Obtain / reset a "3rd Party Mac Developer Installer" certificate

Upon trying to upload a new build to App Connect, which worked fine four weeks ago, validate gives an error that:

The product archive package's signature is invalid. Ensure that it is signed with your "3rd Party Mac Developer Installer" certificate.

Uploading gives the same error:

ERROR ITMS-90237: "The product archive package's signature is invalid. Ensure that it is signed with your "3rd Party Mac Developer Installer" certificate."

This is despite updating in my developer profile and downloading the new "3rd Party Mac Developer Installer" certificate, which shows up as valid in my keychain. So confused...
Up vote post of wingover Down vote post of wingover
3.2k views
Posted by
wingover
Reply
Add a Comment

Replies

To clarify, after following tutorials on how to fix the error, I:

  • removed duplicates in Keychain from expired certs (wasn't a problem four weeks ago, weeks-post expiration)

  • regenerated profiles, then certs and profiles again in the web interface

  • built with cleaned derived data each time

  • removed all certs online and in keychain, restarted the laptop and rebuilt in Xcode's managing signing certificates

  • manually specified signing / provisioning profiles in the app and app extension (that worked in Xcode, failed in Archive/Upload

What am I missing?
Posted by
wingover
Up vote reply of wingover Down vote reply of wingover
Add a Comment
Same here. I've also tried signing the .pkg with a newly installed certificate to no avail.
Any luck on your end?
Posted by
rsusa7
Up vote reply of rsusa7 Down vote reply of rsusa7
Add a Comment
The following worked for a developer apparently, but not for me:

Code Signing a Package
For the first issue, I originally thought it was questioning which certificate I used to sign the app. My code signing of the app was correct, it was code signing the package file which I forgot to do. I logged into the Apple Developer portal and created a new Mac Installer Distribution certificate which I could use to properly sign the pkg file. Once I had the new certificate, I then built and signed the package:
productbuild --component ./Permanent\ Eraser.app/ /Applications/ PermanentEraser.pkg --sign "3rd Party Mac Developer Installer: John Doe (12AB34567C)"

Source: edenwaith.com
Posted by
rsusa7
Up vote reply of rsusa7 Down vote reply of rsusa7
Add a Comment
Ah, interesting. I've always relied on Xcode to automatically sign, will take a look at triggering it manually beyond just the Signing Capabilities settings section. I'll try your tip later and call Apple if I can't sort myself out. Luckily my update to that app isn't urgent.
Posted by
wingover
Up vote reply of wingover Down vote reply of wingover
Add a Comment
I called supporting but they just pointed me to the documentation. Not very helpful.
Posted by
rsusa7
Up vote reply of rsusa7 Down vote reply of rsusa7
Add a Comment

  • support

Posted by
rsusa7
Up vote reply of rsusa7 Down vote reply of rsusa7
Add a Comment
Classic
Posted by
wingover
Up vote reply of wingover Down vote reply of wingover
Add a Comment
Just out of curiosity, are you running MacOS Big Sur Beta 3?
Posted by
rsusa7
Post not yet marked as solved Up vote reply of rsusa7 Down vote reply of rsusa7
Add a Comment
Upgrading to MacOS Big Sur Beta 4 did not help unfortunately. I might revert back to Catalina..
Posted by
rsusa7
Up vote reply of rsusa7 Down vote reply of rsusa7
Add a Comment
I downgraded from MacOS Big Sur Beta to Catalina and the issue went away.
Posted by
rsusa7
Post not yet marked as solved Up vote reply of rsusa7 Down vote reply of rsusa7
Add a Comment
In my case, expired certificates were not removed from the Keychain. (New ones were automatically generated by XCode)
Posted by
Vladimir_Nektony
Up vote reply of Vladimir_Nektony Down vote reply of Vladimir_Nektony
Add a Comment