3 Replies
      Latest reply on May 29, 2020 5:09 AM by eskimo
      xuming97 Level 1 Level 1 (0 points)

        Hi,

         

        I use a NetworkExtension(packet-tunnel) and its container app to implement VPN on macOS. It's works well in my develop computer. But when I use Developer ID certification to ship this container app, the container app can be opened normally but the extension runs failed. There are some errors in system console logs.

         

        neagent Rejecting app extension provider com.westone.secPortalmac.tunnel because it is signed with a Developer ID certificate

        nesessionmanager NEVPNTunnelPlugin(com.westone.secPortalmac[67446]): Validation of the extension failed

         

        I have followed eskimo's instruction in https://forums.developer.apple.com/thread/125508 to set system extension, but I have received the same errors.

         

        Anyone can help me or give me some information?

        Thanks.

        • Re: Developer ID singed NetworkExtension App.
          eskimo Apple Staff Apple Staff (13,905 points)

          Have you notarised your product?  If you want to run an a Developer ID signed sysex on a machine with SIP enabled — that is, most customer machines — it has to be notarised.

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

            • Re: Developer ID singed NetworkExtension App.
              xuming97 Level 1 Level 1 (0 points)

              Yes, I have uploaded my app to notarise server through Xcode. The state of Developer ID arhive information is ready to distribute. Actually, my container app can be opened on a machine with SIP enabled. The problem is when the contianer app tried to turn on a VPN connection with Network Extension, it failed. The error logs in system console is:

               

              neagent Rejecting app extension provider com.westone.secPortalmac.tunnel because it is signed with a Developer ID certificate
              nesessionmanager NEVPNTunnelPlugin(com.westone.secPortalmac[67446]): Validation of the extension failed
              
                • Re: Developer ID singed NetworkExtension App.
                  eskimo Apple Staff Apple Staff (13,905 points)

                  If you're packaged as a sysex and using the -systemextension variant of the entitlements and notarised and testing on 10.15.x, I’m not sure why this is failing in this way.  If you can’t work it out then my advice is that you open a DTS tech support incident and I, or my colleague Matt, can dig into this some more.

                  Share and Enjoy

                  Quinn “The Eskimo!”
                  Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                  let myEmail = "eskimo" + "1" + "@apple.com"