Deleted iOS Certificate blocks importing real iOS/tvOS Certificates and Provisions

While trying to find a workaround for a [different certificate/provision problem][1], I decided to try things on a different machine. THIS machine is a Macbook Pro (Retina, 15-inch, Early 2013) running macOS Sierra 10.12.1 (this also happened on this machine before I upgraded from 10.11.6).

Symptom: ALL projects on the machine report this certificate as being present, including in brand-new projects created from templates (like the brand-new project I created just to take the screenshot below).


BUT…I DELETED that certificate from Keychain Access. This search here used to show it up…until I deleted it:


The worst part is that this phantom certificate prevents me from importing any real certificates (or provisions):

Here is what the Output Log says about my attempt to import a real certificate:

LogTemp:Display: Running Mono...
LogTemp:Display: Setting up Mono
LogTemp:Display: /Users/Shared/UnrealEngine/4.14/Engine /Users/Shared/UnrealEngine/4.14
LogTemp:Display: Executing iPhonePackager Install Engine -project /Users/nathan/ap/MyProject4/MyProject4.uproject -certificate /Users/nathan/Downloads/ios_distribution.cer -bundlename com.YourCompany.MyProject4
LogTemp:Display: CWD: /Users/Shared/UnrealEngine/4.14/Engine/Binaries/DotNET/IOS
LogTemp:Display: Initial Dir: /Users/Shared/UnrealEngine/4.14/Engine
LogTemp:Display: Env CWD: /Users/Shared/UnrealEngine/4.14/Engine/Binaries/DotNET/IOS
LogTemp:Display: BranchPath = ice.local///Users/Shared/UnrealEngine/4.14/Engine/Binaries/DotNET/IOS/../.. --- GameBranchPath = ice.local///Users/Shared/UnrealEngine/4.14/Engine/Binaries/DotNET/IOS/../..
LogTemp:Display: 1 certificate imported.
LogTemp:Display: CERTIFICATE-Name:iPhone Developer: Nathan Stocks,Validity:EXPIRED,StartDate:2008-07-15T02:26:01.0000000Z,EndDate:2009-01-13T02:26:01.0000000Z
LogTemp:Display: IPP ERROR: Application exception: System.ArgumentOutOfRangeException: Cannot be negative.
LogTemp:Display: Parameter name: length
LogTemp:Display:   at System.String.Substring (Int32 startIndex, Int32 length) [0x00000] in <filename unknown>:0 
LogTemp:Display:   at iPhonePackager.CodeSignatureBuilder.FindCertificates () [0x00000] in <filename unknown>:0 
LogTemp:Display:   at iPhonePackager.Program.Main (System.String[] args) [0x00000] in <filename unknown>:0 

No matter what project I’m in, trying to import any certificate or provision ends in the same error about this wacky old certificate that has already been deleted.

Forgot to mention, this condition is the same whether in 4.13.2 or 4.14.0. Doesn’t matter if you delete Saved and Intermediate folders. Doesn’t matter if you generate a blank project.

I stumbled on the solution while trying workarounds for another tvOS issue.

After reading this page that Samantha Sutton told me about, I exposed the expired items in Keychain Access and deleted ALL expired items in my login keychain (just deleting the expired Worldwide Developer Relations Intermediate Certification wasn’t enough).

Now my Macbook Pro can import provisions and certificates. Yay!

Now I am blocked from packaging tvOS for distribution only by this issue on both my Mac Pro and my Macbook Pro. So at least there is some sanity in the world. It was very weird to have errors at different points in the process on two such similar machines.