Managing Provisioning for iOS Devices

The process for provisioning devices to deploy iOS apps has often caused confusion, or downright dismay. As versions of iOS have rolled on, the process has gotten easier, but there's a lot of old information and misinformation out on the web.

Clear Existing Profiles

Before doing anything else, make sure that all previous certificates and profiles are deleted (this prevents any muddying of the proverbial waters).

1. Open Keychain Access on your Mac and delete all developer-related certificates (look in the "My Certificates" category)
2. Open Xcode and go to Window > Organizer and delete any provisioning profiles (look in LIBRARY > Provisioning Profiles)
3. Log in to http://developer.apple.com and revoke your certificates (Go to the iOS Dev Center, then to the iOS Provisioning Portal, and click the "Revoke" button next to any certificate listed)

• On that last step, the change happens quickly, but not instantaneously. You'll likely see "Revoke Pending", but if you are patient, a page refresh will show the certificate gone, and it will say something like "You currently do not have a valid certificate".*

Xcode Does the Work

While it is possible to create and manage your certificates at http://developer.apple.com, it is easier to let Xcode do the work for you. Go back into Xcode and return to the Organizer. Make sure your devices are connected to the Mac.

For one of the devices, right-click on the Provisioning Profiles menu item under the device (e.g., Mark's iPad) and choose "Add Device to Provisioning Portal". You will get a sheet that says "No Developer Certificate Found". Click the "Submit Request" button.

That's it.

Additional Macs

As long as you develop only on that machine, and deploy apps only from that machine, your iPad or iPhone is perfectly happy.

There's a problem, though.

What if you plug your iPad into another Mac (say, your MacBook Pro)? The Provisioning Profile for the iPad says "Valid signing identity not found" along with a huge yellow banner that says "Xcode could not find a valid private-key/certificate pair for this profile in your keychain".

The problem is that Xcode doesn't trust the owner of the laptop. You need to export the private key for your identity on the iMac so that the laptop has that key as well. Then, your laptop will be trusted and you can deploy apps when the iPad is connected.

If you open Keychain Access (again) on the Mac where you did the "Xcode Does The Work" process, and look under "My Certificates", you will see an entry like "iPhone Developer: Your Name Here". Click the disclosure triangle for that entry. Now you'll see an entry named "Your Name Here" whose kind is "private key".

If you right-click on that private key entry, you have an option to "Export Your Name Here...". Select that and save the resulting file (make sure the .p12 format is selected from the dropdown). It will ask for a password (which you are creating to protect that key). Finally, it will ask for your admin password to allow keychain access.

Simply copy that file to the Mac where you want to be able to deploy apps and double-click on it to install it (you will be asked for the password you just created for the p12 file). If you relaunch Xcode, the "Valid signing identity not found" warning should disappear (you may have to go to the Provisioning Profiles area under LIBRARY in the organizer and click the "Refresh" button at the bottom of the window).

Now you are all set!