5 Replies
      Latest reply on Dec 28, 2017 10:40 AM by jacargentina
      Velocedge Level 1 Level 1 (0 points)

        I'm trying to update an app.  It's acceptted by the Application Loader but soon afterwards I get an email that says:

         

        Invalid Signature - The binary with bundle identifier 'com.velocedge.hypothesistesting' at path [Hypothesis.app] contains an invalid signature. Make sure you have signed your application with a distribution certificate, not an ad hoc certificate or a development certificate.

         

        I've revoked my distribution certificates, recreated them and the distribution mobileprofile, yet I keep getting the message.  I used codesign to see what's inside the app and got the following.  From what I can tell, they look like "distribution" to me but I don't really know what I'm looking at.

         

        $ codesign -dvvv Hypothesis.app/

        Executable=/Users/macuser/Desktop/certificates/Velocedge/Payload/Hypothesis.app/Hypothesis

        Identifier=com.velocedge.hypothesistesting

        Format=bundle with Mach-O universal (armv7 arm64)

        CodeDirectory v=20001 size=92276 flags=0x0(none) hashes=4605+5 location=embedded

        Hash type=sha1 size=20

        CDHash=0046978286951b4d33497d02c50551270de185

        Signature size=4335

        Authority=iPhone Distribution: Steve Ricketts (C797TDG5B8)

        Authority=Apple Worldwide Developer Relations Certification Authority

        Authority=Apple Root CA

        Signed Time=May 2, 2016, 4:31:28 PM

        Info.plist entries=44

        TeamIdentifier=not set

        Sealed Resources version=1 rules=4 files=224

        Internal requirements count=0 size=12

         

         

        $ codesign -d --entitlements :- Hypothesis.app/

        Executable=/Users/macuser/Desktop/certificates/Velocedge/Payload/Hypothesis.app/Hypothesis

        <?xml version="1.0" encoding="UTF-8" standalone="no"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

            <dict>

                <key>application-identifier</key>

                <string>C797TDG5B8.com.velocedge.hypothesistesting</string>

                <key>get-task-allow</key>

                <false/>

            </dict>

        </plist>

         

         

        $ security cms -D -i 2016_Hypothesis_Distribution.mobileprovision

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

          <key>AppIDName</key>

          <string>Hypothesis Testing</string>

          <key>ApplicationIdentifierPrefix</key>

          <array>

          <string>C797TDG5B8</string>

          </array>

          <key>CreationDate</key>

          <date>2016-05-02T20:24:42Z</date>

          <key>Platform</key>

          <array>

          <string>iOS</string>

          </array>

          <key>DeveloperCertificates</key>

          <array>

          <data>MIIFnzCCBIegAwIBAgIIbBWaQFS5bF8wDQYJKoZIhvcNAQEFBQAwgZYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKDApBcHBsZSBJbmMuMSwwKgYDVQQLDCNBcHBsZSBXb3JsZHdpZGUgRGV2ZWxvcGVyIFJlbGF0aW9uczFEMEIGA1UEAww7QXBwbGUgV29ybGR3aWRlIERldmVsb3BlciBSZWxhdGlvbnB6vQ59jOqGGkaL25+z2CTWl17vHji5oaxnBzTpCE0HCFM2J2fjk0ZsTuHkzr5NHpDXMa</data>

          </array>

          <key>Entitlements</key>

          <dict>

          <key>keychain-access-groups</key>

          <array>

          <string>C797TDG5B8.*</string>

          </array>

          <key>get-task-allow</key>

          <false/>

          <key>application-identifier</key>

          <string>C797TDG5B8.com.velocedge.hypothesistesting</string>

          <key>com.apple.developer.team-identifier</key>

          <string>C797TDG5B8</string>

          <key>beta-reports-active</key>

          <true/>

          </dict>

          <key>ExpirationDate</key>

          <date>2017-05-01T11:04:40Z</date>

          <key>Name</key>

          <string>2016_Hypothesis_Distribution</string>

          <key>TeamIdentifier</key>

          <array>

          <string>C797TDG5B8</string>

          </array>

          <key>TeamName</key>

          <string>Steve Ricketts</string>

          <key>TimeToLive</key>

          <integer>363</integer>

          <key>UUID</key>

          <string>de61c46f-34d6-4c91-90a0-5fd6be043a6d</string>

          <key>Version</key>

          <integer>1</integer>

        </dict>

         

        Can anyone see something wrong with this content?  Are there any other commands I can run to make sure both have distribution content?

        • Re: Invalid Signature, reissued many times
          Velocedge Level 1 Level 1 (0 points)

          Something is definitely wrong with the process.   I've done the following and am still getting the same error.

           

          1. Revoked ALL (development and distribution) my certificates

          2. Deleted all mobileprovision files. 

          3. Deleted all my certificates in KeyChain Access. 

          4. Created a new distribution certificate request file

          5. Created a distribution certificate.. only

          6. Created a distribution mobileprovision file

          7. Downloaded both the distribution .cer and .mobileprovision files

          8. Deleted all expired certificate from Keychain Access

          9. Imported the distribution .cer into Keychain Access

          10. Exported the distribution private key to a .p12 file

          11. Cleaned and rebuilt my app

          12. Exported the app for a release build (using FlashBuilder 4.7)

          13. Insured latest distribution .p12 and .mobileprovision files were attached

          14. Used Application Loader to upload the .ipa to iConnect and was accepted

          15. Get the same e-mail from itunesconnect saying invalid signature

           

          I've wasted a week trying to get this to work.  This is an update to an existing app, so it's not like it's the first time through the process.  Surely, there is someone who knows how to make this work... something else to check.