How many Certificates do I need?

Question

dumbbunny OP

Created Jun ’21

Replies 6

Boosts 0

Views 2.4k

Participants 3

Hi,

Over many years and changing computers a few times I seem to have collected lots of certificates. How many and what certificates do I need? I have:-

5 Developer ID Application macOS, all current.

2 Mac Installer Distribution macOS, all current.

1 Distribution for ALL, current.

3 Development for ALL, all current for 3 computers.

Can I delete most certificates and only keep 1 each for:-

1 Developer ID Application macOS.

1 Mac Installer Distribution.

1 Distribution ALL.

1 Development for the current computer I'm using now.

If I do that will xcode work it out without too much messing about?

Any help appreciated. Thanks Paul

Boost

Answer 1

EA7K OP

Jun ’21

Don't you buy a new machine with a fresh install for each minor update?

0

Answer 2

dumbbunny OP

Jun ’21

On a new machine I install everything fresh and copy the projects from the old computer to the new one. I don't know how I got so many certificates. Can I delete (revoke) most of them? I would like to get rid of those I don't need and simplify life.

1

Answer 3

DTS Engineer OP

Apple

Jun ’21

WARNING Do not delete your Developer ID signing identities. These are precious, as I explain in this post.

If you find the extra signing identities to be annoying, you can archive the ones you’re not using. To do that, use Keychain Access to export each signing identity (Keychain Accesses uses the term My Certificates as a synonym for digital identity) to a .p12 file and then delete it from the keychain. That way you can bring them back if you ever need them for some reason.

IMPORTANT When you export you’ll be ask for a password to protect the .p12 file. Use a strong password there, and then save that somewhere safe, like in your password manager.

All the other stuff you mentioned in low value and Xcode’s automatic code signing is capable of fixing any damage you do (-:

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 4

dumbbunny OP

Jun ’21

Eskimo, thank you very much for your help. But I do I tell the ones I'm not using?

I've just bought a M1 mac-mini and now want to move development to it (I still have another 2 computers that I use occasionally for development but wish to stop using them now as they are quite old, years-2010 and 2012). Any tips, so I dont mess up?

Regards, Paul

0

Answer 5

DTS Engineer OP

Apple

Jun ’21

But I do I tell the ones I'm not using?

Which ones? Developer ID identities? It’s hard to say that definitively because the nature of Developer ID is that you can ship software independently.

Are your Developer ID identities all from the same team? You can confirm that in Keychain Access.

Any tips, so I dont mess up?

Use keychain access to export all of your Developer ID signing identities to .p12 files, as I described above. This serves as a backup (in case something goes wrong with the keychain on your original Mac) and as a good way to move the identities you need to your new Mac.

For all the other stuff, enable automatic code signing and let Xcode sort things out for you.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 6

dumbbunny OP

Jul ’21

Quinn, thank you again for all your help. It all works on the new M1 Mac-mini (cheapest one).

0