Mismatch of TeamID while creating development certificate

Hi Team,

I have created multiple certificates for macOS application. Below are the certificates created-

  1. Apple Development Certificate
  2. DeveloperID Installer Certificate
  3. Apple Distribution Certificate
  4. others certificates

Later, I have imported the all these above certificates in keychain-access. Now, I tried to compile the code through Xcode. I am getting error for code signing certificate.

Warning: unable to build chain to self-signed root for signer "Apple Development: Amit (M2WMF2YERI)” .... Command CodeSign failed with a nonzero exit code

When I checked the TeamID of User(Amit) I can see that his current TeamID is [P8ZW3W9R2Q]. There is mismatch of teamID in apple development certificate generation. Note-

  1. All certificates are generated with current TeamID[P8ZW3W9R2Q] of user (Amit) except Apple Development certificate which has been generated with TeamID [M2WMF2YERI] which is generated with old TeamID of user (Amit).

  2. I attempted to generate the apple development certificate multiple times but it is getting generated with old TeamID TeamID[M2WMF2YERI] of user(Amit)


Summary- While creating a developer certificate using apple developer account and mapping it in keychain, the certificate is being generated with old apple account details (Inactive) instead of the current one. This is causing issues when using the certificate in keychain.

If anyone has encountered this issue, how it was resolved?


Answered by DTS Engineer in 825469022

Apple uses 10 character alphanumeric identifiers in a number of places, and you’re mixing up two of those uses. Consider this:

% security find-identity -v
  1) … "Developer ID Application: Quinn Quinn (SKMME9E2Y8)"
  2) … "Developer ID Installer: Quinn Quinn (SKMME9E2Y8)"
  3) … "Apple Distribution: Quinn Quinn (SKMME9E2Y8)"
  4) … "3rd Party Mac Developer Installer: Quinn Quinn (SKMME9E2Y8)"
  6) … "Apple Development: Quinn Quinn (EW7W773AA7)"
  …

Here, SKMME9E2Y8 is my Team ID. Note how all of my certificates use that inside the parens except Apple Development. That’s because:

  • My Apple Development signing identity is tied to me as an individual.

  • The others are tied to my team.

So, the EW7W773AA7 value is a unique ID associated with my user; it’s not meant to be my Team ID.

To see the Team ID for any certificate, preview the certificate (in Keychain Access, Xcode, Finder, and so on) and look in the Organisational Unit field.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Apple uses 10 character alphanumeric identifiers in a number of places, and you’re mixing up two of those uses. Consider this:

% security find-identity -v
  1) … "Developer ID Application: Quinn Quinn (SKMME9E2Y8)"
  2) … "Developer ID Installer: Quinn Quinn (SKMME9E2Y8)"
  3) … "Apple Distribution: Quinn Quinn (SKMME9E2Y8)"
  4) … "3rd Party Mac Developer Installer: Quinn Quinn (SKMME9E2Y8)"
  6) … "Apple Development: Quinn Quinn (EW7W773AA7)"
  …

Here, SKMME9E2Y8 is my Team ID. Note how all of my certificates use that inside the parens except Apple Development. That’s because:

  • My Apple Development signing identity is tied to me as an individual.

  • The others are tied to my team.

So, the EW7W773AA7 value is a unique ID associated with my user; it’s not meant to be my Team ID.

To see the Team ID for any certificate, preview the certificate (in Keychain Access, Xcode, Finder, and so on) and look in the Organisational Unit field.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Mismatch of TeamID while creating development certificate
 
 
Q