Certificate Missing Required Extension

Question

Created May ’20

Replies 2

Boosts 1

Participants 3

I'm not much of a Developer, but I use my developer account as a Mac Admin to sign packages and mobileconfig profiles for distribution via JAMF. I've had no problems until recently.

I went to sign a mobileconfig like I always do I can get an error saying: errSecInternalComponent

or I get this if I try to sign from the command line using the product sign command: productsign: error: Can't read input product archive "/Users/myuser/Desktop/TEST.mobileconfig"

When I run this: security find-identity -vp macappstore

This is the what is returned 1) 111111111111111111abcdefghijklmnop "Developer ID Installer: My Name (blah0011112)" (Missing required extension)

In fact all of my developer ID certs return that (Missing required extension) message now

I assume this has something to do with my inability to sign mobileconfigs, but i'm totally stuck.

I've created a whole new keychain, issued a new certificate, nothing works.

Any ideas?

Boost

Answer 1

DTS Engineer OP

Apple

May ’20

The command you’re using:

security find-identity -vp macappstore

says “I want to list all digital identities that conform to the Mac App Store policy.” Developer ID signing identities do not conform to that policy, and hence this message. Specifically, the certificates issued by Apple all have custom extensions that indicate there expected use and the Mac App Store policy is checking for an extension that’s not present in a Developer ID certificate.

For a list of all these extensions, check out the policy documents on the Apple PKI page.

As to what’s going on with your configuration profile signing, I’m sad to say that I can’t offer any insight into that. This is a deployment issue rather than an API issue, and APIs are my primary focus. You may have better luck asking this question over in Apple Support Communities, run by AppleCare, where you’re more likely to find folks with deployment experience.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 2

jaroslavic OP

4w

I’m developing an app on .NET8 for macOS and encountered an issue during App Review with feedback: "An error showed upon launch. The app cannot be opened because the developer cannot be verified. This may be due to an issue with your app’s Gatekeeper conformance."

Additionally, the provided screenshot showed this message: "Application is damaged and can't be opened. Delete and reinstall from App Store." When I run this: security find-identity -vp macappstore (Missing required extension) in result list

0