I have an app that was built on my first mac, i got a new one and moved the code and everthing to this new mac. I exported the private key and certificate from the old mac to the new one. Tried everthing on the internet about signing an app, but it just doesn't work. Now i'm stuck in a loop on xcode. I get the message "Revoke Certificate", when i click it, xcode create a new one, but it's already expired(despites it saying that will expire in 2024), if i try to manage certificates and create from there, nothing happens. If i delete the expired certificate from keychain, the revokate certificate message comes back. Any tips?
Signing Certificates
RSS for tagA signing certificate is a digital identity used for code signing during the build and archive process.
Posts under Signing Certificates tag
160 Posts
Sort by:
Post
Replies
Boosts
Views
Activity
Hello,
I have a flutter project where my team is pushing changes for an ios app. We have tested locally with no issue and unit tested it. About a week ago we received the following error when we distribute the app.
App Store Connect access for “******” is required. Add an account in the Accounts preference pane. Please try again, and if issue persists file a bug report at "https://feedbackassistant.apple.com."
Our signing has not changed, nor has our permissions in the app. I have reached out to support several times and they literally said they aren't tech savvy and I should go here. With links too the code signing docs even though already had it booked marked.
I get it, app markets are a pain on any platform. Do I have to resign again cause apple updated something? I am definitely not a fan of apple's code signing process. I would rather just automate this if there is a better solution. We tried CodeMagic but keep running into issues with that as well.
Hello!
I am having trouble with a Developer ID Application certificate that I have clearly added to the Keychain with Keychain Access not being recognized by codesign or DMG Canvas. Here is the command that DMG Canvas uses to see if there are any certificates for signing:
$ /usr/bin/security find-identity -p codesigning
Policy: Code Signing
Matching identities
0 identities found
Valid identities only
0 valid identities found
This shows that no certificates are found but there definitely are some.
I installed this cert to both the System and login keychains, I tried to the Local Items keychain but this failed with an error I will display below.
This image (names redacted) clearly shows the certs are there, valid, and not expired (behind the error) and also shows the error popup for when I try to add the cert to the Local Items keychain:
Essentially I am asking why does Keychain Access say that I have the certificates but nothing can find it in order to sign applications. Thank you!
Hello Apple team,
We're having a problem submitting one of our apps to TestFlight via Xcode Cloud. We have over 10 apps with the same codebase and all of them build successfully. However, one application fails to build in Xcode Cloud, although there is no problem with manual build. We would appreciate your help in resolving this situation. Can you please help us resolve this issue? We are ready to provide additional information or logs to clarify the causes of the error.
Sincerely,
Anton Babich
Xcode Cloud
Archive - iOS encountered a failure that caused the build to fail.
Prepare Build for App Store Connect
Invalid Signature. Code failed to satisfy specified code requirement(s). The file at path “moBiel Live.app/Frameworks/grpcpp.framework/grpcpp” is not properly signed. Make sure you have signed your application with a distribution certificate, not an ad hoc certificate or a development certificate. Verify that the code signing settings in Xcode are correct at the target level (which override any values at the project level). Additionally, make sure the bundle you are uploading was built using a Release target in Xcode, not a Simulator target. If you are certain your code signing settings are correct, choose “Clean All” in Xcode, delete the “build” directory in the Finder, and rebuild your release target. For more information, please consult https://developer.apple.com/support/code-signing.
Prepare Build for App Store Connect
Invalid Signature. Code failed to satisfy specified code requirement(s). The file at path “moBiel Live.app/Frameworks/Braintree.framework/Braintree” is not properly signed. Make sure you have signed your application with a distribution certificate, not an ad hoc certificate or a development certificate. Verify that the code signing settings in Xcode are correct at the target level (which override any values at the project level). Additionally, make sure the bundle you are uploading was built using a Release target in Xcode, not a Simulator target. If you are certain your code signing settings are correct, choose “Clean All” in Xcode, delete the “build” directory in the Finder, and rebuild your release target. For more information, please consult https://developer.apple.com/support/code-signing.
Do we need to generate a distribution certificate for each app we create? Or can we use one distribution certificate for multible apps?
Hello,
I am attempting to use Xcode Cloud to build my application (specifically running the 'xcode archive' command); however, have been running into an issue relating to certificate signing. All the questions/documentation surrounding this issue seem to be related to local builds.
For the project, I'm using automatic signing with my org as the 'Team' without a Provisioning Profile. I have 'Apple Development' set as the 'Code Signing Identity' with 'Code Signing Style' set to 'Automatic'.
The error I'm getting:
No signing certificate "iOS Development" found: No "iOS Development" signing certificate matching team ID "<TEAM_ID>" with a private key was found. (in target '<PROJECT_NAME>' from project '<PROJECT_NAME>')
Any would would be greatly appreciated.
Thanks!
Hello,
I have been running into this issue with locating the java runtime I am installing with brew while attempting to run a gradle command. Has anyone found any issues relating to this? If I can't use a java runtime I won't be able to use Xcode Cloud entirely is seems.
Thanks
We changed from Enterprise to a regular developer account and understood our existing apps in the wild signed under the Enterprise account would be fine. However as of this morning it seems those certificates were revoked and attempts to launch are informing users that the application will harm their computer. Can this be undone so they work and avoid thousands of people needing to get a new dmg and re-install??
We created a multi-tenant SaaS platform to create content and configure individual mobile apps.
In other words, we build apps for customers and we take care of deploying and maintaining these apps on their developer accounts, given that they are comfortable with giving us access to it.
But in some cases, especially with government or military customers, they cannot add us to their developer accounts, and/or they cannot send us their signing certificates so we can sign the builds with them.
Does Apple have any alternative ways to deploy an app that WE OWN the code to, sign it, and ship it onto a client's developer account so that the app become publicly accessible on the app store?
To my knowledge, the only way currently is through Apple Business Managed accounts and/or MDM, which is would NOT make the app publicly available on the app store.
I have a team on my company looking to develop a let say "link" to distribute between some sale employes to "automatically" create a Business Card inside Apple Wallet.
The idea is that "link" will have all the public employe information and the look&feel of the card.
They are following this page: https://github.com/alexandercerutti/passkit-generator/wiki/Generating-Certificates
So they are asking us those certificates:
Signer Certificate (Developer)
Signer Certificate Key (Developer)
WWDR (Apple WorldWide Developer Relations) G4 Certificate
Can someone explain me if giving those certificates to the develpers could have some security risk?
Or what else they can do having those certificates?
Thanks!
While trying to create a new Distribution (iOS) certificate after the old one expired I came across the situation that we do not have the root certificate that was originally created. It was created on a mac of an employee that no longer works for us and which is not cooperative anymore. Is there any way around this, or to create a new root certificate that enables us to create trusted certificates to release updates for our app?
I'm new to this whole certificate workflow so I'd be very thankful for any input that lets us progress.
Best Regards,
Hans
Hi, i try to build at xcode (14.3.1) of my company project on testphone, it doesn't work
until july 20 it build succeed and install very well, but now it occur to this error
i Doubt to expire Certificates my account, so renew Certificates and I've sign Xcode import manually provision - this provision also renew-
in xcode never find error both i automatically sign and manual sign but when i build in xcode it does't work.
I've doubt my Certificates proccess someting wrong so i've try to extract ipa file to use xcode. it work very well.
i try to import provisioning file use device simulator also take action to use 'A valid provisioning profile for this executable was not found' solution.
please help
detail message
Details
Unable to install "IDCARD"
Domain: com.apple.dt.MobileDeviceErrorDomain
Code: -402620395
User Info: {
DVTErrorCreationDateKey = "2023-08-04 06:42:43 +0000";
IDERunOperationFailingWorker = IDEInstalliPhoneLauncher;
}
A valid provisioning profile for this executable was not found.
Domain: com.apple.dt.MobileDeviceErrorDomain
Code: -402620395
User Info: {
DVTRadarComponentKey = 487925;
MobileDeviceErrorCode = "(0xE8008015)";
"com.apple.dtdevicekit.stacktrace" = (
0 DTDeviceKitBase 0x00000001186c74c0 DTDKCreateNSErrorFromAMDErrorCode + 235
1 DTDeviceKitBase 0x0000000118703c96 __90-[DTDKMobileDeviceToken installApplicationBundleAtPath:withOptions:andError:withCallback:]_block_invoke + 155
2 DVTFoundation 0x000000010d66fd7a DVTInvokeWithStrongOwnership + 71
3 DTDeviceKitBase 0x00000001187039bb -[DTDKMobileDeviceToken installApplicationBundleAtPath:withOptions:andError:withCallback:] + 1409
4 IDEiOSSupportCore 0x000000011bb0f73a __118-[DVTiOSDevice(DVTiPhoneApplicationInstallation) processAppInstallSet:appUninstallSet:installOptions:completionBlock:]_block_invoke.301 + 3540
5 DVTFoundation 0x000000010d7a55ce DVT_CALLING_CLIENT_BLOCK + 7
6 DVTFoundation 0x000000010d7a60e2 __DVTDispatchAsync_block_invoke + 196
7 libdispatch.dylib 0x00007ff808543d91 _dispatch_call_block_and_release + 12
8 libdispatch.dylib 0x00007ff808545033 _dispatch_client_callout + 8
9 libdispatch.dylib 0x00007ff80854b200 _dispatch_lane_serial_drain + 769
10 libdispatch.dylib 0x00007ff80854bd39 _dispatch_lane_invoke + 366
11 libdispatch.dylib 0x00007ff8085563fc _dispatch_workloop_worker_thread + 765
12 libsystem_pthread.dylib 0x00007ff8086e2c55 _pthread_wqthread + 327
13 libsystem_pthread.dylib 0x00007ff8086e1bbf start_wqthread + 15
);
}
Analytics Event: com.apple.dt.IDERunOperationWorkerFinished : {
"device_model" = "iPhone13,2";
"device_osBuild" = "16.5.1 (20F75)";
"device_platform" = "com.apple.platform.iphoneos";
"launchSession_schemeCommand" = Run;
"launchSession_state" = 1;
"launchSession_targetArch" = arm64;
"operation_duration_ms" = 1087;
"operation_errorCode" = "-402620395";
"operation_errorDomain" = "com.apple.dt.MobileDeviceErrorDomain";
"operation_errorWorker" = IDEInstalliPhoneLauncher;
"operation_name" = IDEiPhoneRunOperationWorkerGroup;
"param_consoleMode" = 0;
"param_debugger_attachToExtensions" = 0;
"param_debugger_attachToXPC" = 1;
"param_debugger_type" = 5;
"param_destination_isProxy" = 0;
"param_destination_platform" = "com.apple.platform.iphoneos";
"param_diag_MainThreadChecker_stopOnIssue" = 0;
"param_diag_MallocStackLogging_enableDuringAttach" = 0;
"param_diag_MallocStackLogging_enableForXPC" = 1;
"param_diag_allowLocationSimulation" = 1;
"param_diag_checker_tpc_enable" = 1;
"param_diag_gpu_frameCapture_enable" = 0;
"param_diag_gpu_shaderValidation_enable" = 0;
"param_diag_gpu_validation_enable" = 0;
"param_diag_memoryGraphOnResourceException" = 0;
"param_diag_queueDebugging_enable" = 1;
"param_diag_runtimeProfile_generate" = 0;
"param_diag_sanitizer_asan_enable" = 0;
"param_diag_sanitizer_tsan_enable" = 0;
"param_diag_sanitizer_tsan_stopOnIssue" = 0;
"param_diag_sanitizer_ubsan_stopOnIssue" = 0;
"param_diag_showNonLocalizedStrings" = 0;
"param_diag_viewDebugging_enabled" = 1;
"param_diag_viewDebugging_insertDylibOnLaunch" = 1;
"param_install_style" = 0;
"param_launcher_UID" = 2;
"param_launcher_allowDeviceSensorReplayData" = 0;
"param_launcher_kind" = 0;
"param_launcher_style" = 0;
"param_launcher_substyle" = 0;
"param_runnable_appExtensionHostRunMode" = 0;
"param_runnable_productType" = "com.apple.product-type.application";
"param_testing_launchedForTesting" = 0;
"param_testing_suppressSimulatorApp" = 0;
"param_testing_usingCLI" = 0;
"sdk_canonicalName" = "iphoneos16.4";
"sdk_osVersion" = "16.4";
"sdk_variant" = iphoneos;
}
System Information
macOS Version 13.5 (Build 22G74)
Xcode 14.3.1 (21815) (Build 14E300c)
Timestamp: 2023-08-04T15:42:43+09:00
mac os version 13.5(22G74)
xcode version 14.3.1
test phone iOS version 16.5.1
Hi to all,
a few years ago I worked with PhoneGap developing apps. As for then I did all the deploys so never got the need to have the answer to my current issue.
The problem is.. we have a 3rd party company developing us a Flutter App and we want for some of our company's members to test it by being them to deploy using our certificates so the tests can be done. However generating the development certificate always makes it's name to be the same that belongs to the account that generated it.
I believe it would work but how could I make it more manageable by setting it's name as the 3rd party company's name (let's say company's name is "XPTO")?
Is there a better way to accomplish this, deploying to testflight so our colleges can test it?
We have a Jenkins job that runs a script on a Mac to create our installers.
This was working last week.
Today, it's failing with:
`"Apple Development: John Lussmyer (xxxxxxxxx)" (CSSMERR_TP_CERT_EXPIRED)
The other identities used for the build work. So far, I've been unable to find anything in my Account that indicates something has expired.
Can anyone tell me how to get this fixed?
I am sure I am missing a pretty elementary step - but - I'm at a loss.
I can build a certificate using KeyChain Access, upload the CSR, download the Certificate from the developer portal website and sign Apple Wallet Passes all day long.
No Problem.
So I thought I'd try to automate some processes with the AppStoreConnectAPI.
I want to download the certificate from the app store and use it to sigh passes instead of file on the disk.
So I find the right certificate from the API, and one of the token in there is a big byte stream called "certificateContent"... which I assumed would be the same binary data as what I uploaded (and whats on disc).
But it doesn't work - it "fails to sign".
I must be missing some step that is preventing me from being able to use that key. I have a feeling the a key or something is missing from the certificate I download from Apple's API.
Any ideas?
I recently began work on an app that uses push notifications and the app already has a version in the store. I no longer have access to the original development and distribution certificates. I know I need to generate new certs. However, will the new certificates work with the existing APN key, or will I have to generate a new APN key as well? Any links or info will help. Thanks.
When the beta was installed, the installer asked me if I wanted to use the new versions, I said no and now they never load and I can't use the token with the authenticity certificate.
The certificate used in the app published earlier is showing as invalid or not considering in the provisioning profile now.So please help us how to resolve this issue with same certificate to publish an update for the app.
We will soon be transferring our MacOS Electron app to a newly-created company. The app uses electron-builder and electron-updater (which in turn uses Squirrel.Mac). We distribute the app ourselves. (That is, it is not distributed in the App Store.)
If the new company signs the app with their certificate, I assume that updating from the version signed with the old company's certificate won't work. For Windows, it seems that I can provide both the old and new company names when building the app and then a subsequent update will work if the code is signed with either company's certificate. I haven't been able to find a similar process that will work on Mac.
I found this article, which doesn't offer much help: https://developer.apple.com/forums/thread/669350
But would a valid solution be to transfer the old company's developer account (or at least the Team ID/App ID Prefix) to the new company? Is that possible? And if so, and the Team ID/App ID Prefix remains the same, would the app be able to update even though the Bundle ID changes?
Thanks.
Xcode Cloud always exports archive using ad-hoc, development and app-store profiles. This uses up 5-6 more minutes always for my app. How to disable and allow export only in single distribution profile