Certificate-and-profile-installer won't parse manually exported certificate

GustavoVergara · June 21, 2018, 9:30pm

I’ve tried exporting signing certificate(.p12) from Xcode, from the Keychain and from the apple developer site but none of then worked, certificate-and-profile-installer always fails with a parse error
The codesigndoc did work but I’ll need to generate new certificates for other accounts and codesigndoc won’t be a option
I even followed this guide https://devcenter.bitrise.io/code-signing/ios-code-signing/exporting-code-signing-files/, but it didn’t work.

This is the error:

+------------------------------------------------------------------------------+
| (3) certificate-and-profile-installer@1.9.3                                  |
+------------------------------------------------------------------------------+
| id: certificate-and-profile-installer                                        |
| version: 1.9.3                                                               |
| collection: https://github.com/bitrise-io/bitrise-steplib.git                |
| toolkit: go                                                                  |
| time: 2018-06-21T13:09:49-07:00                                              |
+------------------------------------------------------------------------------+
|                                                                              |
INFO[13:09:49]  * [OK] Step dependency (go) installed, available. 

Configs:
 - CertificateURL: http://mob***p12
 - CertificatePassphrase: ***
 - ProvisioningProfileURL: http://mob***ion
 - InstallDefaults: yes
 - DefaultCertificateURL: https://s3-***p12
 - DefaultCertificatePassphrase: ***
 - DefaultProvisioningProfileURL: https://s3-***ion
 - KeychainPath: /Users/vagrant/Library/Keychains/login.keychain
 - KeychainPassword: ***
Default Certificate given
Provided Certificate count: 2
Default Provisioning Profile given
Provided Provisioning Profile count: 3
Keychain already exists, using it: /Users/vagrant/Library/Keychains/login.keychain
Downloading & installing Certificate(s)
Downloading certificate: 1/2
Downloading certificate: 2/2
Installing downloaded certificates
Failed to parse certificate, error: pkcs12: error reading P12 data: asn1: structure error: tags don't match (16 vs {class:0 tag:28 length:63 isCompound:true}) {optional:false explicit:false application:false defaultValue:<nil> tag:<nil> stringType:0 timeType:0 set:false omitEmpty:false} pfxPdu @2

Is there something special that I have to do when exporting the .p12 certifcate?

BirmacherAkos · June 22, 2018, 11:41am

Hi!

Have you added the passphrase on Bitrise when you uploaded the Xcode exported .p12?
Can you see the parsed information of the certificates when you click on the “Show included certificates” in a Code Signing tab?
(if the .p12 has only one certificate there will be no button)

GustavoVergara · June 22, 2018, 3:10pm

Yes, when I was using the .p12 exported from Xcode, currently I’m using the .p12 that I exported from the keychain without a password.

Yes, and it’s the same that is included in the provisioning profiles.

godreikrisztian · June 25, 2018, 11:30am

Hi @GustavoVergara,
could you please enable bitrise-support for your project, we would need to have a look at your config. Enabling bitrise-support can be done on your project’s setting page.

GustavoVergara · June 25, 2018, 7:43pm

I enabled it, now I just wait for you guys to check it?

godreikrisztian · June 26, 2018, 8:17am

Please attach your project’s URL to let me identify it. I will check your config and reply here.

GustavoVergara · June 26, 2018, 2:13pm

Here it is https://app.bitrise.io/app/0173a78dbb75927f

godreikrisztian · June 27, 2018, 12:57pm

I have checked your config and can not find any issue.

Have you changed your certificate from build #30 to #31? Since the issue started to happen in build #31.

Other than that, based on your config, it seems you are using a custom url to fetch your certificate, instead of the default url of the uploaded certificate, which means you are not using the certificate you uploaded to bitrise, do you have a specific reason to do so?

GustavoVergara · July 3, 2018, 3:23pm

I’ve found out what was happening.
I was using the certificate that I uploaded to the Amazon S3 but I forgot to set the certificate as public so the request was failing.
That was the only problem, now that I’ve set it to public it’s working fine
Thanks for the help @godreikrisztian!

system · August 2, 2018, 3:23pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Codesigndoc can't find any certificate for the app-store export method Question & Answer	3	825	July 8, 2021
Codesigndoc signed .p12 fails to convert to pem Issues	3	1660	September 22, 2017
Certificate-and-profile-installer problem with converting file p12 to pem Question & Answer	11	3633	February 3, 2018
Codesigndoc: Profile Export Incomplete Builds code-signing , ios	8	978	April 3, 2017
Xcode couldn't find any iOS App Development provisioning profiles matching Builds ios	8	19667	December 6, 2018

Certificate-and-profile-installer won't parse manually exported certificate

Related topics