Signing Certificates

RSS for tag

A signing certificate is a digital identity used for code signing during the build and archive process.

Posts under Signing Certificates tag

161 Posts
Sort by:






Signing an APP for Mac (not Xcode, Python compiled)
Hi, I'm trying to sign and app which is a python compiled exe for Mac OS (one file only). The app runs perfectly on my own mac (or some else's, but only after being admin authorized) after running codesign --sign "$devID" $file2sign I got the following error: Warning: unable to build chain to self-signed root for signer "Apple Development:..." errSecInternalComponent As per screenshot, I have both a current Dev cert and the intermediate certs installed. Any help will be highly appreciated!
Sep ’23
Transferring a MacOS Electron app to a new company
We will soon be transferring our MacOS Electron app to a newly-created company. The app uses electron-builder and electron-updater (which in turn uses Squirrel.Mac). We distribute the app ourselves. (That is, it is not distributed in the App Store.) If the new company signs the app with their certificate, I assume that updating from the version signed with the old company's certificate won't work. For Windows, it seems that I can provide both the old and new company names when building the app and then a subsequent update will work if the code is signed with either company's certificate. I haven't been able to find a similar process that will work on Mac. I found this article, which doesn't offer much help: But would a valid solution be to transfer the old company's developer account (or at least the Team ID/App ID Prefix) to the new company? Is that possible? And if so, and the Team ID/App ID Prefix remains the same, would the app be able to update even though the Bundle ID changes? Thanks.
Aug ’23
APN Key and Certificates
I recently began work on an app that uses push notifications and the app already has a version in the store. I no longer have access to the original development and distribution certificates. I know I need to generate new certs. However, will the new certificates work with the existing APN key, or will I have to generate a new APN key as well? Any links or info will help. Thanks.
Aug ’23
How can the AppStoreConnect API be used to download certificates to sign passes?
I am sure I am missing a pretty elementary step - but - I'm at a loss. I can build a certificate using KeyChain Access, upload the CSR, download the Certificate from the developer portal website and sign Apple Wallet Passes all day long. No Problem. So I thought I'd try to automate some processes with the AppStoreConnectAPI. I want to download the certificate from the app store and use it to sigh passes instead of file on the disk. So I find the right certificate from the API, and one of the token in there is a big byte stream called "certificateContent"... which I assumed would be the same binary data as what I uploaded (and whats on disc). But it doesn't work - it "fails to sign". I must be missing some step that is preventing me from being able to use that key. I have a feeling the a key or something is missing from the certificate I download from Apple's API. Any ideas?
Aug ’23
CSSMERR_TP_CERT_EXPIRED when unlocking my identity
We have a Jenkins job that runs a script on a Mac to create our installers. This was working last week. Today, it's failing with: `"Apple Development: John Lussmyer (xxxxxxxxx)" (CSSMERR_TP_CERT_EXPIRED) The other identities used for the build work. So far, I've been unable to find anything in my Account that indicates something has expired. Can anyone tell me how to get this fixed?
Aug ’23
Certificates to 3rd party Dev
Hi to all, a few years ago I worked with PhoneGap developing apps. As for then I did all the deploys so never got the need to have the answer to my current issue. The problem is.. we have a 3rd party company developing us a Flutter App and we want for some of our company's members to test it by being them to deploy using our certificates so the tests can be done. However generating the development certificate always makes it's name to be the same that belongs to the account that generated it. I believe it would work but how could I make it more manageable by setting it's name as the 3rd party company's name (let's say company's name is "XPTO")? Is there a better way to accomplish this, deploying to testflight so our colleges can test it?
Sep ’23
build succeed but unable to install detail(A valid provisioning profile for this executable was not found.)
Hi, i try to build at xcode (14.3.1) of my company project on testphone, it doesn't work until july 20 it build succeed and install very well, but now it occur to this error i Doubt to expire Certificates my account, so renew Certificates and I've sign Xcode import manually provision - this provision also renew- in xcode never find error both i automatically sign and manual sign but when i build in xcode it does't work. I've doubt my Certificates proccess someting wrong so i've try to extract ipa file to use xcode. it work very well. i try to import provisioning file use device simulator also take action to use 'A valid provisioning profile for this executable was not found' solution. please help detail message Details Unable to install "IDCARD" Domain: Code: -402620395 User Info: { DVTErrorCreationDateKey = "2023-08-04 06:42:43 +0000"; IDERunOperationFailingWorker = IDEInstalliPhoneLauncher; } A valid provisioning profile for this executable was not found. Domain: Code: -402620395 User Info: { DVTRadarComponentKey = 487925; MobileDeviceErrorCode = "(0xE8008015)"; "" = ( 0 DTDeviceKitBase 0x00000001186c74c0 DTDKCreateNSErrorFromAMDErrorCode + 235 1 DTDeviceKitBase 0x0000000118703c96 __90-[DTDKMobileDeviceToken installApplicationBundleAtPath:withOptions:andError:withCallback:]_block_invoke + 155 2 DVTFoundation 0x000000010d66fd7a DVTInvokeWithStrongOwnership + 71 3 DTDeviceKitBase 0x00000001187039bb -[DTDKMobileDeviceToken installApplicationBundleAtPath:withOptions:andError:withCallback:] + 1409 4 IDEiOSSupportCore 0x000000011bb0f73a __118-[DVTiOSDevice(DVTiPhoneApplicationInstallation) processAppInstallSet:appUninstallSet:installOptions:completionBlock:]_block_invoke.301 + 3540 5 DVTFoundation 0x000000010d7a55ce DVT_CALLING_CLIENT_BLOCK + 7 6 DVTFoundation 0x000000010d7a60e2 __DVTDispatchAsync_block_invoke + 196 7 libdispatch.dylib 0x00007ff808543d91 _dispatch_call_block_and_release + 12 8 libdispatch.dylib 0x00007ff808545033 _dispatch_client_callout + 8 9 libdispatch.dylib 0x00007ff80854b200 _dispatch_lane_serial_drain + 769 10 libdispatch.dylib 0x00007ff80854bd39 _dispatch_lane_invoke + 366 11 libdispatch.dylib 0x00007ff8085563fc _dispatch_workloop_worker_thread + 765 12 libsystem_pthread.dylib 0x00007ff8086e2c55 _pthread_wqthread + 327 13 libsystem_pthread.dylib 0x00007ff8086e1bbf start_wqthread + 15 ); } Analytics Event: : { "device_model" = "iPhone13,2"; "device_osBuild" = "16.5.1 (20F75)"; "device_platform" = ""; "launchSession_schemeCommand" = Run; "launchSession_state" = 1; "launchSession_targetArch" = arm64; "operation_duration_ms" = 1087; "operation_errorCode" = "-402620395"; "operation_errorDomain" = ""; "operation_errorWorker" = IDEInstalliPhoneLauncher; "operation_name" = IDEiPhoneRunOperationWorkerGroup; "param_consoleMode" = 0; "param_debugger_attachToExtensions" = 0; "param_debugger_attachToXPC" = 1; "param_debugger_type" = 5; "param_destination_isProxy" = 0; "param_destination_platform" = ""; "param_diag_MainThreadChecker_stopOnIssue" = 0; "param_diag_MallocStackLogging_enableDuringAttach" = 0; "param_diag_MallocStackLogging_enableForXPC" = 1; "param_diag_allowLocationSimulation" = 1; "param_diag_checker_tpc_enable" = 1; "param_diag_gpu_frameCapture_enable" = 0; "param_diag_gpu_shaderValidation_enable" = 0; "param_diag_gpu_validation_enable" = 0; "param_diag_memoryGraphOnResourceException" = 0; "param_diag_queueDebugging_enable" = 1; "param_diag_runtimeProfile_generate" = 0; "param_diag_sanitizer_asan_enable" = 0; "param_diag_sanitizer_tsan_enable" = 0; "param_diag_sanitizer_tsan_stopOnIssue" = 0; "param_diag_sanitizer_ubsan_stopOnIssue" = 0; "param_diag_showNonLocalizedStrings" = 0; "param_diag_viewDebugging_enabled" = 1; "param_diag_viewDebugging_insertDylibOnLaunch" = 1; "param_install_style" = 0; "param_launcher_UID" = 2; "param_launcher_allowDeviceSensorReplayData" = 0; "param_launcher_kind" = 0; "param_launcher_style" = 0; "param_launcher_substyle" = 0; "param_runnable_appExtensionHostRunMode" = 0; "param_runnable_productType" = ""; "param_testing_launchedForTesting" = 0; "param_testing_suppressSimulatorApp" = 0; "param_testing_usingCLI" = 0; "sdk_canonicalName" = "iphoneos16.4"; "sdk_osVersion" = "16.4"; "sdk_variant" = iphoneos; } System Information macOS Version 13.5 (Build 22G74) Xcode 14.3.1 (21815) (Build 14E300c) Timestamp: 2023-08-04T15:42:43+09:00 mac os version 13.5(22G74) xcode version 14.3.1 test phone iOS version 16.5.1
Aug ’23
Root Certificate not accessible
While trying to create a new Distribution (iOS) certificate after the old one expired I came across the situation that we do not have the root certificate that was originally created. It was created on a mac of an employee that no longer works for us and which is not cooperative anymore. Is there any way around this, or to create a new root certificate that enables us to create trusted certificates to release updates for our app? I'm new to this whole certificate workflow so I'd be very thankful for any input that lets us progress. Best Regards, Hans
Aug ’23
Business Card in Apple Wallet - Implementation and Security doubts
I have a team on my company looking to develop a let say "link" to distribute between some sale employes to "automatically" create a Business Card inside Apple Wallet. The idea is that "link" will have all the public employe information and the look&feel of the card. They are following this page: So they are asking us those certificates: Signer Certificate (Developer) Signer Certificate Key (Developer) WWDR (Apple WorldWide Developer Relations) G4 Certificate Can someone explain me if giving those certificates to the develpers could have some security risk? Or what else they can do having those certificates? Thanks!
Jul ’23
Signing and deploying an app on a client developer account without access
We created a multi-tenant SaaS platform to create content and configure individual mobile apps. In other words, we build apps for customers and we take care of deploying and maintaining these apps on their developer accounts, given that they are comfortable with giving us access to it. But in some cases, especially with government or military customers, they cannot add us to their developer accounts, and/or they cannot send us their signing certificates so we can sign the builds with them. Does Apple have any alternative ways to deploy an app that WE OWN the code to, sign it, and ship it onto a client's developer account so that the app become publicly accessible on the app store? To my knowledge, the only way currently is through Apple Business Managed accounts and/or MDM, which is would NOT make the app publicly available on the app store.
Jul ’23
Changed from Enterprise to regular developer account and certs from old were revoked?!?!?!
We changed from Enterprise to a regular developer account and understood our existing apps in the wild signed under the Enterprise account would be fine. However as of this morning it seems those certificates were revoked and attempts to launch are informing users that the application will harm their computer. Can this be undone so they work and avoid thousands of people needing to get a new dmg and re-install??
Jul ’23
Xcode Cloud Issues within certificate signing
Hello, I am attempting to use Xcode Cloud to build my application (specifically running the 'xcode archive' command); however, have been running into an issue relating to certificate signing. All the questions/documentation surrounding this issue seem to be related to local builds. For the project, I'm using automatic signing with my org as the 'Team' without a Provisioning Profile. I have 'Apple Development' set as the 'Code Signing Identity' with 'Code Signing Style' set to 'Automatic'. The error I'm getting: No signing certificate "iOS Development" found: No "iOS Development" signing certificate matching team ID "<TEAM_ID>" with a private key was found. (in target '<PROJECT_NAME>' from project '<PROJECT_NAME>') Any would would be greatly appreciated. Thanks!
Aug ’23
Invalid Signature. Code failed to satisfy specified code requirement(s).
Hello Apple team, We're having a problem submitting one of our apps to TestFlight via Xcode Cloud. We have over 10 apps with the same codebase and all of them build successfully. However, one application fails to build in Xcode Cloud, although there is no problem with manual build. We would appreciate your help in resolving this situation. Can you please help us resolve this issue? We are ready to provide additional information or logs to clarify the causes of the error. Sincerely, Anton Babich Xcode Cloud Archive - iOS encountered a failure that caused the build to fail. Prepare Build for App Store Connect Invalid Signature. Code failed to satisfy specified code requirement(s). The file at path “moBiel” is not properly signed. Make sure you have signed your application with a distribution certificate, not an ad hoc certificate or a development certificate. Verify that the code signing settings in Xcode are correct at the target level (which override any values at the project level). Additionally, make sure the bundle you are uploading was built using a Release target in Xcode, not a Simulator target. If you are certain your code signing settings are correct, choose “Clean All” in Xcode, delete the “build” directory in the Finder, and rebuild your release target. For more information, please consult Prepare Build for App Store Connect Invalid Signature. Code failed to satisfy specified code requirement(s). The file at path “moBiel” is not properly signed. Make sure you have signed your application with a distribution certificate, not an ad hoc certificate or a development certificate. Verify that the code signing settings in Xcode are correct at the target level (which override any values at the project level). Additionally, make sure the bundle you are uploading was built using a Release target in Xcode, not a Simulator target. If you are certain your code signing settings are correct, choose “Clean All” in Xcode, delete the “build” directory in the Finder, and rebuild your release target. For more information, please consult
Sep ’23
Certificates: Developer ID Application not found by codesign
Hello! I am having trouble with a Developer ID Application certificate that I have clearly added to the Keychain with Keychain Access not being recognized by codesign or DMG Canvas. Here is the command that DMG Canvas uses to see if there are any certificates for signing: $ /usr/bin/security find-identity -p codesigning Policy: Code Signing Matching identities 0 identities found Valid identities only 0 valid identities found This shows that no certificates are found but there definitely are some. I installed this cert to both the System and login keychains, I tried to the Local Items keychain but this failed with an error I will display below. This image (names redacted) clearly shows the certs are there, valid, and not expired (behind the error) and also shows the error popup for when I try to add the cert to the Local Items keychain: Essentially I am asking why does Keychain Access say that I have the certificates but nothing can find it in order to sign applications. Thank you!
Jul ’23
Error Finding App Store Connect Credentials
Hello, I have a flutter project where my team is pushing changes for an ios app. We have tested locally with no issue and unit tested it. About a week ago we received the following error when we distribute the app. App Store Connect access for “******” is required. Add an account in the Accounts preference pane. Please try again, and if issue persists file a bug report at "" Our signing has not changed, nor has our permissions in the app. I have reached out to support several times and they literally said they aren't tech savvy and I should go here. With links too the code signing docs even though already had it booked marked. I get it, app markets are a pain on any platform. Do I have to resign again cause apple updated something? I am definitely not a fan of apple's code signing process. I would rather just automate this if there is a better solution. We tried CodeMagic but keep running into issues with that as well.
Jul ’23