Unable to Code Sign: errSecInternalComponent on macOS Sonoma 15.3

Hi Developer Community,

I'm encountering persistent code signing failures on macOS Sonoma 15.3 with a valid Developer ID Application certificate. The error occurs consistently across multiple certificate regenerations and various troubleshooting approaches.

Environment

  • macOS Version: Sonoma 15.3
  • Developer Account Type: Developer ID
  • Certificate Type: Developer ID Application
  • Certificate Details:
    • Developer ID Application certificate valid until 2027
    • Using SHA-256 with RSA Encryption
    • Certificate shows as valid in Keychain Access with associated private key

Error Message

Warning: unable to build chain to self-signed root for signer "Developer ID Application: [my certificate]"
[filename]: errSecInternalComponent

Steps to Reproduce

  1. Install certificate chain in order:

    • Apple Root CA (System keychain)
    • Apple WWDR CA (System keychain)
    • Developer ID CA (System keychain)
    • Developer ID Application certificate (Login keychain)
  2. Verify certificate installation:

security find-identity -v -p codesigning

Result shows valid identity.

  1. Attempt code signing with any binary:
codesign -s "Developer ID Application: [my certificate]" -f --timestamp --options runtime [filename]

Results in errSecInternalComponent error

Troubleshooting Already Attempted

  1. Regenerated Developer ID Application certificate multiple times from Developer Portal
  2. Completely removed and reinstalled entire certificate chain
  3. Verified trust settings on all certificates (set to "Always Trust" for code signing)
  4. Tried multiple codesign command variations including --no-strict flag
  5. Verified keychain integrity
  6. Installed latest Apple CA certificates from apple.com/certificateauthority
  7. Verified certificate chain is properly recognized by security verify-cert

Additional Information

  • All certificates show as valid in Keychain Access
  • Private key is properly associated with Developer ID Application certificate
  • Trust settings are correctly configured for all certificates in the chain
  • Problem persists after clean certificate installations
  • Error occurs with any binary I try to sign

Has anyone else encountered this issue on Sonoma 15.3? Any suggestions for resolving this system-level certificate trust chain issue would be greatly appreciated.

Thanks in advance!

I have a post that covers this topic — Resolving errSecInternalComponent errors during code signing — but it seems like you’ve gone through most of these steps already.

Written by TLD501 in 774616021
Regenerated Developer ID Application certificate multiple times from Developer Portal

Be very careful doing that. See The Care and Feeding of Developer ID for an explanation as to why.

Written by TLD501 in 774616021
Verified trust settings on all certificates (set to "Always Trust" for code signing)

Don’t do that. Code signing certificate should be trusted by default, so their trust settings can be left at the default value. Overriding the trust settings can mask other problems.

I recommend that you remove these overrides before continuing.

Developer ID certificates are issued by the Developer ID intermediate. Make sure that all of those are installed. You can get them from the Apple PKI page. Modern Developer ID certificates use the G2 variant, and I’ve seen the absence of that cause this problem.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

I have set trust back to system defaults and I have the DeveloperIDG2CA intermediate installed and im still unable to sign MyTrue. I was trying to follow your troubleshooting page but I fail at the first obstacle unlocking keychain and trying to sign Mytrue still results in a error

 % security unlock-keychain  
password to unlock default: 
% codesign --force --timestamp --sign "my hash" "MyTrue"
MyTrue: replacing existing signature
Warning: unable to build chain to self-signed root for signer "Developer ID Application: ,,,,,,,"
MyTrue: errSecInternalComponent

im very aware im probably doing something wrong I am at a loss.

Thank you for your reply

OK. I have one more diagnostic test for you to run.

If you create a new user account, log in as that, and then repeat the test as that user, do you have the same problem there?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Unable to Code Sign: errSecInternalComponent on macOS Sonoma 15.3
 
 
Q