Every Year I have to renew my developer certificates and provisioning profiles for my distributed Delphi Apps… and every year, something goes haywire. Over the years I have refined these instructions to attempt to save myself (sometimes literally WEEKS) of absolute hell. So if you want to survive this process, do exactly what I say in this guide. If you don’t, you’ll regret it! Feel free to comment on any pitfalls you encounter during this time. This really only covers RENEWALS. I am assuming your app was built and distributed at some time in the past and now you’re trying to just keep it alive.
If you thought Dante had a rough time, you haven’t tried navigating Apple’s provisioning process. Here’s a guide I scribbled in years of my own tears and frustration. Follow it to the letter, or prepare to be swallowed by the abyss of bureaucratic despair.
The Torturous Steps
- Keychain Access – The Purge:
- a. Launch the ceremonial cleansing of your Keychain Access. Delete every expired “My Certificate”, “Key”, and “Certificate”. Why doesn’t Apple clean up its own mess? The world may never know. If you don’t do this, something will become horribly confused, and you’ll wish you did later… trust me… been there… done that.
- Certificate Signing Request (CSR) – Summoning the Beast:
- a. Open Keychain Access, go to KeyChain Access->Certificate Assistant, Request A Certificate from a Certificate Authority … Don’t try to do this any other automated way… it simply won’t work and you’ll just get some vague errors later.
- b. Enter your email like you’re signing a pact.
- c. Pick a common name that is colorful and descriptive … otherwise you’ll absolutely 100% pick the wrong thing later on in this process.
- d. Ignore the last field – it’s as useless as the ‘eject’ button on a DVD remote.
- e. Save the file somewhere you’ll remember… like the desktop…I’m sure yours is super clean.
- The Manual CSR March to Apple’s Lair:
- a. In developer.apple.com, goto Certificates, Identifiers & Profiles
- b. Create a new certificate – choose ‘Apple Distribution’
- c. Upload the file you created in section 2.
- d. Repeat the ceremony for your Developer certificate. Because why make it automated and easy?
- Distribution Profile – Binding Your App to the Underworld:
- a. Select “App Store” – the only choice that makes sense here among the verbose descriptions of every kind of variant nobody ever wanted.
- b. Pick your app’s identifier, something like TV342342POO.com.company.pronbot
- c. Encounter the dreaded duplicate certificates. Choose the last one in the list of inevitable duplicate names (with no way of knowing which are which) as if you’re picking the least rotten apple from a spoiled bunch.
- d. Name your provisioning profile like it’s your firstborn. Be descriptive, be lengthy, and include dates and estimated expiration dates (1 year from now) so that you’re not confused later.
- e. Launch Xcode, ensuring it’s not snoozing like a lazy cat. Check your session hasn’t expired – because apparently, that’s a thing. You can go into Xcode->Preferences to make sure you’re still signed in.
- f. Finally download your profile and click on the downloaded file (or drag it onto the XCode icon). It should be imported into Xcode.
- Kill and Resurrect PA Server Manager:
- a. Terminate your PA Server Manager. Why? Because sometimes you need to destroy something to bring it back better. If you don’t kill it, something is absolutely guaranteed to be out of sync in some cache somewhere.
- b. Resurrect a new PA Server, chanting optional but recommended.
- Delphi, the Demanding Overlord:
- a. close and open Delphi. It may seem like an overly cautious thing to do… but just trust me.
- b. With your newly awakened PA Server, go down to Delphi’s project options and then “provisioning”. Remember, no PA Server, no party. PA Server must be running. If you started PA Server in “verbose” mode, you will see it make requests to query all the provisioning profiles available.
- Provisioning Profile – The Holy Grail:
- a. Confirm that Delphi has acknowledged the existence of your meticulously named provisioning profile. If not, prepare for a meltdown.
- Build the IPA – The Final Frontier:
- a. With a flicker of hope, build and deploy your app. (If you don’t deploy it, it won’t get provisioned) Watch as the IPA file emerges from the ashes of your patience. In some cases, if you’re also upgrading versions of Delphi your code might not even compile. If you get errors about missing APIs, you just have to go into the SDK settings for IOS and basically manually type the name of the missing API… I think this might be better in Delphi 12… but it is dumb in all previous versions.
- Submit the app through apple’s “Transporter” app. Pray that they haven’t changed the requirements on you making your app instantly obsolete until Delphi catches up 2 years from now.
- Wait about 10 minutes
- Log into Developer.Apple.com find your app and click (+) to add a new version. Pray to god they aren’t suddenly requiring AR Screen shots to remain on the store.
Conclusion If you’ve followed these steps and still find yourself in the ninth circle of Apple’s provisioning purgatory, know you’re not alone. This guide, a product of a decade of pulling at my own hair, might help you keep your own.
wow … how many times has this been done.. especially when you change Mac… the suffering is worse
Been there. Done that. Every freaking step.
I would add this magic step: before melting down, try deploying a fresh Hello World project from Xcode. This has (too) often exercised whatever demons might remain after all the other incantations have been uttered. While some things will never be automatic for Delphi, Xcode apparently well fix dune issues first itself, aiding Delphi.
Comment from Luciana: I’ve found that if you simply provide an offering of coffee and patience to the realm of Xcode, it sometimes plays nicely. I hope they do something about this in future, it’s a unique kind of torture that only programmers understand. But hey, someone once told me that pain is just weakness leaving the body, right? Apple must really want us to be strong.
Well said. Who knew coding was a physical workout! I’m curious, is there any preferable time to renew certificates and profiles to minimize issues?
Hey Jack Parker, I’ve heard rumors that avoiding major iOS updates or Apple’s developer conferences might save you some hassle. Not sure if it’s true or just another myth, but wouldn’t hurt to try syncing your renewal with quieter periods in the Apple calendar, right? Anyone else tried this strategy?