Every Year I have to renew my developer certificates and provisioning profiles for my distributed Delphi Apps… and every year, something goes haywire. Over the years I have refined these instructions to attempt to save myself (sometimes literally WEEKS) of absolute hell. So if you want to survive this process, do exactly what I say in this guide. If you don’t, you’ll regret it! Feel free to comment on any pitfalls you encounter during this time. This really only covers RENEWALS. I am assuming your app was built and distributed at some time in the past and now you’re trying to just keep it alive.
If you thought Dante had a rough time, you haven’t tried navigating Apple’s provisioning process. Here’s a guide I scribbled in years of my own tears and frustration. Follow it to the letter, or prepare to be swallowed by the abyss of bureaucratic despair.
The Steps, to be attended to in the most anal-retentive manner possible:
- Keychain Access – The Great Purge:
- a. Launch the ceremonial cleansing of your Keychain Access. Delete every expired “My Certificate”, “Key”, and “Certificate”. Why doesn’t Apple clean up its own mess? The world may never know. If you don’t do this, something will become horribly confused, and you’ll wish you did later… trust me… been there… done that.
- Certificate Signing Request (CSR) – Summoning the Beast:
- a. Open Keychain Access, go to KeyChain Access->Certificate Assistant, Request A Certificate from a Certificate Authority (edit newer OSX renamed this menu item to “Request a Certificate from a Certificate Authority) … Don’t try to do this any other automated way… it simply won’t work and you’ll just get some vague errors later.
- b. Enter your email.
- c. Pick a common name that is colorful and descriptive … otherwise you’ll absolutely 100% pick the wrong thing later on in this process.
- d. Ignore the last field – it’s as useless as the ‘eject’ button on a DVD remote.
- e. Save the file somewhere you’ll remember… like the desktop…I’m sure yours is super clean.
- The Manual CSR March to Apple’s Lair:
- a. In developer.apple.com, goto Certificates, Identifiers & Profiles
- b. Create a new certificate – choose ‘Apple Distribution’
- c. Upload the file you created in section 2.
- d. Repeat the ceremony for your Developer certificate. Because why make it automated and easy?
- Distribution Profile – Binding Your App to the Underworld:
- a. Select “App Store” – the only choice that makes sense here among the verbose descriptions of every kind of variant nobody ever wanted.
- b. Pick your app’s identifier, something like TV342342POO.com.company.pronbot
- c. Encounter the dreaded duplicate certificates. Choose the last one in the list of inevitable duplicate names (with no way of knowing which are which).
- d. Name your provisioning profile like it’s your firstborn. Be descriptive, be lengthy, and include dates and estimated expiration dates (1 year from now) so that you’re not confused later.
- e. Launch Xcode, or if it was open, you should probably close and reopen it at this point.
- f. Check your session hasn’t expired – because apparently, that’s a thing. You can go into Xcode->Preferences (edit renamed “Settings” in more recent versions) to make sure you’re still signed in.
- g. Finally download your profile and click on the downloaded file (or drag it onto the XCode icon). It should be imported into Xcode.
- Kill and Resurrect PA Server Manager:
- a. Terminate your PA Server Manager. Why? Because sometimes you need to destroy something to bring it back better. If you don’t kill it, something is absolutely guaranteed to be out of sync in some cache somewhere.
- b. Resurrect a new PA Server, chanting optional but recommended.
- Delphi, the Demanding Overlord:
- a. close and open Delphi. It may seem like an overly cautious thing to do… but just trust me.
- b. With your newly awakened PA Server, go down to Delphi’s project options and then “provisioning”. Remember, no PA Server, no party. PA Server must be running. If you started PA Server in “verbose” mode, you will see it make requests to query all the provisioning profiles available.
- Provisioning Profile – The Holy Grail:
- a. Confirm that Delphi has acknowledged the existence of your meticulously named provisioning profile. If not, prepare for a meltdown.
- Build the IPA – The Final Frontier:
- a. With a flicker of hope, build and deploy your app. (If you don’t deploy it, it won’t get provisioned) Watch as the IPA file emerges from the ashes of your patience. In some cases, if you’re also upgrading versions of Delphi your code might not even compile. If you get errors about missing APIs, you just have to go into the SDK settings for IOS and basically manually type the name of the missing API… I think this might be better in Delphi 12… but it is dumb in all previous versions.
- Submit the app through apple’s “Transporter” app. Pray that they haven’t changed the requirements on you making your app instantly obsolete until Delphi catches up 2 years from now.
- Wait about 10 minutes
- Log into Developer.Apple.com find your app and click (+) to add a new version. Pray to god they aren’t suddenly requiring AR Screen shots to remain on the store.
Conclusion If you’ve followed these steps and still find yourself in the ninth circle of Apple’s provisioning purgatory, know you’re not alone. This guide, a product of a decade of pulling at my own hair, might help you keep your own.
wow … how many times has this been done.. especially when you change Mac… the suffering is worse
Been there. Done that. Every freaking step.
I would add this magic step: before melting down, try deploying a fresh Hello World project from Xcode. This has (too) often exercised whatever demons might remain after all the other incantations have been uttered. While some things will never be automatic for Delphi, Xcode apparently well fix dune issues first itself, aiding Delphi.