Use the new Xcode 11 Distribution Certificate Format

If you’ve ever distributed an app to the Apple App Store, you’ve probably generated an iOS Distribution certificate (either from Xcode or directly from the Apple Developer site. With Xcode 11, Apple released new Development and Distribution certificate types and has started using those by default. This was mentioned in the Xcode 11 release notes:

While Apple did say “preexisting iOS and macOS development and distribution certificates continue to work”, they did not clarify that all new certificates needed to be generated with the new format (and not the old legacy iOS Distribution certificate format). I ran into some pain recently having picked the “iOS Distribution (App Store and Ad Hoc)” from Xcode 11 when replacing an expiring certificate. If you are manually generating your certificate in Xcode 11 (instead of using Xcode to do it for you after generating an archive), it looks like you now need to make sure that you select the Xcode 11-compatible certificate format (one of the first two choices below as appropriate):

The new certificate will now show with the prefix “Apple Distribution” instead of “iPhone Distribution” in Keychain access as well.

If you create the wrong type (or never created one), and are attempting to distribute through Xcode, you may see a frustrating message like the one below. You can obviously just let Xcode do the lifting for you here; but make sure to export and save securely the public and private keys in that case.

If you are running a command-line archive for a CI/CD process in Jenkins or similar and are exporting and uploading directly to the App Store with xcodebuild, you may see messages that your distribution certificate cannot be found (once again because you created the wrong type of certificate for Xcode 11).

As a side note, if you check and then un-check Automatically Manage Signing from the Signing and Capabilities tab, the backing code in the Xcode project is changing as well from ‘iPhone Developer’ to ‘Apple Development’

Hope this helps you out if you’re running into this issue!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: