Xcode: "Your account does not have permission to create iOS Distribution Certificates" as Team Member

Question

Forward: There are many similar SO questions with regard to this error. I've visited dozens of them over the past days, but none seem to have a solution to my problem. They mostly are from developers with full admin rights, unlike myself. Most solutions are also hacks or unclear.

---

I am a member of a developer team at Apple's developer.apple.com site. I've been charged with uploaded an iOS application I've developed to iTunesConnect, in order to be able to deploy it with TestFlight.

In order to successfully accomplish this. I asked for the following to be done.

1. That I be added as a member developer. See certificates here.
2. A matching App with the same bundle-ID be created for me on iTunesConnect.
3. A Distribution provisioning profile be added at developer.apple.com for my specific App.

Despite all of this. When I try to validate the app, I'm met with the following message.

It would appear from a manual signing attempt that because the provisioning profile was created by a team administrator, that I cannot sign it without their private key. Assuming this is correct, then how can any developer ever distribute apps if:

1. A distribution provisioning profile requires you be the creator in order to be validated.

2. Only a team admin can create a distribution provisioning profile.

This appears to be a paradox.

---

What can be done to resolve this conflict? I am only a member of this development team temporarily, and would like to formulate a clear solution to this problem so that I do not test their patience with repeated troubleshooting questions. To make it easier to answer this question, I've attached some extra images that might be useful.

• My app's general panel in Xcode when using automatic signing. It shows I am signing on behalf of the team.

Answer 1

Solving this problem required two steps.

1. A certificate signing request (CSR) was created and sent to the developer who had created the distribution provisioning profile. You can create a CSR by going to: Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority. Once I received this CSR back from the developer, I double clicked it to install it in my keychain. It then appeared as so:

2. Next, the developer had to add the certificate they sent me to the provisioning profile for the app on developer.apple.com. I then downloaded this provisioning profile again and selected it in within Xcode as seen below.

Once this is completed, you should be able to validate the application.

Answer 2

I got this error when my ExportOptions.plist file had the wrong value for the method. I had "enterprise" rather than "ad-hoc". (This is the file passed to xcodebuild via the -exportOptionsPlist option.)