Xamarin Hot Restart: get "Certificate already exists but cannot be found in the local keychain"

Steve Brooke 40 Reputation points
2023-03-16T14:21:23.84+00:00

First I tried on a borrowed Win 10 PC, installed VS 2022, iTunes, bought the Apple Developer's License and Hot Restart with a local iPhone worked OK. Most times I had to disconnect/reconnect USB to deploy, but otherwise working. So I bought a new Win 11 PC, installed VS 2022, iTunes, etc. I had some problem with it, but eventually I figured out that I needed to revoke the key from the experiment with the first PC.

So I revoked the original key and made a new key and downloaded the .p8 file to the new machine. Now I get the "Certificate ... already exists but cannot be found in local keychain" error whenever I try to build for the local iPhone or configure automatic provisioning. The key ID in the error message does not match any in my Apple Account, active or revoked.

The account details are pasted in below. My impression is that this data is from the local .p8 file and shows all revoked and valid keys from my trials. I believe that it might work if I could purge all of the revoked keys somehow or if the VS client could parse to find the valid key.

User's image

Xamarin
Xamarin
A Microsoft open-source app platform for building Android and iOS apps with .NET and C#.
5,297 questions
Accepted answer
  1. Wenyan Zhang (Shanghai Wicresoft Co,.Ltd.) 26,626 Reputation points Microsoft Vendor
    2023-03-21T05:47:52.87+00:00

    Hello,

    From the screenshot, you have a development provisioning profile named "VS:WildCard Developement", but it doesn't match the certificate. You can log into apple developer portal and go to profiles list, then find your provisioning profile and edit the profile to match all certificates. (Click Edit->Select all certificates). After that, you can download the profile again in VS (your first screenshot), and choose the profile (your second screenshot).

    If I added another key, would I also need to update the profile file in the same way?

    No. When you create another certificate, you can create a profile for it or not. When you select the provisioning profile, it should match your certificate. The solution I provide before is to make your existed profile match your exist certificate, so that you can use the profile for deployment.
    Understanding certificate key pairs :A developer profile contains certificates, their associated keys, and any provisioning profiles associated with the Apple developer account. There are two versions of a developer profile—one exists in Apple's developer portal, and the other lives on a local machine. The difference between the two is the type of keys they contain: the profile on Apple's developer portal contains all of the public keys associated with your certificates, while the copy on your local machine contains all of the private keys. For certificates to be valid, the key pairs must match.

    For more details, you can refer to Manual provisioning for .NET MAUI iOS apps - .NET MAUI | Microsoft Learn

    It's been a few weeks since the profile was first generated and I do not recall how that was even created. Was that through the VS wizard?

    When you configure hot restart, Visual Studio will configure Automatic Provisioning. Please see .NET MAUI hot restart for iOS device deployment - .NET MAUI | Microsoft Learn
    When automatic provisioning is enabled, Visual Studio will re-run the process if necessary when any of the following things happen:

    • An iOS device is plugged into your Mac
      • This automatically checks to see if the device is registered on the Apple Developer Portal. If it isn't, it will add it and generate a new provisioning profile that contains it.
    • The Bundle ID of your app is changed
      • This updates the app ID. A new provisioning profile containing this app ID is created.
    • A supported capability is enabled in the Entitlements.plist file.
      • This capability will be added to the app ID and a new provisioning profile with the updated app ID is generated.
      • Not all capabilities are currently supported. For more information on the ones that are supported, check out the Working with Capabilities guide.

    Please see Automatic provisioning for .NET MAUI iOS apps - .NET MAUI | Microsoft Learn

    Was my problem that the profile was created from a difference computer?

    Yes. You change a computer and create a new certificate, but the previous profile hasn't match it. You could also create another development provisioning profile that matches your existed certificate.

    Best Regards,

    Wenyan Zhang

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest