I got an email from Apple, "Your Developer ID Installer Certificate will no longer be valid in 30 days". So I went to my certificates page on developer.apple.com, and I see the attached photo.
Basically, yes, I have a Developer ID Installer Certificate that expires 2023/07/01; but I also have one that expires 2025/12/08, and one that expires 2026/01/09, and one that expires 2026/12/15, and another that expires 2026/12/16! Why do I have all these certificates? I have no idea. There is a "+" button to add a new one; but given that I already seem to have ones that won't expire for several more years, do I need to? There does not seem to be a "-" button, or any way to clear out this cruft.
I then recalled that perhaps I have managed my certificates in Xcode in the past, not on this page (or maybe I have done both, at different times?). So I went to Xcode, and things seem to be rather a mess there too, but in a different way (second image attached).
Here, I seem to have lots of stale certificates that are in gray and say "Not in Keychain" – how do I clear those out? Again there does not seem to be a "-" button. And the newer ones that I saw on developer.apple.com do not seem to be listed here, maybe – it's hard to compare, though, because on developer.apple.com it shows the expiration date but not creation date, whereas in Xcode it shows creation date but not expiration date.
What should I do? Note that I am not a member of multiple different teams, or anything like that; I'm a solo developer. This stuff is really confusing and does not seem to be well-documented anywhere that I have found. Am I just being dense?
Certificates, Identifiers & Profiles
RSS for tagDiscuss the technical details of security certificates, identifiers, and profiles used by the OS to ensure validity of apps and services on device.
Post
Replies
Boosts
Views
Activity
Hi,
I created a developer id certification from my apple developer account a couple of year ago and downloaded it as .cer file into my Laptop. Now I want to use this certificate to sign my application, but unfortunately Xcode shows an error message like 'Missing Private Key" and I can also see that there is no private key under my developer id certificate(there is no grey arrow to expand to see private cer) in keychain access. Moreover my developer account is expired and I do not want to extend it yet so unfortunately no solutions with apple developer account will work like creating a new certification etc.
Do you have any other solutions like using Keychain Access or Xcode to link my private key again into my developer id certificate?
Note:
1-.cer file was created on my laptop by me, which I am using now. So I would expected that the related private key should already exist in my Keychain Access(if I did not delete it mistakenly.) but I do not know which private key is the relevant one, I have several of them.
2-I have also a CertificateSigningRequest.certSigningRequest file which was copied near my .cer file. Maybe it could be useful for a solution?
3-No! unfortunately I do not have any .p12 file.
4-I had already installed current AppleWWDRCAG3 file before I import my .cer file into my Keychain Access Tool.
5-Get Info shows that my cer file is still valid till sep 2025.
6- I have already restarted my Xcode and laptop.
7-I tried all solutions here:
https://stackoverflow.com/questions/12867878/missing-private-key-in-the-distribution-certificate-on-keychain
8-https://developer.apple.com/account/resources/ shows me no certificate with the reason that my membership expired
9-I removed and re-added my apple account into Xcode. the same error occurred.
XCODE:Version 15.3 (15E204a)
OSX:macOS Sonoma 14.2.1
Thanks a lot in advance.
If I develop my app with an SDK(binary) that other person developped and then the SDK certificate has expired,Can I submit my app to app store?
Or should I get a new SDK with updating certificate?
Hello,
I am setting up a build (Gitlab CICD) runner. I create a keychain and imported certificate and my signing key.
$ security find-identity -v
XXXXXX "Developer ID Application: XXXXXX, INC. (XXXXXX)" (CSSMERR_TP_NOT_TRUSTED)
1 valid identities found
$ security find-identity -p codesigning -v
XXXXXX "Developer ID Application: XXXXXX, INC. (XXXXXX)"
1 valid identities found
Codesign fails with
unable to build chain to self-signed root for signer "Developer ID Application: XXXXXX, INC. (XXXXXX)" errSecInternalComponent
On the local machine everything is fine.
I think the point is that the identity is both valid and CSSMERR_TP_NOT_TRUSTED.
What can I do about it?
Electron-Builder Version: 24.12.0
Electron-Builder-notarize Version: 1.5.1
Node Version: v15.14.0
Electron Version: 11.3.0
Electron-updater version: ^4.3.5
Target: Mac Apple Store (mas)
Hello, I am trying to build and sign a new version of my electron app for the mac apple store (mas), but when I get to the final step of uploading the RenderTune.pkg file to the mac transporter app, I get a failed status with 22 errors all the same formatting like so:
Asset validation failed (90284)
Invalid Code Signing. The executable 'com.martinbarker.digifyunique.pkg/Payload/RenderTune.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/etc....dylib' must be signed with the certificate that is contained in the provisioning profile. (ID: abc-abc-abc-abc-abc)
In order to build and sign this RenderTune.pkg file, first I run the command npm run build-mas locally while on branch v1.1.5 ( code here )
Which runs the following command:
"build-mas": "electron-builder build --mac && sh signmasscript.sh",
So first it runs electron-builder build --mac and gives this output:
Martins-MacBook-Air:rendertune-v1.1.5-feb-24 martinbarker$ npm run build-mas
> rendertune@1.1.5 build-mas
> electron-builder build --mac && sh signmasscript.sh
• electron-builder version=24.12.0 os=20.6.0
• loaded configuration file=package.json ("build" field)
• writing effective config file=dist/builder-effective-config.yaml
• packaging platform=darwin arch=x64 electron=11.3.0 appOutDir=dist/mac
• signing file=dist/mac/RenderTune.app platform=darwin type=distribution identity=ACBACBACBACBACBACBACBACBACB provisioningProfile=none
• skipped macOS notarization reason=`notarize` options were not provided
• building target=DMG arch=x64 file=dist/RenderTune-mac.dmg
• building target=macOS zip arch=x64 file=dist/RenderTune-mac.zip
• building block map blockMapFile=dist/RenderTune-mac.dmg.blockmap
• building block map blockMapFile=dist/RenderTune-mac.zip.blockmap
Completes without issue. The next part is running the signmasscript.sh file, which does complete but gives these errors:
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
productbuild: Adding component at /Users/martinbarker/Documents/projects/rendertune-v1.1.5-feb-24/dist/mas/RenderTune.app
productbuild: Signing product with identity "3rd Party Mac Developer Installer: Martin Barker (LV6WXG529F)" from keychain /Users/martinbarker/Library/Keychains/login.keychain-db
productbuild: Adding certificate "Apple Worldwide Developer Relations Certification Authority"
productbuild: Adding certificate "Apple Root CA"
productbuild: Wrote product to /Users/martinbarker/Documents/projects/rendertune-v1.1.5-feb-24/RenderTune.pkg
productbuild: Supported OS versions: [10.10.0, )
The final output RenderTune.pkg file gives 22 error messages saying `` when I try to deliver it via the mac os transport app.
Asset validation failed (90284)
Invalid Code Signing. The executable must be signed with the certificate that is contained in the provisioning profile
Is my app even being signed correctly? Or is there just one file that I need to fix? Please help me out !
I am having trouble with my Team/Bundle Identifier and the iOS box right under it in Signing & Capabilities. I went and tried to add my device to the apple developer website but it was already logged in. If anyone can help me that would be most appreciated.
I'm not able to run my app on my device as Xcode is unable to create a provisioning profile for my app without the paid developer membership.
I followed the troubleshooting steps on stack overflow here but to no avail.
Any help?
Hi , In one of our application we are having issues of bundle Id mismatch in the distribution profile. Say there are two applications X and Y.
Issue Description : On the developer portal inside the distribution profile the App Id shown is correct I.e of X but when we download the distribution profile and open it in the textedit we can see that the bundle id is of another application i.e of Y .
Due to which are are unable to submit or upload the application.
Note: Both of them have contact notes as additional permission.
I've installed the same developer certificate onto three different Macs.
When viewed in the keychain (or in Xcode) on one Mac it says its revoked, on another it says its not trusted, but on a third there's no issue reported.
How could there be a difference between the three Macs?
(Both Macs have the date/time set to be the same).
Can 3rd party software, VPNs etc. interfere in this at all?
Learn how code signing uses certificates to identify code authors.
View Technote TN3161 >
I want to update the provisioning profile from the developer account.
There were errors in the data supplied. Please correct and re-submit.
No value was provided for the parameter 'appIdId'. No value was provided for the parameter 'provisioningProfileName'.
Does anyone know how to fix this error?
I've developed a Java application for ad hoc distribution, not intended for the Apple Store. Using the jpackage utility and the parameters...
--mac-sign
--mac-signing-keychain
--mac-signing-key-user-name
...I'm able to point the software to a signing certificate.
My problem is that jpackage requires a certificate with a "Developer ID Application" type/prefix, and I'm not authorized to create a certificate of this type, as "This operation can only be performed by the account holder."
I thought it might be sufficient to create a "Distribution" certificate, since this allows a developer to "Sign your iOS, iPadOS, macOS, tvOS, watchOS, and visionOS apps for release testing using Ad Hoc distribution or for submission to the App Store." However, there doesn't appear to be any way to get jpackage to accept anything other than a "Developer ID Application" -prefixed certificate.
I gather from this, and the fact that the Developer ID Application certificate is described as "This certificate is used to code sign your app for distribution outside of the Mac App Store," that this is the only type of "legitimate" security certificate Apple will accept when launching out-of-store apps. I'm not certain of this, however, and I'd like to be certain before pestering my client about it.
My questions are:
Is a "Developer ID Application" certificate specifically required, or can I sign the app using, e.g., a "Distribution" certificate without issues?
If a "Developer ID Application" certificate is required, is it possible for my client (the "Account Holder") to grant me access to download it and use it?
If a "Developer ID Application" certificate is required, what exactly is a "Distribution" certificate good for? Why isn't it sufficient to distribute software?
If I can sign the app using a Distribution certificate, is there a way to force jpackage to do this, or do I have to it manually using, e.g., codesign ex post facto?
Note that this issue has cropped up before on this thread, but the developer there ultimately found his developer ID certificate and the discussion was abandoned before any answers were forthcoming.
I'm working on a macOS app that uses a JSContext and I want to debug it with the Safari Web Inspector.
According to Session 402 at WWDC 2016 the following entitlement is required:
<key>com.apple.webinspector.allow</key>
<true/>
This is easy enough to add, but it causes the app to crash at launch with a code signing issue. The console shows that taskgated-helper is reporting just before the crash:
Unsatisfied entitlements: com.apple.webinspector.allow
For anyone who finds this, here's what you need to know:
https://webkit.org/blog/13936/enabling-the-inspection-of-web-content-in-apps/
Basically, there's now a inspectable property on both the WKWebView and JSContext. Unfortunately, there's no mention of the old entitlement in the WebKit blog post, so it's impossible for folks using the old technique to find.
Hopefully this post will bridge this gap.
It also might be something for @eskimo to add to his (always helpful) code signing documentation.
-ch
Hi,
I have upgraded my Mac to Sonoma and for some reason I get lost now when backup up a certificate.
As I wasn't able to import my old certificate (exported as p12, but this is another issue) I started from scratch.
I have created from KeyChain a new CertificateSigningRequest. Then I've uploaded it to the Apple Developer Portal and created a new certificate, that I have successfully downloaded as cer file.
Now, I would like to save the certificate, including the private key.
From KeyChain, I don't get a Reveal option to be able to export the private key of my certificate. Was it available in old versions of KeyChain, and now not anymore? Or my certificate doesn't have the private key? (imo this doesn't make sense at all)
So I right click on the certificate but I can't export as p12 file, with the private key:
Can please anyone refer me to the official documentation about this? (I have searched for it, but unable to find anything)
I am trying to register my iPad as a device on the developer portal but it keeps declaring it as an iMac. Do you know if this is a typical problem?
I have a strange problem and I don't know what's causing it
A year ago, I purchased this account and created a certificate and it was working successfully, but its time expired on 1/8/2024, and I want to create a new one in order to update my applications. So I went to create a new certificate of type (iOS Distribution) and it was downloaded successfully, and when I called it in the (Keychain access) program in order to convert it to (.P12) instead of (.cer). But the program refuses to recall it, and I choose the (Local Item) section.
thus :
But when the file is dragged or double-clicked while I am standing in the (Login) section, the certificate is summoned successfully, and here the real problem begins. It is assumed that in order for me to convert the certificate from (cer) to (p12), there must be an arrow next to the certificate so that the key appears so that it can be pressed. Right-click, then we choose Export, and then we choose (p12). This happens because there is no arrow next to the certificate, and also when I By clicking on the certificate to export it, I am not allowed to choose (p12).
How can I convert the file successfully because I want to update my applications, which is very important.
I am stuck. I have an iPadOS app that installs and calls a DEXT. I have a provisioning file for the DEXT and another for the app. Xcode shows me that the respective provisioning files match the bundle ids and that the entitlements and provisions match up. I have a developer certificate (two, actually) on the iPad. Xcode shows me, via "Devices" that the provisioning files are installed. When I try to run the app, I get:
0x16d3db000 +[MICodeSigningVerifier _validateSignatureAndCopyInfoForURL:withOptions:error:]: 78: Failed to verify code signature of /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.vyncZ7/extracted/USBApp.app/SystemExtensions/w1ebr.MUUI.ipadOS.driver.dext : 0xe8008015 (A valid provisioning profile for this executable was not found.)
I don't know what to check next.
I’m developing this tvOS app, and it builds and runs fine locally in Simulator.
However, when I do Product > Archive (so I can upload it to app store later), it fails with error in the screenshot.
Looks like Xcode is trying to sign the app with a certificate, but could not find a valid profile to do so.
Since I don't have a physical Apple TV device, I'm unable to add an Apple TV to the Devices list on developer.apple.com, thus unable to create a profile.
Is the any way around this issue to archive my tvOS app?
I send a macOS app build to appStoreConnect. The app is displayed inside TestFlight but when I click on it to open it, two modal appear.
The first one:
the application "AppName" can't be opened. -10673
The second one:
"AppName" No longer Available. The beta app, AppName, is no longer available. The provisioning profile is invalid.
I followed the following step before uploading the app archive:
I made sure to purge my Mac from all the old provisioning profile
having all my provisioning profile from my apple developer account valid
retrieve provisioning profile Xcode settings > Accounts to export an archive.
I choose TestFlight & App Store to send the Archive.
I am still no understanding which part of my provisioning profiles are not valid, I would love to have insight about it or a way to fix the issue.
Hi,
Xcode Cloud just started failing with with this error. I can archive builds just fine locally in Xcode. Using Xcode 14.3.1. All my certs on my developer portal are current.
2024-01-02T16:26:44.707563433Z Error Domain=DeveloperAPIServiceErrorDomain Code=5 "There is a problem with the request entity" UserInfo={IDEDistributionIssueSeverity=3, NSLocalizedDescription=There is a problem with the request entity, NSLocalizedRecoverySuggestion=You already have a current Development Managed certificate or a pending certificate request.}
2024-01-02T16:26:44.707568258Z
2024-01-02T16:26:44.707575827Z error: exportArchive: No signing certificate "iOS Development" found
The post at https://developer.apple.com/forums/thread/734179 is similar but without a resolution.
Any help would be appreciated.
Thank you.