App.xcodeproj: error: Revoke certificate: Your account already has an Apple Development signing certificate for this machine, but its private key is not installed in your keychain.
App.xcodeproj: error: No signing certificate "iOS Development" found: No "iOS Development" signing certificate matching team ID "T....." with a private key was found.
From the above error during build, I do not know what I am supposed to do to fix this issue. The build was working few days back and today it is giving this error.
Certificates, Identifiers & Profiles
RSS for tagDiscuss the technical details of security certificates, identifiers, and profiles used by the OS to ensure validity of apps and services on device.
Post
Replies
Boosts
Views
Activity
Is CertificateSigningRequest.certSigningRequest needed by Transporter for a very plain Mac application like the default Xcode Application App (from new Project) ?
Hi,
We developed a app for iPhone and Apple Watch. The app has been tested and it worked well on iPhone SE and Apple Watch Series 6 running earlier OS. We recently upgraded the Apple Watches to Series 9 & watchOS 10.5, and the iOS on the same iPhone is upgraded to 17.4.1. The app can still be built on the iPhone but when I tried to install the app on the new Apple Watch, it won't work and shows "This app cannot be installed because its integrity could not be verified." To make sure it's not a OS issue, I also upgraded the watchOS on the old Apple Watch Series 6 to 10.5 and the app worked. I wonder what cause the app fail on the newer Apple Watch running the same watchOS.
Thank you
Hi there
I don't see how to create a new certificate if I use a Windows computer. Can someone help? I must have created the previous one (that expired mid July) but I can't see how to do it now.
I am currently attempting to set up iOS app building via CI (using GitHub Actions). I would like to use automatic signing via xcodebuild -allowProvisioningUpdates and an App Store Connect API key. However, this will only work properly on the first CI run, since a certificate will be created, but is not available for subsequent runs since it is on a new machine (failing with Your account already has an Apple Development signing certificate for this machine, but its private key is not installed in your keychain).
Is there a way to do either of the following?
Via the CLI, generate a new p12 certificate on-demand which I can cache and add to the keychain for future signing
Make just the RSA private key available to xcode so that in the automated signing process, it can create a CSR with that key if needed and download the cer (which may already exist for that key) and generate the p12 on demand
Hi everyone,
I really hope someone here will be able to help me with this. Apologies if this is in the wrong section.
Disclosure: I find it very difficult to learn and to take on new concepts and ideas
I have been developing a game on the Mac using Gamemaker 2.3. I can run the game using a VM build (uses gamemakers own runtime to run interpreted code in a virtual machine) but I am having issues when I want to actually run a compiled version or create a test build.
To eliminate anything in my game causing the issue I have created a basic test project which also has the same issue.
I have copied the output log and will attach it here.
Output log
I have followed the gamemaker instructions to the best of my ability, and I have asked on th official forums and discord but I'm not getting any help at all other than "read the instructions".
Only one kind soul who admitted to not being a Mac dev suggested that I possibly need to check my certificates but couldn't tell me what exactly I need and when faced with pages of text my brain just goes into meltdown.
So here I am and I'm hoping some kind soul here will be able to help me in easy to understand language.
Many thanks in advance.
I am trying to validate my app (first one I have done). It is asking me to create a certificate buying Key chain. However, my MAC OS 15 and my phone iOS 18 use the new passwords app not key chain. So how do I get one? This is eh error I get
Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, value '' for key 'com.apple.developer.icloud-container-environment' in 'Payload/StopWatch.app/StopWatch' is not supported. This value should be a string value of 'Production' (ID: c50d0cec-b221-4621-bc72-fa3c5b07200e)
Hi all,
one newbie-question only, as I din't understand the basics yet:
Do I need to be paying member of the dev programm to get an application for MacOS running on third pleoples Macs?
As far as I understand, I need to run a "notarization" of the app. Forthat I need a certificate - and that is available to dev members. maybe to paying members only ..
Thanks in advance for your hints. :)
My enterprise distribution certificate was revoked accidentally by someone. Although I created a different certificate and using it i want to trace the person responsible.
At some point I had to renew my Mac App Store certificates, so I've done so, and now that I'm attempting to build for submission to the app store, I'm getting: "No certificate for team 'My Name' matching '3rd Party Mac Developer Application: My Name (MY_ID)' found".
But where to get a 3rd Party Mac Developer Application certificate? Under Xcode's "Manage Certificates", there is no "3rd Party Mac Developer Application" under the "+" button.
There are only:
Apple Development
Apple Distribution
Mac Installer Distribution
Developer ID Application
Developer ID Installer
(all of which I have).
I’m facing the dreaded codesign command fails with 'errSecInternalComponent' and looking for some guidance.
I have removed the “Apple World Wide Developer Relations Authority” certificate that expired in 2023 from both the Login and System Keychain and have downloaded the latest intermediate certificates I found. I have verified all the Trust Settings are configured to “Use System Default”.
I did the basic codesign check suggested in an earlier post [https://forums.developer.apple.com/forums/thread/712005]:
% security find-identity -p codesigning
Policy: Code Signing
Matching identities
675CE18312BFBE2735918BA897908D20DB0A774D "Apple Development: Peter Sichel (537G2NTM55)"
1 identities found
Valid identities only
675CE18312BFBE2735918BA897908D20DB0A774D "Apple Development: Peter Sichel (537G2NTM55)"
1 valid identities found
% cp "/usr/bin/true" "MyTrue"
% codesign -s "Apple Development" -f "MyTrue"
MyTrue: replacing existing signature
MyTrue: errSecInternalComponent
——
It seems I’m still missing something. What else can I check to debug the problem?
I've followed all the posts (most of which are fairly stale).
I've generated dozens of certificates both for "Apple Development" and "Apple Distribution", created several profiles of "iOS App Development" and "App Store Connect".
Up until now I have had very little problem installing my app (generated using Ionic/Capacitor v5/Angular v16, Xcode 15.4, macos 14.6).
Now when I try to install directly on a test device (I've used regularly, previously), I get "Failed to verify code signature of... The identity used to sign the executable is no longer valid..."
I've restarted Xcode and macbook. I've deleted all certificates and revoked all profiles, and started over.
I have tried using automatic signing and manual signing.
Nothing is working.
I just want be able to install the app on a test device (mostly to see logs in Xcode's console), and to be able to upload the same app to appstoreconnect.
What am I doing wrong?
I had used the bulk uploading template for uploading UDIDs for multiple iPads (43) to create a ad hoc provisioning profile , however I had mentioned only iOS in platform section while bulk uploading and everything got registered in the apple developer platform. Is there anyway for me to re-upload / change the platform to include iPadOS as well. As all my devices are iPads
I created a distribution profile (many, many, many times now) but no matter what I do, when I go to Accounts under Xcode it lists it there, no problem, but when I go to VS for Mac or even VS Code the distribution profile simply doesn't seem to exist.
In VSCode it just doesn't;t appear as an option but in VS For Mac it at least tells me that "No valid profile was found" and it instructs me to make sure everything is setup properly. Normally when this happens I delete every single last key and certificate from KeyChain and on the Apple dev portal and I start from scratch making sure to add all my devices, creating a new certificate using a new CSR, selecting Apple Distribution and... nope, Xcode sees it just fine, bat I can't build any MAUI apps because "No valid profile was found"
Once in a while, doing the same thing for the n-th time actually works and lo-and-behold there is the profile! Hallelujah! Then I install the latest version of MacOS or Xcode or Visual Studio and poof goes my profile.
So I create it again and no luck. So I delete it and this time say "iOS publishing only, please" and lo and behold the profile appears... then I go to sleep / drink a coffee / reboot / think of pizza and lo-and-behold my profile is gone again.
I restart the entire process deleting everything and after n attempts it finally shows ... until it doesn't, any more.
When it comes to development, I click a button and the app is on my phone. When it comes to TestFlight it takes me weeks to get a profile visible so I can send it to Apple.
Now as an added bonus the "Archive for distribution" option vanished from VS For Mac also. Fun. This prompted me to try and use VS Code, which is when I found that I have the same problem there as I do in VS For Mac.
So the TL;DR version is that VS For Mac has a simple GUI interface while VS Code requires a simple keyboard shortcut before clicking the mouse a few times, both apps make life super simple... but neither can do the job of generating a distribution build because neither can see the distribution certificate. The only thing that can see it is Xcode
What am I doing wrong? Why does it take weeks of doing the same thing over and over, praying for different results, only to be blessed with a success every n-th time lasting for n2 days before the loop restarts?
I have a Safari Extension deployed to test flight built and deployed using CLI tools in Azure Devops. It appears to be building, signing, and deploying properly. But when users try to install on TestFlight, they see an error saying something about an invalid provisioning profile. This seems to just be on the "installer" portion of the app. The extension shows up in safari settings and is otherwise useable. The users just aren't seeing the splash screen that instructs them to go to Safari Settings.
I'm not really sure what's wrong here. This is what my build pipeline looks like
- task: Bash@3
displayName: "Build export.plist file"
inputs:
targetType: 'inline'
script:
/usr/libexec/PlistBuddy -c "Add :method string mac-application" $(Pipeline.Workspace)/export.plist &&
/usr/libexec/PlistBuddy -c "Add :provisioningProfiles dict" $(Pipeline.Workspace)/export.plist &&
/usr/libexec/PlistBuddy -c "Add :provisioningProfiles:$(APP_IDENTIFIER) string $(InstallDistProvisioningProfile.provisioningProfileUuid)" $(Pipeline.Workspace)/export.plist &&
/usr/libexec/PlistBuddy -c "Add :signingCertificate string '$(InstallDistCerts.signingIdentity)'" $(Pipeline.Workspace)/export.plist &&
/usr/libexec/PlistBuddy -c "Add :signingStyle string manual" $(Pipeline.Workspace)/export.plist &&
/usr/libexec/PlistBuddy -c "Add :teamID string $(APPLE_TEAM_ID)" $(Pipeline.Workspace)/export.plist &&
/usr/libexec/PlistBuddy -c "Add :iCloudContainerEnvironment string Production" $(Pipeline.Workspace)/export.plist &&
/usr/libexec/PlistBuddy -c "Add :stripSwiftSymbols bool true" $(Pipeline.Workspace)/export.plist &&
/usr/libexec/PlistBuddy -c "Add :compileBitcode bool false" $(Pipeline.Workspace)/export.plist
- task: Xcode@5
displayName: "Build Safari Extension"
inputs:
action: "archive"
sdk: "macosx"
packageApp: true
xcodeVersion: "15"
args: "-verbose CODE_SIGNING_REQUIRED=Yes CODE_SIGNING_ALLOWED=Yes"
exportOptions: "plist"
exportOptionsPlist: '$(Pipeline.Workspace)/export.plist'
exportMethod: "mac-application"
archivePath: '$(Build.ArtifactStagingDirectory)/SafariDesktopExtension.xcarchive'
signingOption: "default"
- script: |
xcodebuild -exportArchive \
-archivePath $(Build.ArtifactStagingDirectory)/SafariDesktopExtension.xcarchive \
-exportPath $(Build.ArtifactStagingDirectory) \
-exportOptionsPlist $(Pipeline.Workspace)/export.plist
displayName: 'Export Distribution-signed App'
- task: DownloadSecureFile@1
displayName: "Download Provisioning Profile"
name: downloadProvisioningProfile
inputs:
secureFile: $(PROVISIONING_PROFILE_DIST)
- script: |
cp "$(downloadProvisioningProfile.secureFilePath)" "$(Build.ArtifactStagingDirectory)/SafariDesktopExtension.app/Contents/embedded.provisionprofile"
displayName: "Embed provisioning profile in Top-Level Executable"
- script: |
cp "$(downloadProvisioningProfile.secureFilePath)" "$(Build.ArtifactStagingDirectory)/SafariDesktopExtension.app/Contents/PlugIns/SafariDesktopExtension Extension.appex/Contents/embedded.provisionprofile"
displayName: "Embed provisioning profile in Extension"
- script: |
codesign --deep --force --verify --verbose --sign "$(InstallDistCerts.signingIdentity)" --entitlements "$(rootFolder)/safari/SafariDesktopExtension/SafariDesktopExtension/SafariDesktopExtension.entitlements" $(Build.ArtifactStagingDirectory)/SafariDesktopExtension.app
displayName: "Codesign"
- task: Bash@3
displayName: "Package Application"
inputs:
targetType: "inline"
script: |
productbuild --sign "$(InstallInstallerCert.signingIdentity)" --component "$(Build.ArtifactStagingDirectory)/SafariDesktopExtension.app" /Applications "$(Build.ArtifactStagingDirectory)/SafariDesktopExtension.pkg"
I'm sure there's a bit of garbage here as I'm new to developing in the apple ecosystem. But it appears to work and the resulting .pkg can be submitted successfully.
Effectively, that's building an archive using a plist for export options, exporting the archive for distribution, copying the distribution provisioning profile for the top-level executable (the one that's not working) and the extension itself, code signing, and packaging using the installer cert.
The provisioning profile (attached to a Mac distribution certificate) mentioned has the correct application identifier and matches the entitlements.
I'm not really sure what's going on here and the generic "invalid provisioning profile" error isn't helping. Any help would be appreciated. I'd also love to know if this could hold up a release.
I have applied for the app push provider permission in the Network Extension entitlement, but have not received a response yet. How long does it take to apply for authorization?
Hello there, I need guidance understanding what some certificates are related to.
a) On my Apple developer page home I see that RENEWAL date for my apple developer enterprise program subscription is 2024-october-10
b) in devices section, there is a banner showing that my membership will EXPIRE on 2024-october-09
c) in certificates section I have 6 "development" certificates expiring in multiple dates from 2024-october-11 to 2025-may-22.
these ones are "certificate Type - development" and **"certification name with my personal name" **
none of dates in certificates section matches exactly renewal or expiring dates for my apple developer page subscription or profile certificate.
why dates in a and b are different?
what are certificates in certificates section (those mentioned in "c") ? they seems different from "mac development" and such. What happens if they expire?
thank you in advance.
Runner has conflicting provisioning settings.
Runner is automatically signed, but code signing identity Apple Development: my dev account has been manually specified. Set the code signing identity value to "Apple Development" in the build settings editor, or switch to manual signing in the Signing & Capabilities editor.
How to fix it nah
I uploaded the ipa package to the Apple Developer Center, and it keeps showing the error "Asset validation failed (90161): Invalid Provisioning Profile." The provisioning profile included in the com.ttlock.roommaster bundle (Payload/keeperapp) is invalid. [Missing code-signing certificate]. It says that my certificate is invalid, but I have created it many times and followed all the procedures correctly. However, I still cannot upload it successfully! I don't know how to solve this problem.
Hello, I have a problem signing the application.
I'm trying to sign 3rd Party Mac Developer Installer, but it says Invalid:
➜ Desktop productbuild --component TechView.app /Applications --sign "3rd Party Mac Developer Installer: KARLOS KORTES ()" --product TechView.app/Contents/Info.plist TechView.pkg
productbuild: Adding component at /Users/wildwolf/Desktop/TechView.app
productbuild: Signing product with identity "3rd Party Mac Developer Installer: KARLOS KORTES ()" from keychain /Users/wildwolf/Library/Keychains/login.keychain-db
productbuild: Adding certificate "Apple Worldwide Developer Relations Certification Authority"
productbuild: Adding certificate "Apple Root CA"
productbuild: Wrote product to TechView.pkg
productbuild: Supported OS versions: [Min: 10.13, Before: None]
➜ Desktop xcrun notarytool submit TechView.pkg --key /Users/wildwolf/Desktop/AuthKey_26Z7J3RBZQ.p8 --key-id 26Z7J3RBZQ --issuer 2af626b1-ffca-4ec1-b9d0-cb1bbdc94742 --wait
Conducting pre-submission checks for TechView.pkg and initiating connection to the Apple notary service...
Submission ID received
id: 3cbfd59c-69a9-42e9-8fd9-074aee705ab9
^Rload progress: 60.47 % (33.4 MB of 55.2 MB)
^Rload progress: 61.49 % (33.9 MB of 55.2 MB)
Upload progress: 100.00 % (55.2 MB of 55.2 MB)
Successfully uploaded file
id: 3cbfd59c-69a9-42e9-8fd9-074aee705ab9
path: /Users/wildwolf/Desktop/TechView.pkg
Waiting for processing to complete.
Current status: Invalid......................
Processing complete
id: 3cbfd59c-69a9-42e9-8fd9-074aee705ab9
status: Invalid
When I sign the Developer ID Installer, everything goes well:
➜ Desktop productbuild --component TechView.app /Applications --sign "Developer ID Installer: KARLOS KORTES ()" --product TechView.app/Contents/Info.plist TechView.pkg
productbuild: Adding component at /Users/wildwolf/Desktop/TechView.app
productbuild: Using timestamp authority for signature
productbuild: Signing product with identity "Developer ID Installer: KARLOS KORTES ()" from keychain /Users/wildwolf/Library/Keychains/login.keychain-db
productbuild: Adding certificate "Developer ID Certification Authority"
productbuild: Adding certificate "Apple Root CA"
productbuild: Wrote product to TechView.pkg
productbuild: Supported OS versions: [Min: 10.13, Before: None]
➜ Desktop xcrun notarytool submit TechView.pkg --key /Users/wildwolf/Desktop/AuthKey_26Z7J3RBZQ.p8 --key-id 26Z7J3RBZQ --issuer 2af626b1-ffca-4ec1-b9d0-cb1bbdc94742 --wait
Conducting pre-submission checks for TechView.pkg and initiating connection to the Apple notary service...
Submission ID received
id: ad1ecc74-5445-43e1-9d45-30b14f0e7132
Upload progress: 100.00 % (55.2 MB of 55.2 MB)
Successfully uploaded file
id: ad1ecc74-5445-43e1-9d45-30b14f0e7132
path: /Users/wildwolf/Desktop/TechView.pkg
Waiting for processing to complete.
Current status: Accepted........................
Processing complete
id: ad1ecc74-5445-43e1-9d45-30b14f0e7132
status: Accepted
Certificates in the system:
➜ Desktop security find-identity -p codesigning -v
E6E85E18DB601386F0B6DCDBA728D31BAD2A19F2 "Apple Development: KARLOS KORTES (**************)"
3CC85A4F196339D3B23DF6A5D2519F427D89BA75 "Apple Distribution: KARLOS KORTES (**************)"
351BA454290A9ACAC14DC3D7B3491BAF81CD4CA1 "Developer ID Application: KARLOS KORTES (**************)"
3 valid identities found
➜ Desktop security find-identity -p codesigning -v
E6E85E18DB601386F0B6DCDBA728D31BAD2A19F2 "Apple Development: KARLOS KORTES (**************)"
3CC85A4F196339D3B23DF6A5D2519F427D89BA75 "Apple Distribution: KARLOS KORTES (**************)"
351BA454290A9ACAC14DC3D7B3491BAF81CD4CA1 "Developer ID Application: KARLOS KORTES (**************)"
3 valid identities found
➜ Desktop security find-identity -p basic -v
B7D14C5A225C2D08A78F10801DF5FBD600F41977 "3rd Party Mac Developer Installer: KARLOS KORTES (**************)" (CSSMERR_TP_CERT_REVOKED)
1F4AB0AE48760BA22F17AFB1E488D7A5F3AA1C72 "3rd Party Mac Developer Installer: KARLOS KORTES (**************)"
E6E85E18DB601386F0B6DCDBA728D31BAD2A19F2 "Apple Development: KARLOS KORTES (**************)"
3CC85A4F196339D3B23DF6A5D2519F427D89BA75 "Apple Distribution: KARLOS KORTES (**************)"
036AB7D7CD8862B5C6EA2B759ADB69E88C3B9F30 "Developer ID Installer: KARLOS KORTES (**************)"
351BA454290A9ACAC14DC3D7B3491BAF81CD4CA1 "Developer ID Application: KARLOS KORTES (**************)"
6 valid identities found
What have I tried already, reinstalled, deleted, added new certificates, but the signature with 3rd Party Mac Developer Installer does not work, what am I doing wrong?