Hello,
I am working on a macOS VPN app using Network Extension's packet tunnel capability.
When the container app (referred to as "App" below) and the network extension plugin (referred to as "NE" below) are signed with my development certificate, everything works perfectly.
However, when they are signed with a Developer ID certificate, the network extension refuses to activate.
Here are the details:
The App has sandbox set to off, but the NE has sandbox set to on.
I managed to archive and notarize both Developer ID signed App and NE.
The Debug version and Release version don't use the same App ID or App Group ID to make sure there is no interference.
I am aware that the NE entitlement value changes if signed by Developer ID. I followed the instructions and used packet-tunnel-provider-systemextension instead of packet-tunnel-provider.
I tested adding System Extension capability into the App, but it made no difference.
The activate tunnel function returns NEVPNError.Code.configurationInvalid, but I don't think the configuration is invalid. The same configuration works with a development profile.
In the system console, I observed the following log messages:
Looking for an extension with identifier {NE_BUNDLE_ID} and extension point com.apple.networkextension.packet-tunnel
Found 1 extension(s) with identifier {NE_BUNDLE_ID} and extension point com.apple.networkextension.packet-tunnel
Beginning extension request with extension {NE_BUNDLE_ID}
Assertion 395-24105-185921 (target:[xpcservice<{NE_BUNDLE_ID}([osservice<com.apple.neagent(512863558)>:24105:24105])(512863558)>:42188]) will be created as active
[0x12be187f0] activating connection: mach=false listener=false peer=false name={NE_BUNDLE_ID}.apple-extension-service
Entitlement com.apple.application-identifier={APP_GROUP_ID} is ignored because of invalid application signature or incorrect provisioning profile
Entitlement com.apple.security.application-groups=(
{APP_GROUP_ID}
) is ignored because of invalid application signature or incorrect provisioning profile
{APP NAME}[42130]/1#5 LF=0 copy_matching Error Domain=NSOSStatusErrorDomain Code=-34018 "Client has neither com.apple.application-identifier nor com.apple.security.application-groups nor keychain-access-groups entitlements" UserInfo={numberOfErrorsDeep=0, NSDescription=Client has neither com.apple.application-identifier nor com.apple.security.application-groups nor keychain-access-groups entitlements}
Any guidance or suggestions would be greatly appreciated.
Thank you!
Developer ID
RSS for tagDeveloper ID certificates are unique identifiers from Apple that assure users that you are a trusted developer.
Posts under Developer ID tag
43 Posts
Sort by:
Post
Replies
Boosts
Views
Activity
I got into trouble setting up my X-Code team ID. My user ID suddenly changed.
Please take a look at the first screenshot. This is the certificate I was originally using, and I got a new certificate because it's about to expire. The new certificate is the second screenshot. But you can check that the ID is different.
The problem is that the Apple login function is not working properly because the ID is different (I'm using Unity to develop a game) Can you tell me why the user ID has changed and I can't change it to the original one?
I am trying to enroll in the developer program by following below steps.
Open apple developer app
Clicks on my account name
Clicks on 'Enroll Now' button
Filled all details
Opens up "Program License Agreement" & Clicks "Agree"
Clicks "Agree" on the "Confirm Agreement"
This process is showing "Your request could not be processed."