Certificate-and-profile-installer won't parse manually exported certificate

I’ve tried exporting signing certificate(.p12) from Xcode, from the Keychain and from the apple developer site but none of then worked, certificate-and-profile-installer always fails with a parse error
The codesigndoc did work but I’ll need to generate new certificates for other accounts and codesigndoc won’t be a option
I even followed this guide https://devcenter.bitrise.io/code-signing/ios-code-signing/exporting-code-signing-files/, but it didn’t work.

This is the error:

| (3) certificate-and-profile-installer@1.9.3                                  |
| id: certificate-and-profile-installer                                        |
| version: 1.9.3                                                               |
| collection: https://github.com/bitrise-io/bitrise-steplib.git                |
| toolkit: go                                                                  |
| time: 2018-06-21T13:09:49-07:00                                              |
|                                                                              |
INFO[13:09:49]  * [OK] Step dependency (go) installed, available. 

 - CertificateURL: http://mob***p12
 - CertificatePassphrase: ***
 - ProvisioningProfileURL: http://mob***ion
 - InstallDefaults: yes
 - DefaultCertificateURL: https://s3-***p12
 - DefaultCertificatePassphrase: ***
 - DefaultProvisioningProfileURL: https://s3-***ion
 - KeychainPath: /Users/vagrant/Library/Keychains/login.keychain
 - KeychainPassword: ***
Default Certificate given
Provided Certificate count: 2
Default Provisioning Profile given
Provided Provisioning Profile count: 3
Keychain already exists, using it: /Users/vagrant/Library/Keychains/login.keychain
Downloading & installing Certificate(s)
Downloading certificate: 1/2
Downloading certificate: 2/2
Installing downloaded certificates
Failed to parse certificate, error: pkcs12: error reading P12 data: asn1: structure error: tags don't match (16 vs {class:0 tag:28 length:63 isCompound:true}) {optional:false explicit:false application:false defaultValue:<nil> tag:<nil> stringType:0 timeType:0 set:false omitEmpty:false} pfxPdu @2

Is there something special that I have to do when exporting the .p12 certifcate?


  • Have you added the passphrase on Bitrise when you uploaded the Xcode exported .p12?

  • Can you see the parsed information of the certificates when you click on the “Show included certificates” in a Code Signing tab?
    (if the .p12 has only one certificate there will be no button)

Yes, when I was using the .p12 exported from Xcode, currently I’m using the .p12 that I exported from the keychain without a password.

Yes, and it’s the same that is included in the provisioning profiles.

Hi @GustavoVergara,
could you please enable bitrise-support for your project, we would need to have a look at your config. Enabling bitrise-support can be done on your project’s setting page.

I enabled it, now I just wait for you guys to check it?

Please attach your project’s URL to let me identify it. I will check your config and reply here.

Here it is https://app.bitrise.io/app/0173a78dbb75927f

I have checked your config and can not find any issue.

Have you changed your certificate from build #30 to #31? Since the issue started to happen in build #31.

Other than that, based on your config, it seems you are using a custom url to fetch your certificate, instead of the default url of the uploaded certificate, which means you are not using the certificate you uploaded to bitrise, do you have a specific reason to do so?

1 Like

I’ve found out what was happening.
I was using the certificate that I uploaded to the Amazon S3 but I forgot to set the certificate as public so the request was failing.
That was the only problem, now that I’ve set it to public it’s working fine :grinning:
Thanks for the help @godreikrisztian!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.