioning Profiles page you should see the profile with a status of Expired and a Renew button under Actions as follows:

Clicking Renew changes the status to Pending and with a refresh of the page it should already have changed to Active. You can now download it and save it. I keep a directory called keys under my project directory where I store all of that projects keys so that they also get checked into the source code repository. Within the keys directory I create three separate sub-directories for Development, Distribution and Ad Hoc keys to store the provisioning profile and any push certificates for each build.

With the new provisioning profile downloaded it needs to be installed. Open the Xcode Organizer window (^O) and drag the new profile onto the Provisioning Profiles page. You should also delete the old, expired profile which should be showing up with a red cross next to it in the list of profiles.

At this point the project should build without error and install on the test device. If it doesn’t check the code signing section of the target Build settings and make sure the correct profile is being used. One other error that I have seen when installing a new provisioning profile is a security policy error when Xcode attempts to install the application on the device:

Error launching remote program: security policy error.

This can happen when the device has two provisioning profiles for the same application installed. If you get this error check the profiles installed on the devices with the Settings application (General > Profiles). If you still see the old, expired profile select it and remove it. The application should now install correctly.

If you are still getting problems at this point it is always worth doing a complete clean and rebuild (Build -> Clean All Targets) or finally quitting Xcode and with the Finder delete the build directory for your application. Both of these have resolved strange provisioning errors for me in the past.