General: DevForums tags: Code Signing, Signing Certificates, Provisioning Profiles, Entitlements Developer Account Help — This document is good in general but, in particular, the Reference section is chock-full of useful information, including the names and purposes of all certificate types issued by Apple Developer web site, tables of which capabilities are supported by which distribution models on iOS and macOS, and information on how to use managed capabilities. Developer > Support > Certificates covers some important policy issues Entitlements documentation TN3125 Inside Code Signing: Provisioning Profiles — This includes links to other technotes in the Inside Code Signing series. WWDC 2021 Session 10204 Distribute apps in Xcode with cloud signing Certificate Signing Requests Explained DevForums post --deep Considered Harmful DevForums post Don’t Run App Store Distribution-Signed Code DevForums post Resolving errSecInternalComponent errors during code signing DevForums post Finding a Capability’s Distribution Restrictions DevForums post Signing code with a hardware-based code-signing identity DevForums post Mac code signing: DevForums tag: Developer ID Creating distribution-signed code for macOS documentation Packaging Mac software for distribution documentation Placing Content in a Bundle documentation Embedding Nonstandard Code Structures in a Bundle documentation Embedding a Command-Line Tool in a Sandboxed App documentation Signing a Daemon with a Restricted Entitlement documentation Defining launch environment and library constraints documentation WWDC 2023 Session 10266 Protect your Mac app with environment constraints TN2206 macOS Code Signing In Depth archived technote — This doc has mostly been replaced by the other resources linked to here but it still contains a few unique tidbits and it’s a great historical reference. Manual Code Signing Example DevForums post The Care and Feeding of Developer ID DevForums post TestFlight, Provisioning Profiles, and the Mac App Store DevForums post For problems with notarisation, see Notarisation Resources. For problems with the trusted execution system, including Gatekeeper, see Trusted Execution Resources. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

(I posted this in the "Distribution >> App Submission and Review" forum 2 days ago but it has not received a response. Trying here...)I had to rebuild my iMac a few months ago and I restored from my Time Machine backup.I now need to make a change to an app but what used to compile without error is now failing at the codesign step with:Signing Identity: "-"As far as I can see, all of the account profiles are valid with expiry dates in the future. The only 'odd' thing is that some have a 'Download' button in the 'Action' column of the 'Provisioning Profiles' seciotn of the account details - when I select the "Download All Profiles" button, they turn grey but never seem to download or disappear (even after aiting for several hours!). Looking at the 'developer' web page, all of my certificates and provisioning profiles are all active.Any ideas welcomedThanksSusan

Hi,my apps run on the iOSSimulator without problems and used to run on devices as well, but after updating to latest XCode-Version I am getting the above error message when trying to run an app on my iPhone 7. It says :"codesign wants to access key "access" in your bunch of keys . To allow this enter your password".... but my apple-Developer-ID-Password doesn't work. And until updating to latest XCode-Version I never had any problems with codesign when running an app on iPhone device.Any hints what's going wrong ?XCode Version 9.1 (9B55)iOS Version 11.1.2 (15B202)Latest High Sierra Version, macbook Pro 2015

I hope the pending antitrust suits force Apple to allow us to sign and provision our own apps for more than a week. For the price paid I should be able to write my own apps and use them without restriction outside of Apple services such as iCloud and so on. I understand distribution restrictions but please kill that 1 week annoyance, give me some level of freedom over my own apps on my own device. Or I hope it’s forced. Cheers and Thanks in advance.

When I want to create ios development / distribution certificate it show error. The operation couldn’t be completed. (OSStatus error -2147416032.)

To support an older version of an iOS app, I needed to install Mojave with Xcode 9. I create a CSR and from there generate an iOS Distribution certificate online, which I download and double click to install in Keychain. However, when viewing in Keychain, it shows in red "iPhone Distribution: CompanyName certificate is not trusted". I'm not sure what I'm doing wrong as I follow the instructions to the T and have done this in the past with success. NOTE: I tried this with Sierra as well and got the same issue. It only seems to work on Catalina, which doesn't help me because I need an older version of Xcode.

I am trying to implement sign in with apple with firebase. I cannot get around an issue where I get the following error when attempting a sign in: When running: Auth.auth().signIn(with: credential) { (authResult, error) in I get: nil credential = OAuthProvider.credential Optional(Error Domain=FIRAuthErrorDomain Code=17004 "The audience in ID Token [com.name.app] does not match the expected audience." UserInfo={NSLocalizedDescription=The audience in ID Token [com.name.app] does not match the expected audience., FIRAuthErrorUserInfoNameKey=ERROR_INVALID_CREDENTIAL}) Optional("The audience in ID Token [com.name.app] does not match the expected audience.") I have added my URL as stated on firebase to my identifier. To complete set up, add this authorization callback URL to your app configuration in the Apple Developer Console. Additional steps may be needed to verify ownership of this web domain to Apple.  More code: func authorizationController(controller: ASAuthorizationController, didCompleteWithAuthorization authorization: ASAuthorization) {   if let appleIDCredential = authorization.credential as? ASAuthorizationAppleIDCredential {    guard let nonce = currentNonce else {     fatalError("Invalid state: A login callback was received, but no login request was sent.")    }    guard let appleIDToken = appleIDCredential.identityToken else {     print("Unable to fetch identity token")     return    }    guard let idTokenString = String(data: appleIDToken, encoding: .utf8) else {     print("Unable to serialize token string from data: \(appleIDToken.debugDescription)")     return    }           print("credential = OAuthProvider.credential")    // Initialize a Firebase credential.    let credential = OAuthProvider.credential(withProviderID: "apple.com",                         idToken: idTokenString,                       rawNonce: nonce)     //Auth.auth().createUser(withEmail: T##String, password: T##String, completion: T##AuthDataResultCallback?##AuthDataResultCallback?##(AuthDataResult?, Error?) -> Void)    // Sign in with Firebase.    Auth.auth().signIn(with: credential) { (authResult, error) in           print(Auth.auth().currentUser?.uid ," credential = OAuthProvider.credential ", error)

I'm trying to generate a Pass Type certificate. In my request, I specifically specify the hash type as Sha256. However, when upload the request file, and generate the certificate on the apple developer site, the cer file states it is SHA1 (which has been depreciated). Any help would be greatly appreciated.

How to delete certificates from "Certificates, Identifiers & Profiles?" I have a new Mac and need to create new certificate for it but there is no option of deleting or editing of the existing certificates. When trying to add a new one the option is greyed out with the following commend: Developer ID Application This certificate is used to code sign your app for distribution outside of the Mac App Store. Maximum number of certificates generated.

I am trying to compile Xcode project on an online platform Bitrise. I am facing issue with sign in and provisioning .. after trying 4-5 days I am approaching you. Please solve this. ❌ error: No profiles for 'my app bundle id' were found: Xcode couldn't find any iOS App Development provisioning profiles matching 'my app bundle id'. Automatic signing is disabled and unable to generate a profile. To enable automatic signing, pass -allowProvisioningUpdates to xcodebuild. (in target 'myapp-Development' from project 'myapp') How to enable this "allowProvisioningUpdates" also why it is too difficult to do such processes with apple development.. I tried for android and it compiled successfully in a single attempt. please help.

Hello, I've just got a new computer and now I want to transfer my developer account (certificates, keys etc.) to the new computer. Right now my developer membership has expired since I'm not doing any apps right now, but I might start again in the future. I'm not sure if I need to transfer anything, or if I will just get new certificates and keys when (if) I restart my membership? What do I need do, before I reset my old computer? I have developed apps for both for iOS and macOS.

In my certificate list, I see a certificate type called “iOS Distribution Managed”. What is the difference between this and “iOS Distribution”? It's kind of automatic. I don't remember creating it

Hi, I have this error: Provisioning profile "iOS Team Provisioning Profile: com.Mcrich23.Pickt" doesn't include the com.apple.runningboard.assertions.webkit entitlement However, I can't add this entitlement because it pretty much does not exist. Any ideas?

Xcode version : 14.0 Beta 3 macOS version : 13 Beta 3(22A5295i) Hi, I'm signing the DriverKit in Developer ID Application type profile with Developer ID Application (With Kext) type certificate on Xcode. But status shows error with"Xcode 14 and later requires a DriverKit development profile enabled for IOS and macOS.Visit the developer website to create or download a DriverKit profile" I have downloaded all profiles and Certificates to my Mac and installed all of them, then checked the website. I'm wondering what's different between "Development type" & "Developer ID Application type" profile ? and the reason why "2022-07-22 14:41:54.162815+0800 0x22ee2    Error       0x0                  138    0    kernelmanagerd: Error occurred while handling request "DextLaunch(arguments: Optional(["Driver Extension Server Name": com.asix.dext.usbdevice, "Check In Token": 371, "Driver Extension Server Tag": 4294975444, "CFBundleIdentifier": com.asix.dext.usbdevice, "DriverKit Reslide Shared Cache": 0, "kOSBundleDextUniqueIdentifier": <222f1e51 f5e890f7 b467c2a0 da761dbd 9b14dc5f 1bf56ff6 4eeab6b2 fed9683c>]))": Error Domain=NSPOSIXErrorDomain Code=8 "Exec format error" error code show on when I starting the app. I'll appreciate that someone can give me some idea or suggestions. Thanks a lot.

I enrolled in the Apple Developer Program. When I want to archive my project, I have an error message : "Automatic signing is unable to resolve an issue - Signing certificate is invalid. It may have been revoked or expired." How to have a valid signature certificate ?

I am trying to sign a Java application, packaged in a disk image, via jpackage, invoked via Ant (so no XCode anywhere). The packaging itself works fine, but I am having trouble figuring out the signing parameters. In particular, it seems I will have to provide a parameter --mac-signing-key-user-name What value should I give to this parameter? I have an Apple Developer Account (well, obviously...), I have generated a certificate and quite a few other things, but I am confused as to what the "signing-key-user-name" should be. The error message I currently get from jpackage is: No certificate found matching [...] using keychain [] I am on MAC OS 12.6 and JDK 17. Any help would be greatly appreciated.

I have an Apple Development certificate issued by: Apple Worldwide Developer Relations Certification Authority (until February 20, 2030). From time to time the Xcode build fails and I see that my certificate is invalid. In this situation, I see two "Apple Worldwide Developer Relations Certification Authority" certificates. One is valid until 2030 and the other is valid until 2023. When I remove the second one (until 2023), my Apple Development certificate becomes valid and the build goes fine. But after a while CodeSign fails again, and I have to remove the second certificate again to build the application. Seems to be that second certificates is auto downloaded by Xcode, how can i fix it?

Hi there, Currently having some issues debugging on a physical device. I am running a flutter app, and have a provisioning profile provided by our client company that is not expired and has worked up until recently just fine with physical devices. Running the app on a simulator works okay as well. However, all of the sudden the app will not run on a physical device. The build succeeds fine, but then I receive the error "Unable to install runner: A valid provisioning profile for this executable was not found". I have opened devices and simulators and tried to install the provisioning profile on the device, but get the error "Failed to install one or more provisioning profiles on the device: Please ensure the provisioning profile is configured for this device. If not, please try to generate a new profile." I don't know why this error appears, because I have used this exact profile on this device many times before. I'm hesitant to contact the client to receive a new provisioning profile because it is not easy to do, and again this one has worked fine until now. Does anyone have any ideas? Thanks!

Looking at the certificate chains for various binaries (using Apple's APIs or codesign --vvd) shows several patterns for the common names. I am wondering why some code has the structure Apple Root CA Developer ID Certification Authority Developer ID Application: Google LLC (EQHXZ8M8AV) while others have the pattern Apple Root CA Apple Worldwide Developer Relations Certification Authority Apple Mac OS Application Signing Note, the second pattern does not include an organizational name. Why is there a difference? Is the second pattern an older pattern and the first (with the organization name) the new pattern? (There are other certificate patterns like for Apple's binaries and development code I am testing)

I got an email from Apple, "Your Developer ID Installer Certificate will no longer be valid in 30 days". So I went to my certificates page on developer.apple.com, and I see the attached photo. Basically, yes, I have a Developer ID Installer Certificate that expires 2023/07/01; but I also have one that expires 2025/12/08, and one that expires 2026/01/09, and one that expires 2026/12/15, and another that expires 2026/12/16! Why do I have all these certificates? I have no idea. There is a "+" button to add a new one; but given that I already seem to have ones that won't expire for several more years, do I need to? There does not seem to be a "-" button, or any way to clear out this cruft. I then recalled that perhaps I have managed my certificates in Xcode in the past, not on this page (or maybe I have done both, at different times?). So I went to Xcode, and things seem to be rather a mess there too, but in a different way (second image attached). Here, I seem to have lots of stale certificates that are in gray and say "Not in Keychain" – how do I clear those out? Again there does not seem to be a "-" button. And the newer ones that I saw on developer.apple.com do not seem to be listed here, maybe – it's hard to compare, though, because on developer.apple.com it shows the expiration date but not creation date, whereas in Xcode it shows creation date but not expiration date. What should I do? Note that I am not a member of multiple different teams, or anything like that; I'm a solo developer. This stuff is really confusing and does not seem to be well-documented anywhere that I have found. Am I just being dense?