Requesting a new development certificate

In addition to renewing your development provisioning profiles every three months, once a year you need to request a new development certificate. Without a valid development certificate installation to a test device does not work, though applications already installed continue to function. Since mine expired this week I thought I may as well post some comments on the renewal process.

Checking your development certificate

To check the status of your development certificate, use the keychain access utility to check the login keychain for the certificate named iPhone Developer: <Your Name>. The expiry date is listed on the right hand side. Alternatively open the organiser in Xcode and check the Provisioning Profiles. If you see the following your development certificate has expired:

A valid signing identity matching this profile could not be found in your keychain

Requesting a certificate.

To get a new certificate you need to logon to the iPhone Provisioning Portal and select Certificates.

In the Development tab, which should show that you do not currently have a valid certificate, use the Request Certificate button to get the process underway. Note that you do not renew a development certificate, once it expires you need to request a new one.

The first step is to submit your Certificate Signing Request (CSR) which if you are well organised you should still have saved away in your keys directory (look for something named CertificateSigningRequest.certSigningRequest). If you cannot find it then you will have to create a new one following the procedure on the provisioning portal page. Since I still have mine I submitted it which gets you a certificate with status “Pending Issuance”.

If you are an individual developer you will get an email indicating that a certificate request requires your approval. If you are a business the notification will go to the team admin who will need to approve the request. An individual developer can just refresh the web page and the status will change to Issued and you can download the certificate.

By default the downloaded file is named developer_identity.cer. To avoid confusion it is worth deleting the old file (if you still have it) before saving the new one to your keys directory.

Installing a development certificate

To install the new certificate you should just be able to double click the developer_identity.cer file to install it into the keychain. I got an import error the first time I did this (Error: 100013). I found that deleting my old expired certificate from the keychain and exiting the keychain utility and Xcode fixed the problem (not sure which of those steps did the trick).

If the import is successful you should see the certificate in the keychain with an expiry date one year ahead.

Recreate the Provisioning Profiles

Now for the bad news…

A development provisioning profile requires three things: an iPhone developer certificate, device identifiers for your test devices and an App ID. This unfortunately means that it is now necessary to update each profile with the new certificate to get things working again. Before starting to do this I find it easiest to delete each of the profiles from the Xcode organiser and any test devices and archive the existing keys that I have saved in my repository.

Updating the profiles is simple, from the Development Provisioning Profiles page of the portal, edit each profile, select the new certificate and submit the new request. After refreshing the page the new profile should show as Active and can be downloaded. To install drag the downloaded file onto the Organizer window.