Hi Developer Community,
I'm encountering persistent code signing failures on macOS Sonoma 15.3 with a valid Developer ID Application certificate. The error occurs consistently across multiple certificate regenerations and various troubleshooting approaches.
Environment
- macOS Version: Sonoma 15.3
- Developer Account Type: Developer ID
- Certificate Type: Developer ID Application
- Certificate Details:
- Developer ID Application certificate valid until 2027
- Using SHA-256 with RSA Encryption
- Certificate shows as valid in Keychain Access with associated private key
Error Message
Warning: unable to build chain to self-signed root for signer "Developer ID Application: [my certificate]"
[filename]: errSecInternalComponent
Steps to Reproduce
-
Install certificate chain in order:
- Apple Root CA (System keychain)
- Apple WWDR CA (System keychain)
- Developer ID CA (System keychain)
- Developer ID Application certificate (Login keychain)
-
Verify certificate installation:
security find-identity -v -p codesigning
Result shows valid identity.
- Attempt code signing with any binary:
codesign -s "Developer ID Application: [my certificate]" -f --timestamp --options runtime [filename]
Results in errSecInternalComponent error
Troubleshooting Already Attempted
- Regenerated Developer ID Application certificate multiple times from Developer Portal
- Completely removed and reinstalled entire certificate chain
- Verified trust settings on all certificates (set to "Always Trust" for code signing)
- Tried multiple codesign command variations including --no-strict flag
- Verified keychain integrity
- Installed latest Apple CA certificates from apple.com/certificateauthority
- Verified certificate chain is properly recognized by security verify-cert
Additional Information
- All certificates show as valid in Keychain Access
- Private key is properly associated with Developer ID Application certificate
- Trust settings are correctly configured for all certificates in the chain
- Problem persists after clean certificate installations
- Error occurs with any binary I try to sign
Has anyone else encountered this issue on Sonoma 15.3? Any suggestions for resolving this system-level certificate trust chain issue would be greatly appreciated.
Thanks in advance!