Ive used the BUILD > Cordova Build Package for Android with same signing certificate to publish updates to my app
by downloading it from xdk - THIS WORKS FINE
BUT for iOS its recommended to create new signing certificates
Ive done that but get error in Phonegap Build - Certificate doesn't match profile: The default keychain doesn't have an identity matching
How do I use these new ones in XDK ? cant import any
Because the XDK no longer includes a build system it has no need for the build certificates. You cannot import new certificates into the XDK certificate management tool and the only ones of value for downloading are the Android certs, The package export feature does not reference any build certificates (you can leave those fields blank in the Build Settings section and the export will still succeed).
Since you created a new set of iOS certificates and added them to your PhoneGap Build account, you have done exactly what needs to be done. You are likely getting that error because something is not right about the build certs you created and gave to PGB. Usually, this is caused by an incorrect mobile provisioning file, for example, the app ID in the config.xml file that is included in the exported build package and the app ID in the provisioning file do not match.
The only part of the equation in this problem that the XDK build package export tool effects is the App ID you specify in the Build Settings section of the Projects tab. That App ID needs to match what you specified in the iOS build certificates you created using your Apple Developer account. I would search StackOverflow and the PhoneGap Build forum for help with this issue, we do not control the certificates you create and add to your PhoneGap Build account, nor do we specify what certificates are used during the build.
The only connection between your XDK project and your iOS certificates is the App ID that you put into the Build Settings section of the Projects tab.