How many Certificates do I need?

Hi,

Over many years and changing computers a few times I seem to have collected lots of certificates. How many and what certificates do I need? I have:-

5 Developer ID Application macOS, all current.

2 Mac Installer Distribution macOS, all current.

1 Distribution for ALL, current.

3 Development for ALL, all current for 3 computers.

Can I delete most certificates and only keep 1 each for:-

1 Developer ID Application macOS.

1 Mac Installer Distribution.

1 Distribution ALL.

1 Development for the current computer I'm using now.

If I do that will xcode work it out without too much messing about?

Any help appreciated. Thanks Paul

Up vote post of dumbbunny Down vote post of dumbbunny
2k views
Posted by
dumbbunny
Reply
Add a Comment

Replies

Don't you buy a new machine with a fresh install for each minor update?

Posted by
EA7K
Up vote reply of EA7K Down vote reply of EA7K
Add a Comment

On a new machine I install everything fresh and copy the projects from the old computer to the new one. I don't know how I got so many certificates. Can I delete (revoke) most of them? I would like to get rid of those I don't need and simplify life.

Posted by
dumbbunny
Post not yet marked as solved Up vote reply of dumbbunny Down vote reply of dumbbunny
Add a Comment

WARNING Do not delete your Developer ID signing identities. These are precious, as I explain in this post.

If you find the extra signing identities to be annoying, you can archive the ones you’re not using. To do that, use Keychain Access to export each signing identity (Keychain Accesses uses the term My Certificates as a synonym for digital identity) to a .p12 file and then delete it from the keychain. That way you can bring them back if you ever need them for some reason.

IMPORTANT When you export you’ll be ask for a password to protect the .p12 file. Use a strong password there, and then save that somewhere safe, like in your password manager.

All the other stuff you mentioned in low value and Xcode’s automatic code signing is capable of fixing any damage you do (-:

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Eskimo, thank you very much for your help. But I do I tell the ones I'm not using?

I've just bought a M1 mac-mini and now want to move development to it (I still have another 2 computers that I use occasionally for development but wish to stop using them now as they are quite old, years-2010 and 2012). Any tips, so I dont mess up?

Regards, Paul

Posted by
dumbbunny
Up vote reply of dumbbunny Down vote reply of dumbbunny
Add a Comment

But I do I tell the ones I'm not using?

Which ones? Developer ID identities? It’s hard to say that definitively because the nature of Developer ID is that you can ship software independently.

Are your Developer ID identities all from the same team? You can confirm that in Keychain Access.

Any tips, so I dont mess up?

Use keychain access to export all of your Developer ID signing identities to .p12 files, as I described above. This serves as a backup (in case something goes wrong with the keychain on your original Mac) and as a good way to move the identities you need to your new Mac.

For all the other stuff, enable automatic code signing and let Xcode sort things out for you.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Quinn, thank you again for all your help. It all works on the new M1 Mac-mini (cheapest one).

Posted by
dumbbunny
Up vote reply of dumbbunny Down vote reply of dumbbunny
Add a Comment