Ok, maybe everyone else already knows this, but since it boggled apple dev support (the bug I wrote 6635822 and the duplicate someone else opened, 6229180 both seem to still be open) I thought I’d write about the work-around I figured out today:
First, the problems:
There are two related problems, with two related work-arounds.
Both problems arise when you have two iPhone developer accounts and the name on the keys for the certificates are the same (likely since you are required to use a person’s name and your real name when signing up with Apple, AND your name on the certificate request has to be the same as what you signed up with).
Problem 1: Xcode Organizer will tell you that the provisioning profiles for one of the accounts are invalid (this has to do with the order of creation of the keys in the Keychain Access utility, I forget now if it’s the last created or the first created that works). It shows a big yellow banner saying “A valid signing identity matching this profile could not be found in your keychain.”
Problem 2: Xcode codesign for the default project configuration fails with an error like:
iPhone Developer: Your Name: ambiguous (matches “iPhone Developer: Your Name” in /Users/dad/Library/Keychains/iphonedev.keychain and “iPhone Developer: Your Name” in /Users/dad/Library/Keychains/login.keychain)
or something even less helpful if you don’t have them in separate keychains (which is a hint towards part of the solution :)).
Second, solutions (well, work-arounds maybe):
Solution to Problem 1:
Put one of the sets of keys & certificates into a separate keychain using Keychain Access (I’ve already done that in the illustration of problem 2 above, “iphonedev” is the name of that keychain). Then using the contextual menu on that keychain choose the “Make keychain ‘iphonedev’ the Default”. The name of it becomes bold in Keychain Access. The provisioning profiles that need those signatures & certificates now will show up as good in Xcode organizer.
Solution to Problem 2:
Same first step as above, put one set of keys & certificates into a separate keychain. Then open the project which should be signed with those credentials and set the “Other Code Signing Flags” to be
(or whatever you called your secondary keychain).
To use your other keychain credentials, just put the keychain they are in as the argument to –keychain. So in my case, my second set is in my “login” keychain so I use “–keychain login.keychain” (note that the quotes are not needed in the xcode panel, that’s just for the blog. Probably you’d need to quote keychain names with spaces in them, but I didn’t make any like that so I’m not 100% sure on that).
That makes it all work here. Hopefully this might help someone else out there in iphone developer land.
Update: See the first comment below, it contains the further learning that James and I figured out after way too much time today.