Skip to main content

When generate_hash fails by no valid certificate, or certificate not found error.

  • Updated

The Ruby script "generate_hash" signs IPA again with the same one already used for signing IPA.

But if the certificate & private key are not installed on your MacBook, you will get errors while running generate_hash script.

 

Here's a clean, step-by-step guide on how to install a certificate and private key (usually in a .p12 or .pem/.key pair format) into the macOS Keychain — so your machine can sign or re-sign apps successfully.

✅ Goal: Import Code Signing Certificate + Private Key into MacBook Keychain

🔐 Format to Import:

Most commonly:

  • A .p12 (PKCS#12) file — contains both cert + private key

  • Alternatively: a .cer or .crt (certificate) + .key (private key) pair

 

🔹 Option 1: Using a .p12 file (Recommended)

🔧 Steps:

✅ Step 1: Get the .p12 file

This may be:

  • Exported from another machine’s Keychain

  • Downloaded from your developer account

  • Sent by someone who signed the original IPA

If they are exporting:

  • Open Keychain Access

  • Right-click on the cert > Export

  • Save as .p12 with a password to protect the private key

✅ Step 2: Import the .p12 into your Keychain

Double-click the .p12 file
OR run this in Terminal:

security import /path/to/YourCert.p12 -k ~/Library/Keychains/login.keychain

You'll be prompted to enter the password used during export.

✅ Step 3: Verify Installation

  1. Open Keychain Access

  2. Go to the Login keychain > Category: Certificates

  3. Search for your certificate name (e.g., "Apple Distribution")

  4. ✅ Click the arrow to expand:

    • You should see a private key beneath the certificate

    • If yes — 🎉 you're good to go

 

🔹 Option 2: Using .cer/.crt + .key file pair

If you only have a cert and a separate private key:

🧪 Convert to .p12 first:

openssl pkcs12 -export \
  -in YourCert.cer \
  -inkey YourPrivateKey.key \
  -out YourCert.p12 \
  -name "Custom Cert Name"

Then follow the same import process as above. 

 

⚠️ Common Issues

Problem Fix
🔒 Private key not visible You didn't import it, or it’s in a different keychain
❌ "Missing private key" during signing The private key was not included in .p12
⛔ "Not trusted" cert Manually set trust level in Keychain Access (right-click > Get Info > Trust)

 

🧠 Bonus: Set Codesign Identity to Use It

You can test signing with:

codesign -s "Apple Distribution: Your Company" --dryrun YourApp.app

Want a mini script to check if a matching cert + key is installed?

Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles