Notarization Rejects Valid Developer ID Certificates - Apple Infrastructure Issue? Environment macOS: 15.6.1 Xcode: 26.0.1 Architecture: arm64 (Apple Silicon) Team ID: W---------- Certificate Status: Valid until 2030 (verified on developer.apple.com) Problem Apple's notarization service consistently rejected properly signed packages with error: "The binary is not signed with a valid Developer ID certificate." Despite: ✅ Valid certificates on developer.apple.com ✅ Local signing succeeds (codesign --verify passes) ✅ Proper certificate/key pairing verified ✅ Package structure correct Failed Submission IDs September 2025: adeeed3d-4732-49c6-a33c-724da43f9a4a 5a910f51-dc6d-4a5e-a1c7-b07f32376079 3930147e-daf6-4849-8b0a-26774fd92c3c b7fc8e4e-e03c-44e1-a68e-98b0db38aa39 d7dee4a1-68e8-44b5-85e9-05654425e044 da6fa563-ba21-4f9e-b677-80769bd23340 What I've Tried Re-downloaded fresh certificates from Apple Developer Portal Verified certificate chain locally Tested with multiple different builds Confirmed Team ID matches across all configurations Verified no unsigned nested components Waited 3 months for potential propagation delays Verified all agreements are current and accepted Re-tested with minimal test package - same error persists Local Verification # Certificates present and valid security find-identity -v -p codesigning | grep "Developer ID" 1) XXXXXXXXXX "Developer ID Application: <<REDACTED>> (W----------)" 2) XXXXXXXXXX "Developer ID Installer: <<REDACTED>> (W----------)" # Signing succeeds codesign --verify --deep --strict --verbose=2 [app] → Success Question This appears similar to thread #784184. After 3 months and ensuring all agreements are signed, the issue persists with identical error. The certificates work for local signing but Apple's notarization service rejects them. Could this be: Backend infrastructure issue with Team ID W----------? Certificate not properly registered in Apple's notarization database? Known issue requiring Apple Support intervention? Has anyone else experienced valid Developer ID certificates being rejected specifically by the notarization service while working locally?

I am trying to notarize my first macOS app for direct distribution outside the Mac App Store using Developer ID Application signing. Team ID: 32S6XVAQPY Environment: macOS app distributed via Developer ID notarytool with a saved keychain profile archive exported locally, app zipped with ditto What I already verified locally: The archived app is signed with: Developer ID Application: (32S6XVAQPY) codesign --verify --deep --strict passes spctl shows: source=Unnotarized Developer ID syspolicy_check distribution only reports the expected missing notary ticket Hardened runtime is enabled The app bundle and nested Sparkle executables were re-signed and now have valid Developer ID signatures with secure timestamps Important note: I previously had a real signing issue in nested Sparkle binaries, and Apple rejected that submission quickly as Invalid. I fixed those signatures, and now new submissions no longer fail quickly but remain stuck In Progress. Submission IDs currently stuck: bea6c4b3-b107-4c81-8042-6c58b1cf5087 5489e29c-d583-4779-a125-ca0fbd9cad0b Earlier invalid submission with a concrete Sparkle signing error: 10df648b-eca8-428f-98d6-4cb4096153ad Apple reported invalid Developer ID / missing secure timestamp on: Sparkle.framework/Versions/B/Updater.app/Contents/MacOS/Updater Sparkle.framework/Versions/B/Autoupdate Sparkle.framework/Versions/B/XPCServices/Downloader.xpc/Contents/MacOS/Downloader Sparkle.framework/Versions/B/XPCServices/Installer.xpc/Contents/MacOS/Installer That Sparkle issue has since been fixed locally and re-verified. Question: Is there currently a notarization backlog or any known issue affecting first-time macOS notarizations or Developer ID submissions? At this point the remaining submissions appear valid locally but sit In Progress for a very long time.

As it has already been reported elsewehere, I also face the problem of endless waiting time for my submissions to be notarized. This prevents me from shipping a new release. A waiting/processing time of multiple days is simply unacceptable. I kindly request to fix this.

Hello, At work, we want to release a new version of our cross-platform desktop application this week. Unfortunately, I've had issues getting the dmg signed by the Apple notary service, which will delay the release until it's successful. However, I remade and successfully signed the previously released version (also dmg) with the same credentials, so I know it's not a problem with the file format or my account. I have tried the following to no avail: Lots of Googling Running xcrun notarytool submit with the -v option (verbose) to see more error messages Going to the URL given (appstoreconnect.apple.com/notary/v2/submissions/{submission_id}) and examining the file it downloaded (not much info, let alone helpful info) Contacting Apple developer support over the phone (they couldn't help with this particular issue, since it's "code-level support") The only big change we made this time was switching to Maven for our build tool and dependency management (we previously used Ant with manual dependency management). Does anyone here have any insight? Is there a list of known issues or dependencies that will cause a submission to be invalidated? Or, even better, any way to see why the submission is invalid? Thanks.

The following process to sign my .pkg installer for distribution outside the app store have been working for over a year and recently the notarization fails with a rc = 69. I not aware of any changes other then xtools updates for the latest macos 15.6.1. Admittedly I felt lucky to have gotten it all to work initially and I could really use help. Thanks in advance! Bill The signing (no errors): productsign --sign macos_cert myapp.pkg The notarization (rc=69): xcrun -v notarytool submit myapp.pkg --apple-id my_apple_id --team-id XXXXXXXXXX

Hi, My first notarization submission has been stuck in "In Progress" for several hours with no status change. I'm wondering if it's being held for in-depth analysis given the nature of the app. The app is a macOS dictation utility triggered by a global hotkey. It captures audio input, transcribes it, and pastes the result at the cursor position in whatever app the user is focused on. Because of how it works, it relies on a combination of APIs that may be less common in typical submissions: continuous microphone access, programmatic clipboard manipulation, global keyboard event monitoring, and Accessibility APIs to inject text into the frontmost application. This is the first submission for this app, so there's no prior notarization history for the system to learn from. Is this the kind of profile that typically triggers in-depth analysis? Is there anything I should check or provide, or is waiting the right move here? Thanks

Team ID: MB9VR977ND We have changed apple developer account for the our application, after changing account we have submitted app for notarization multiple times but all showing in-progress without any logs. do we need to wait until this passed from apple side ? does submitting many request has any issue ? Submission id: 8c5ac51d-bcd3-4fc4-9b38-671e5ea2bf14

I use the 'notarytool' to notarize applications and .pkg installers for Developer ID distribution. When using the notary tool with a fresh Apple Developer account, the notarization process remains stuck in the 'In progress' state. However, if I try the same app with an older developer account (one that has notarized at least one app in the past), the notarization works. All agreements are accepted in developer portal and Appstore Connect.

I haven't been able to notarize my macOS app for the past two days. Now, I believe this is an issue with the notarization process because I've tried notarizing the default app that's provided whenever you open a new Swift application, but that completely failed as well. And I've been waiting for the past two days and it's been stuck on in progress. This is the second time this has happened to me in the past two months and oftentimes I have to wait more than a day or two for the notarization to occur. I just, I don't understand why it's deadlocked like this. I've done nothing. I haven't changed my certificates. I haven't done any different configurations within my Mac. The last time that this happened, the issue went away after two days, but my biggest concern right now is that if this happens whenever we need to urgently push updates, we can't. I have absolutely no idea what to do and I'm just extremely frustrated because this is happening right before our launch day. I've been stuck on notarizing again for the past two days and I've seen no progress, I've seen no responses from support emails and the ones that do aren't even applicable to my current scenario. ⁠

Hello, I'm working on an app at work and we finally got to signing and notarizing the app. The app is successfully notarized and stapled, I packaged it in a .dmg using hdiutil and went ahead and notarized and stapled that as well. Now I tried to move this app to another machine through various methods. But every time I download it from another machine, open and extract the contents of the dmg and attempt to open the app, I get the "Apple could not verify my app is free of malware that may harm your Mac or compromise your privacy. When I check the extended attributes there's always the com.apple.quarantine attribute which from what I know, is the reason that this popup appears I've tried uploading it to google drive, sending through slack, onedrive, even tried our AWS servers and last but not least, I tried our Azure servers (which is what we use for distribution of the windows version of our app). I tried uploading to Azure through CloudBerry (MSP360 now), and azure-cli defining the content-type as "application/octet-stream", the content-disposition as "attachment; filename=myApp.dmg", and content-cache-control as "no-transform". None of these worked The only times where a download actually worked with no problems was when I downloaded through the terminal using curl, which obviously not a great solution especially that we're distributing to users who aren't exactly "tech savy" I want the installation experience to be as smooth as other apps outside the App Store (i.e Discord, Slack, Firefox, Chrome etc....) but I've been stuck on this for more than a week with no luck. Any help is greatly appreciated, and if you want me to clarify something further I'd be happy to do so

Starting a few hours ago (roughly 2:45PM Eastern time) we began experiencing elevated latency with the Developer ID Notary Service. There is nothing listed on the developer system status page about degraded performance or a service outage. Operations that usually take ~15 minutes, are stacking up for hours. The oldest pending entry we have was created at 2:45PM Eastern: createdDate: 2025-06-24T18:45:22.539Z id: 5209a4d2-eae4-4714-aa8e-6961677ff2e We currently have 27 pending builds in the notary service since we are required to notarize internal builds to ensure we satisfy our requirements so this is creating an issue for us.

SMAppService Error 108 "Unable to read plist" on macOS 15 Sequoia - Comprehensive Test Case Summary We have a fully notarized SMAppService implementation that consistently fails with Error 108 "Unable to read plist" on macOS 15 Sequoia, despite meeting all documented requirements. After systematic testing including AI-assisted analysis, we've eliminated all common causes and created a comprehensive test case. Error: SMAppServiceErrorDomain Code=108 "Unable to read plist: com.keypath.helperpoc.helper" 📋 Complete Repository: https://github.com/malpern/privileged_helper_help What We've Systematically Verified ✅ Perfect bundle structure: Helper at Contents/MacOS/, plist at Contents/Library/LaunchDaemons/ Correct SMAuthorizedClients: Embedded in helper binary via CREATE_INFOPLIST_SECTION_IN_BINARY=YES Aligned identifiers: Main app, helper, and plist all use consistent naming Production signing: Developer ID certificates with full Apple notarization and stapling BundleProgram paths: Tested both Contents/MacOS/helperpoc-helper and simplified helperpoc-helper Entitlements: Tested with and without com.apple.developer.service-management.managed-by-main-app What Makes This Different Systematic methodology: Not a "help me debug" post - we've done comprehensive testing Expert validation: AI analysis helped eliminate logical hypotheses Reproduction case: Minimal project that demonstrates the issue consistently Complete documentation: All testing steps, configurations, and results documented Use Case Context We're building a keyboard remapper that integrates with https://github.com/jtroo/kanata and needs privileged daemon registration for system-wide keyboard event interception. Key Questions Does anyone have a working SMAppService implementation on macOS 15 Sequoia? Are there undocumented macOS 15 requirements we're missing? Is Error 108 a known issue with specific workarounds? Our hypothesis: This appears to be a macOS 15 system-level issue rather than configuration error, since our implementation meets all documented Apple requirements but fails consistently. Has anyone encountered similar SMAppService issues on macOS 15, or can confirm a working implementation?

I am building an electron app bundled with python. My code signing was fast, but when it came to notarization, it has already taken over 6+ hours. How can I speed things up?

I have a Qt desktop app that I was shipping to users as a dmg on macOS. But now I'll need to kind of rebrand the app to different users, that rebranding involves changing the name and the icon of the app I'm not sure how feasible that is on macOS but here's what I'm thinking: First I'll include all apps for all brands inside the app resources, and instead of shipping the app directly, I will ship and installer (either .pkg or a custom made installer app) that will be responsible for downloading the main app and also setting some environmental variables somewhere so that I can choose the icon from the resources based on the env var values. And then either change the app icon and name from the installer itself, or implement something inside the app that makes it change the icon and name on launch (both icon in finder and in dock) but maybe one of those methods (or both) will break the codesign/notarization of the app so I want to avoid that too I'm not sure if someone has done this before or how feasible such scenario is. Is what I'm thinking valid? or is there a whole other way possibly easier than this to go about implementing such feature? The purpose of this is that I don't want to have to create multiple releases for multiple brands when they're all the same application with different icons/names, and also when releasing an update it will be just one update for all brands Thank you in advance and feel free to ask any further questions for clarification

My notary service has been stuck for more than 5 hours. Is it taking long time because the notary service is down or because i am a new user

Hi everyone, Has anyone seen notarization behave like this? We have one specific app (let’s call it App A) with a Network Extension system extension. Whenever we submit App A for notarization: • Its submission stays “In Progress” indefinitely • The provisioning profile for its system extension becomes Invalid on its own • All our other apps suddenly fail notarization • And the whole team immediately gets: StatusCode 7000 – “Team is not yet configured for notarization.” Apple Support restored notarization once(Case 102738171569), and we confirmed other apps notarize fine — until we submit App A again, which instantly triggers the same team-wide block. This cycle has repeated twice. We verified: • Hardened runtime • Proper system extension signing • No private API usage • No get-task-allow • No ATS violations What’s confusing is that this doesn’t look like a normal notarization rejection. Normal failures don’t invalidate provisioning profiles or disable notarization for the entire team. It feels more like an automated security heuristic or misclassification. My questions: 1. Can a single app or system extension trigger an automated team-wide notarization disable? 2. Can an entitlement or NE configuration issue cause StatusCode 7000 instead of a standard rejection? 3. If this could be a false positive, is there a specific team at Apple who can manually review/clear it? Any insight would be greatly appreciated.

I am trying to notarize a VS-Code Fork Electron based app for non-App store distribution. Its just same for more than 24hrs, it just says processing. Looking for someone who could help me. Thanks

Hi everyone!! I am submitting an App for Notarization for the first time, I have several attempts, some returned invalid and other show In Progress for more than 8 hours. Is that normal? I addressed the issues that make the other ones Invalid. Thanks so much!

I have been trying to package a FileMaker 18 runtime app* for Mac distribution for - oh - a year and a half on and off (the Windows version was packaged in an afternoon). I succeeded - or thought I had - until I updated to Tahoe. Now my packaging process does everything it did formerly (creates the DMG, etc.), but when opened, fails to see/load a third-party plugin (BaseElements.fmplugin). Does anyone know why this should be? I have attached 4 of my build files in the hope that someone can point me in the right direction. Thanks in advance for any advice you may provide. Regards, L *Claris deprecated the runtime feature years ago, but it still runs and is useful for proof of concept. P.S. A contributor to an earlier query kindly suggested I go down the zip file or pkg installer route, rather than the DMG route. I tried doing as much but found both as susceptible to Mac spaghetti signage. build_all.txt repair_and_sign.txt build_dmg.txt notarize_dmg.txt

I'm submitting my first macOS app (a native SwiftUI menu bar app, signed with Developer ID Application certificate, Hardened Runtime enabled) for notarization using xcrun notarytool submit with keychain profile authentication. All 9 of my submissions have been stuck at "In Progress" for up to 16 hours. None have transitioned to "Accepted" or "Invalid." Logs are unavailable for all of them (notarytool log returns "Submission log is not yet available"). Environment macOS: 26.2 (25C56) Xcode: 26.1.1 (17B100) notarytool: 1.1.0 (39) App: Native SwiftUI, universal binary (x86_64 + arm64), ~2.2 MB DMG Bundle ID: com.gro.ask Team ID: 4KT56S2BX6 What I've verified Code signing is valid: $ codesign --verify --deep --strict GroAsk.app passes with no errors $ codesign -dvvv GroAsk.app Authority=Developer ID Application: Jack Wu (4KT56S2BX6) Authority=Developer ID Certification Authority Authority=Apple Root CA CodeDirectory flags=0x10000(runtime) # Hardened Runtime enabled Runtime Version=26.1.0 Format=app bundle with Mach-O universal (x86_64 arm64) Entitlements are minimal: com.apple.security.app-sandbox com.apple.security.network.client Uploads succeed — each submission receives a valid submission ID and the file uploads to Apple's servers without error. Submission history Created (UTC): 04:40 ID: eeb12389-... File: GroAsk-1.6.0.dmg Status: Invalid (Hardened Runtime missing — since fixed) ──────────────────────────────────────── Created (UTC): 04:42 ID: 6e537a32-... File: GroAsk-1.6.0.dmg Status: In Progress (16+ hrs) ──────────────────────────────────────── Created (UTC): 07:52 ID: 5ee41736-... File: GroAsk-1.6.0.dmg Status: In Progress ──────────────────────────────────────── Created (UTC): 08:19 ID: f5c6b9a5-... File: GroAsk-1.6.0.dmg Status: In Progress ──────────────────────────────────────── Created (UTC): 08:27 ID: 0f1c8333-... File: GroAsk-1.6.0.dmg Status: In Progress ──────────────────────────────────────── Created (UTC): 08:29 ID: 77fd9cd4-... File: GroAsk-1.6.0.dmg Status: In Progress ──────────────────────────────────────── Created (UTC): 08:51 ID: db9da93e-... File: GroAsk-1.6.1.dmg Status: In Progress ──────────────────────────────────────── Created (UTC): 09:05 ID: 3c43c09f-... File: GroAsk.zip Status: In Progress ──────────────────────────────────────── Created (UTC): 12:01 ID: b2267a74-... File: GroAsk-1.6.3.dmg Status: In Progress ──────────────────────────────────────── Created (UTC): 12:15 ID: ae41e45c-... File: GroAsk.zip Status: In Progress The very first submission (eeb12389) came back as Invalid within minutes because Hardened Runtime wasn't enabled on the binary. I fixed the build configuration and confirmed flags=0x10000(runtime) is present on all subsequent builds. However, every submission after that fix has been stuck at "In Progress" with no state transition. What I've tried Submitting both .dmg and .zip formats — same result Verified notarytool log — returns "Submission log is not yet available" for all stuck submissions Apple Developer System Status page shows the Notary Service as "Available" I've also emailed Apple Developer Support but have not received a response yet Questions Is this the expected behavior for a first-time notarization account? I've seen other threads mentioning that new accounts may be held for "in-depth analysis," but 16+ hours with zero feedback seems excessive. 2. Is there any manual configuration Apple needs to do on their end to unblock my team for notarization? 3. Should I stop submitting and wait, or is there something else I can try? Any guidance from DTS would be greatly appreciated. This is blocking the release of my app.