General:
DevForums tags: Code Signing, Signing Certificates, Provisioning Profiles, Entitlements
Developer Account Help — This document is good in general but, in particular, the Reference section is chock-full of useful information, including the names and purposes of all certificate types issued by Apple Developer web site, tables of which capabilities are supported by which distribution models on iOS and macOS, and information on how to use managed capabilities.
Developer > Support > Certificates covers some important policy issues
Entitlements documentation
TN3125 Inside Code Signing: Provisioning Profiles — This includes links to other technotes in the Inside Code Signing series.
WWDC 2021 Session 10204 Distribute apps in Xcode with cloud signing
Certificate Signing Requests Explained DevForums post
--deep Considered Harmful DevForums post
Don’t Run App Store Distribution-Signed Code DevForums post
Resolving errSecInternalComponent errors during code signing DevForums post
Finding a Capability’s Distribution Restrictions DevForums post
Signing code with a hardware-based code-signing identity DevForums post
Mac code signing:
DevForums tag: Developer ID
Creating distribution-signed code for macOS documentation
Packaging Mac software for distribution documentation
Placing Content in a Bundle documentation
Embedding Nonstandard Code Structures in a Bundle documentation
Embedding a Command-Line Tool in a Sandboxed App documentation
Signing a Daemon with a Restricted Entitlement documentation
Defining launch environment and library constraints documentation
WWDC 2023 Session 10266 Protect your Mac app with environment constraints
TN2206 macOS Code Signing In Depth archived technote — This doc has mostly been replaced by the other resources linked to here but it still contains a few unique tidbits and it’s a great historical reference.
Manual Code Signing Example DevForums post
The Care and Feeding of Developer ID DevForums post
TestFlight, Provisioning Profiles, and the Mac App Store DevForums post
For problems with notarisation, see Notarisation Resources. For problems with the trusted execution system, including Gatekeeper, see Trusted Execution Resources.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Signing Certificates
RSS for tagA signing certificate is a digital identity used for code signing during the build and archive process.
Posts under Signing Certificates tag
158 Posts
Sort by:
Post
Replies
Boosts
Views
Activity
I have a unique need here and hope there is someone out there that might be of help. There is a backend server that will send an x509 certificate and private key (as strings) after the mobile apps on-boarding process.
Additionally, the app includes an AWS SDK that is used to talk to their IoT system. This SDK requires PKCS12 certificate format to pass authentication. (I believe the common method is to have bundled the cert into the app which is not an option for me here sadly)
I suspect it may be possible to use some openSSL iOS framework to do this conversion at runtime but have not personally tried it yet as my go-to is usually trying things first with Apples APIs.
So my question becomes is there a way to meet this requirement using any of the security APIs or other APIs that apple has like swift-nio-ssl? Thank you very much for your time.
Best,
Michael
When I trusted my certificate in 'Setting'->'VPN & Device Management', my device reboot automatically.
After reboot, it showed that "developer of My Team is not trusted in this iPhone", but the app is "verified" in the second column.
The UI looks like:
iOS18 beta:
First Col: Trust "My Team"
Second Col: MyApp Verified
Other versions:
First Col: Delete App
Second Col: MyApp Verified
What's more, my app has plugins(extensions), my app can run normally while the extension is not able to be pulled up on iOS18 beta.
Hi,
I'm having some problems signing my application.
Everything was working fine until recently when the certificates expired and I got these kinds of errors when I try to upload the app to AppStoreConnect.
I can build the app in dev and production mode without any issue and I can create an archive. Problems occur when uploading to AppStoreConnect.
The idea would be to let Xcode take care of signing everything necessary by checking the "Automatically manage signing" box.
All my targets are in "Automatically manage signing" mode.
I tried to delete all the certificates and provisioning profiles that I found on the Apple portal and then generate them again, but the problem is the same.
There are two of us on the team, plus a CI machine (this should be the CI that takes care of signing everything needed to send a release to AppStoreConnect).
If you have an idea, I'm interested!
Thanks in advance,
Alexandre
My dev Acct expired. I renewed, now when trying run/load the app from Xcode onto my phone, it complains that it's not registered or there's no cert. (sorry, don't have it with me right now to get the actual text)
Instructions say to look at VPN & Device Mgt, but the info it says is not there.
I have a bizzare issue with my Apple TV that is shown as "iPod" in Apple developer portal. It's correctly visible in Xcode as Apple TV, but when I add it to developer portal it says "iPod".
The problem is since it's there as an iPod I can't use it to my provisioning profile to build on the device
Anyone has any idea how this can be solved?
[Edited by Moderator]
Hello everyone,
I am encountering a persistent issue with Xcode where I’m unable to install my app on a testing device due to the following error message:
Failed to verify code signature of /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.SznYNY/extracted/iForC.app : 0xe8008018 (The identity used to sign the executable is no longer valid.)
Here’s what I have tried so far to resolve this issue:
1. Ensured that all my certificates and provisioning profiles are current and valid.
2. Removed all related certificates from my Keychain and reinstalled new ones.
3. Cleaned and rebuilt the project multiple times.
4. Unpaired the device and paired it again.
5. Reinstalled the latest version of Xcode.
6. Performed a complete restore of my Mac.
Despite these troubleshooting steps, I am still facing the same issue. I would greatly appreciate any insights or experiences related to this error from anyone who has overcome similar challenges.
Thank you in advance for your help!
In order to facilitate management, we integrate some SDKs such as Firebase into one of our own internally used SDKs. Recently, when submitted to the appstore, we were prompted that FirebaseCrashing included in the SDK lacked the necessary signature (ITMS-91065).
The information that can be confirmed is that after packaging the SDK through secondary packaging, the original signature is lost. And we have a static reference.
So what I want to ask is whether we can only manually sign our secondary packaging sdk (the signature is our own certificate different from the original Firebase) to solve this ITMS-91065 problem.
According to the description of the Apple Developer Conference, Apple only verifies the consistency and security of the SDK and does not record the signature of each SDK on Apple's servers. Therefore, you should only need to ensure that the SDK is in a signed state to comply with Apple's review requirements. (My guess is still being verified)
I have added an additional capability called "User Assigned Device Name" into my application(The provisions for Development, Ad hoc & App Store Connect etc already received from Apple). Since then we are facing issues on code signing. We are trying to Sign in Automatically and getting the below error always.
/.xcodeproj Provisioning profile "iOS Team Provisioning Profile: com..*******" doesn't include the com.apple.developer.contacts.notes entitlement.
Contact notes entitlements are not a part of our additional capabilities as we requested separately with Apple and received it in the provisioning profile long back. Actually that time the same(contacts notes entitlements) was not a part of the additional capabilities. Please advise if any one has gone through such a conflict and resolved.
I have iMac and MacStudio. iMac works perfectly fine on xcode 15.4, but somehow MacStudio on xcode 15.2(Sonoma 14.2) is worked not properly.
When I tried to Add Team on xcode in each device, iMac is fine but MacStudio force closed the xcode.
I'm not sure even I upgrade xcode 15.2 to 15.4 on my MacStudio, it could be better.
Any advice?
When I accessed the page "Certificates, IDs, & Profiles", it shows
"Unable to find a team with the given Team ID 'XXXXXXXXXX' to which you belong. Please contact Apple Developer Program Support. https://developer.apple.com/support".
I confirmed my developer account was paid in 6 months and should be valid. I accessed 2 weeks ago without any problem.
This is the screenshot.
I am developing a suite of apps/helpers that get built into an installer package for deployment (outside The App Store). We have that release process ± working, except that most of the development team members are not admins/privileged on the team. They don't really need to publish on behalf of the team, and so we don't want to have debug builds also depend on being signed as "Developer ID Application". But that is running into problems…
If I select instead "Sign to Run Locally" this results in an error for some of the build products along the lines of:
[Build Target] requires a provisioning profile. Enable development signing and select a provisioning profile in the Signing & Capabilities editor.
If I select "Apple Development" as the Code Signing Identity it leaves me with basically the same error as "Developer ID Application" does:
Provisioning profile [Name of App/Helper] doesn't include signing certificate "Apple Development: [Name of Developer] ([TEAMID])"
And finally, if simply set the Debug value for Provisioning Profile to "None" for the problematic products I get errors like:
"[Name of app]" requires a provisioning profile. Select a provisioning profile in the Signing & Capabilities editor.
I believe perhaps because some of the targets have an entitlements file granting access to various things (their own XPC services, their own shared preferences, as well as Outgoing Network Connections and com.apple.security.smartcard access…).
In older versions of Xcode and/or macOS we didn't have trouble like this, local development could be done by basically any team member. Now it seems like maybe all developers need to have release-signing privileges to test/debug even on their own machines? Or is there a combination I'm missing, that would allow anyone on the team (or perhaps not even on the team) to build and debug the code locally, while still limiting who is able to actually sign notarized release builds on behalf of the team?
Hello,
I'm have a new Macbook and setup my Enterprise account. Part of my job is to view the expiration dates on certificates for other users. This should be a simple process but when I click on the certificate, there's a button "view certificates" I should be able to click on and see the expiration date and basic details on that specific certificate.
The problem I have is that when I click on "view certificates", I get the error: "An error has occurred. Unable to display information about the selected item."
I've tried steps online but to no avail. How can I get this fixed? My two other coworkers are able to just click on that button and view the certificate details, except for me. I've attached the screenshot.
Thank you for your help
Regards
JJ
Hi everyone!
We use to have an intel Mac machine where we generate the Developer ID Installer & Application certs for signing and notarization process. This process works sweet.
Now, we move from an intel to a m1 Mac machine, where we want to do the same process as before. I had try two different approaches, but ending up with the same result.
I export the cert with the private key from my intel to the m1 machine, but when I try to sign, I get: Invalid signature. (Not sure what this error means in this case as everything works on the intel machine. I am guessing the cipher for creating either the private key or the signature differs between the architecture)
I try to generate new certs for this m1 machine, but I get the following error: You already have a current Developer ID installer certificate or a pending certificate request. I try with the same account, but also with a different account. In both cases got the same error.
I create a ticket for apple, where they said to expect a reply between one and two business days, but no luck yet.
I'm trying to compile my project to upload to the Apple Store, but I'm encountering the following error and I'm not finding a solution.
Target release_unpack_ios failed: Exception: Failed to codesign /Users/projetos03/Library/Developer/Xcode/DerivedData/Runner-fawumbalfprcejfqeukpogdffliw/Build/Intermediates.noindex/ArchiveIntermediates/Runner/BuildProductsPath/Release-iphoneos/Flutter.framework/Flutter with identity 8AEA2F49955A0 9A7CD98E041ABA46E18BAE7745E .
/Users/projetos03/Library/Developer/Xcode/DerivedData/Runner-fawumbalfprcejfqeukpogdffliw/Build/Intermediates.noindex/ArchiveIntermediates/Runner/BuildProductsPath/Release-iphoneos/Flutter.framework/Flutter: replacing existing signature
Warning: unable to build chain to self-signed root for signer "Apple Development: Flavio Alves (36WNMDQCH4)"
My app stops responding during the 'signing scold.app' process while uploading to App Store Connect in Xcode 15.3. What should I do?
I registered as a developer with Apple. Since I work alone, I have an individual developer account.
Unfortunately, I am unable to create an iOS distribution certificate from Visual Studio (for Windows). The option is grayed out even though my role in App Store Connect is "Admin".
Visual Studio also shows me that my user is an admin - yet I don't seem to have rights to create iOS distribution certificates. I can create iOS development certificates without any problems.
My app crashes while uploading to App Store Connect in Xcode 15.3. What should I do?
I use three Macs for development of a web application. On each of the Macs (macOS 14.4) I used mkcert to install a local CA and to issue developer certificates (all separately). Accessing the web app with https://localhost:8080 works fine on two Macs with all browsers, but on one Mac Safari claims to have another root CA for localhost which it does not trust. And I cannot override the trust settings.
Using Keychain Access I do not find this certificate. Safari shows it like this:
Scrolling down I can see DNS Names localhost, localhost.localdomain and lvl.me, so I suspect it is a leftover from trying to install a root CA before using mkcert.
The mkcert certificate looks like this and I can see it in the System keychain:
So Safari complains and I cannot tell it to trust the server certificate as the CA does not fit (I think). Firefox and Chrome open the website just fine after warning me and me telling them to do so.
I tried to find the wrong CA using Keychain Access and Terminal (security find-certificate -a -c localhost, security find-certificate -a -c lvh...) but in vain.
Where can I find this certificate and how can I delete it?
I'm trying to build my Expo app. I already built it for Android, but now I'm struggling to create a release on iOS to upload on TestFlight. I have the apple developer account of my university, and they added our bundle ID there(I'm not an admin). When I try to build with EAS, it requires a p12 file.
So, I tried to generate it in this way:
From Keychain Access I created a CSR(by adding my mail and name) and then on Apple Developers I uploaded it(Certificates > +), so I downloaded a .cer file
I opened the .cer on Keychain Access and I dragged it under "login" section
From there I exported the p12 file
But that p12 gives me always this error when I run npx eas build --platform ios :
Provided Distribution Certificate is no longer valid on Apple's server
after submitting the p12 file on eas console.
Can someone help us?
Thanks in advance for your availability :)
An error occurred. Unable to import “Apple Development: Name ()”.
Error: -25294
Mac mini M1
macOS Sonoma Version 14.4.1