We have a DMG for our Mac desktop app that has notarized OK, but on stapling we get the error below. The DMG and its contained app are signed (prior to Catalina this was sufficient.) The .app folder is directly constructed in our build process (not using XCode or similar); the .dmg is by DMGCanvas. The app only contains the UI; the libs and command-line tools are in a sibling folder, laid out much as they are on our other *nix builds. (When installed, everything is placed in a dedicated folder inside /Applications to keep it all in one place.)Searching for the error "Certificate authority pinning mismatch" almost entirely links to cssmapple.h, which implies not many other people have run into this?OS: 10.15.1Xcode: 11.1xcrun: 48Notarization:Request Identifier: 71c0468a-2a58-46ae-b699-22462e8593b0Stapling:Properties are { NSURLIsDirectoryKey = 0; NSURLIsPackageKey = 0; NSURLIsSymbolicLinkKey = 0; NSURLLocalizedTypeDescriptionKey = "Disk Image"; NSURLTypeIdentifierKey = "com.apple.disk-image-udif"; "_NSURLIsApplicationKey" = 0; } Codesign offset 0xcee4caf length: 9556 Stored Codesign length: 9556 number of blobs: 3 Total Length: 9556 Found blobs: 3 Props are { cdhash = {length = 20, bytes = 0xfb512617c5c078595f7a2ab6f74c73d7fa00a73c}; digestAlgorithm = 2; flags = 0; secureTimestamp = "2019-09-12 15:10:53 +0000"; signingId = "FICO Xpress 8.7.0 for Mac Installer"; teamId = KL84GEX7ZW; } JSON Data is { records = ( { recordName = "2/2/fb512617c5c078595f7a2ab6f74c73d7fa00a73c"; } ); } Headers: { "Content-Type" = "application/json"; } Domain is api.apple-cloudkit.com Certificate trust evaluation did not return expected result. (5) [leaf AnchorApple ChainLength IntermediateMarkerOid] Certificate trust evaluation for api.apple-cloudkit.com did not return expected result. Certificate authority pinning mismatch. Certificate trust evaluation did not return expected result. (5) [leaf AnchorApple ChainLength IntermediateMarkerOid] Certificate trust evaluation for api.apple-cloudkit.com did not return expected result. Certificate authority pinning mismatch. Could not establish secure connection to api.apple-cloudkit.com Response is (null) error is Error Domain=NSURLErrorDomain Code=-999 "cancelled" UserInfo={NSErrorFailingURLStringKey=https://api.apple-cloudkit.com/database/1/com.apple.gk.ticket-delivery/production/public/records/lookup, NSLocalizedDescription=cancelled, NSErrorFailingURLKey=https://api.apple-cloudkit.com/database/1/com.apple.gk.ticket-delivery/production/public/records/lookup} Size of data is 0 CloudKit's response is inconsistent with expections: (null) The staple and validate action failed! Error 68.