Hi everyone, I recently migrated my individual Apple Developer account to an Organization account for my company "". My Team ID remained the same. I'm now facing persistent issues with code signing and push notifications for my iOS app (Bundle ID: com.).
 Current Problems:
 "Untitled" Certificates in Xcode: When I go to Xcode -> Settings -> Accounts -> [My Apple ID] -> Select "" Team -> "Manage Certificates...", a number of my newly created Apple Development and Apple Distribution certificates are listed древ "Untitled". Some older ones are "Revoked". (See attached screenshot if possible).
 "No App ID" for Push Notifications Console: In my app target's "Signing & Capabilities" tab, I've added the "Push Notifications" capability. However, when I click the info button to open the "Push Notifications Console", it states: "no app IDs: Register an App ID with the Push Notifications capability enabled to use the Push Notifications console." This is despite the fact that the Push Notifications capability IS enabled for my App ID com. in the Developer Portal, and I've configured an APNs Auth Key (.p8) for it.
 Push Notifications Not Received (from Backend): While I can successfully send a test push notification directly from the Firebase Console to my device's FCM token, notifications triggered by my backend (Firebase Cloud Functions writing to a Firestore collection, which then triggers another function to send via FCM) are not being delivered to iOS devices. (Android seems to be working more reliably now).
 Setup: Using an APNs Authentication Key (.p8) linked to my Organization Team ID in Firebase Cloud Messaging. Main App ID com. has "Push Notifications" capability enabled. Notification Service Extension com..ImageNotification also has its App ID and Provisioning Profile set up for the Organization team. Created new Development and Distribution certificates and Provisioning Profiles specifically for the Organization team. Using "Automatically manage signing" in Xcode with the Organization team selected for both the main app target and the extension target.
 Troubleshooting Done: Revoked old/problematic certificates and profiles. Recreated CSRs and new Development/Distribution certificates under the Organization team multiple times. Recreated Provisioning Profiles. Cleaned Derived Data in Xcode. Ensured Bundle Identifiers are consistent. Verified APNs Auth Key details (Key ID, Team ID) in Firebase.
 I suspect there's a fundamental issue with how Xcode is recognizing or linking the signing assets for my Organization team after the account type change, despite the Team ID being the same. The "Untitled" certificates are a major red flag.
 Has anyone encountered similar issues, particularly the "Untitled" certificates or the "No App ID" message for the Push Console, after an account migration or when working with Organization accounts? Any insights on how to resolve this would be greatly appreciated.
 Thanks,
Benni

I created an apple development certificate using an api key. When the certificate was created and I want to revoke the certificate but revoke button and download button is not there. I am an Admin in that account. Not sure how to fix this

I've created a new project in Xcode. I'm running the Xcode 16.4 and MacOS 15.5. I'm trying to run my barebones project on my iPhone 16 (I'm just getting started). I turned on developer mode on my iPhone and went through the whole process. But in the Signing & Capabilities of my project under status I see two errors... There is a problem with the request entity A device with number 'XXXX8801C' already exists on this team. Provisioning profile "iOS Team Provisioning Profile: [MyBundleID]" doesn't include the currently selected device "My iPhone" (identifier XXXX8801C). I noticed in the devices on the developer portal that my device is showing as "Processing." I feel ike it's stuck. But I can't figure out how to clear it all out and try again. It's been 24 hours since this error came up. I've tried to clear trusted computers on the iPhone. I've deleted the "Derived Data" folder. I've removed my developer account from Xcode and added it again. I've restarted both my Mac and my iPhone multiple times. I've noticed it asked to authorize my computer twice. When I clear the authorized computers and then plug the phone back in it asks twice again. So I'm not sure if this is the issue? No idea why it asks twice but I'm only ever able to respond to the second request as the first request gets blocked in the UI by the second requests if that makes sense? I'm also not able to turn off developer mode on my iPhone. The switch isn't there as the docs state it should be. So again, I feel like this is the phone and the developer portal stuck causing the problem. Note: I saw someone else had encountered this problem and I replied to it and boosted it. But it looks like it was posted in 2017? Hence this new post.

Can you help me how to upload it to TestFlight setting and distribution. I have try it but got this error. I have setting profile for camera access to but it still like this.

Hi, ASC API call rejects DEVELOPER_ID_APPLICATION_G2 and does not recognize it, even though it is listed as a valid certificateType in the docs: https://developer.apple.com/documentation/appstoreconnectapi/get-v1-certificates. If it was removed from the certificate list, then why Apple forces to choose the G2 type when creating a DEVELOPER_ID_APPLICATION certificate manually in the Apple Developer account. Can someone from Apple support please check it as it is a contradictory behavior and is a blocker.

I have a valid Developer ID Certificate, I've used it to sign an app locally and send the app to other machines of my colleagues to make sure it works and does not get triggered by GateKeeper Now I want to automate the process of signing and notarization on github actions and so I want to export my certificate and upload it there. Initially I tried uploading both the Developer ID Certificate and the G2 CA both as .cer files encoded in base64. But apparently I need my certificate to be in .p12 format When I try to export it from keychain access the option to export as .p12 is disabled. So how can I do it ?

Hi everyone, After I recently changed my Apple ID (iCloud) password, my Developer ID certificate stopped working for signing macOS apps. Symptoms: Signing fails with the Developer ID certificate that was previously working fine. I tried re-downloading the certificate from my Apple Developer account and importing it into the Keychain, but the issue persists. It seems that the Developer ID identity is no longer trusted or properly linked to my system since the password change. Attempts: Re-downloaded and installed the certificate from the developer portal. Verified that the private key is present and linked. Checked keychain access and code-signing identity — everything appears normal, but the signed apps are rejected or the signing process fails. Blocking issue: I am unable to delete or revoke the Developer ID certificate on my account (Apple Support says it's not possible). Also, I can't create a new one due to the certificate limit. Questions: Is it expected for a Developer ID certificate to become invalid after changing the Apple ID password? Is there a recommended way to refresh or restore the certificate trust on macOS? How can I invalidate the current certificate and generate a new one if I'm stuck? Any insights or official guidance would be really appreciated. Thanks in advance!

I recently had to update my certificates for a project. I deleted a few old ones, and I currently have one Development certificate. I needed to create another Development certificate specifically, it's saying "Maximum number of certificates generated." I thought the maximum was two Development certificates? Has anyone else had this issue? Thinking it could be a stuck workflow or something like that.

Hello Apple Developer Community, I'm experiencing a persistent issue with App Groups configuration for an iOS app extension that I can't resolve despite trying multiple approaches. I hope someone can help identify what I'm missing. Problem Description I'm getting this error when trying to build my iOS App Extension: Provisioning profile "iOS Team Provisioning Profile: com.idlrapp.Spleeft.SpleeftDataSaver" doesn't include the com.apple.developer.app-groups entitlement. My Setup Main App Bundle ID: com.idlrapp.Spleeft Extension Bundle ID: com.idlrapp.Spleeft.SpleeftDataSaver App Group ID: group.com.idlrapp.spleeft.shared Extension Type: Action Extension (Share Sheet) What I've Verified App Group Creation ✅ Created App Group group.com.idlrapp.spleeft.shared in Apple Developer Portal ✅ App Group shows as "Active" in the portal App ID Configuration ✅ Both App IDs (com.idlrapp.Spleeft and com.idlrapp.Spleeft.SpleeftDataSaver) have "App Groups" capability enabled ✅ Both App IDs are configured with the same App Group: group.com.idlrapp.spleeft.shared Entitlements Files Main App (Spleeft.entitlements): <key>com.apple.developer.app-groups</key> <array> <string>group.com.idlrapp.spleeft.shared</string> </array> Extension (SpleeftDataSaver.entitlements): <key>com.apple.developer.app-groups</key> <array> <string>group.com.idlrapp.spleeft.shared</string> </array> Xcode Configuration ✅ Both targets use "Automatically manage signing" ✅ Same Apple Developer Team selected for both ✅ App Groups capability shows correctly in Signing & Capabilities for both targets The Issue When I examine the downloaded .mobileprovision file, I can see it contains: <dict> <key>com.apple.security.application-groups</key> <array> <string>group.com.idlrapp.spleeft.shared</string> </array> <!-- Other entitlements... --> </dict> However, Xcode expects to find: <array> <string>group.com.idlrapp.spleeft.shared</string> </array> What I've Tried Multiple regenerations of provisioning profiles: Deleted all local provisioning profiles Toggled "Automatically manage signing" off/on Downloaded manual profiles from Developer Portal Verified App Group configuration: Double-checked App Group exists and is active Confirmed both App IDs have App Groups capability enabled Verified App Group assignment in both App IDs Entitlements cleanup: Ensured consistent App Group IDs across all files Removed duplicate/conflicting entries Clean builds and cache clearing: Product → Clean Build Folder Derived Data deletion Xcode restart Key Observation The provisioning profile contains com.apple.security.application-groups (which appears to be macOS-style) but Xcode expects com.apple.developer.app-groups (iOS-style) for the App Extension. Questions Is there a known issue with App Groups entitlement generation for iOS App Extensions? Should the provisioning profile contain com.apple.developer.app-groups instead of com.apple.security.application-groups? Is there a way to force regeneration of provisioning profiles with the correct entitlements? Are there additional steps required for App Extensions that differ from main apps? Any guidance would be greatly appreciated. This is blocking our App Extension development and we've exhausted our troubleshooting options. Thank you for your time and assistance.

Hi guys, New to publishing apps on Apple Store. I encounter some notarization error before and resolved it in this post. By solving the previous issue, I updated the Trust setting from "Always Trust" to "Use System Defaults" for Apple certificates. The codesign and notarization no longer give me any problem. But now, I encountered another issue. When I ran the .app on my local Macbook, it now gives me "zsh: trace trap" error. Dive a little further and check the crash report, I found the some details as following. Process: my_app [30652] Path: /Users/USER/my_app_path Identifier: my_app Version: 0.0.0 (???) Code Type: ARM-64 (Native) Parent Process: launchd [1] User ID: 501 Date/Time: 2025-07-15 14:57:58.9874 -0400 OS Version: macOS 15.5 (24F74) Report Version: 12 Anonymous UUID: 2335F0B6-A26E-6446-6074-0FCE620C4B6A Time Awake Since Boot: 6000 seconds System Integrity Protection: enabled Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGKILL (Code Signature Invalid)) Exception Codes: UNKNOWN_0x32 at 0x00000001064b4000 Exception Codes: 0x0000000000000032, 0x00000001064b4000 Termination Reason: Namespace CODESIGNING, Code 2 Invalid Page VM Region Info: 0x1064b4000 is in 0x1064b4000-0x1064b8000; bytes after start: 0 bytes before end: 16383 REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL mapped file 1064ac000-1064b4000 [ 32K] r-x/rwx SM=COW Object_id=d2a02fbf ---> VM_ALLOCATE 1064b4000-1064b8000 [ 16K] r-x/rwx SM=PRV __TEXT 1064b8000-1068a4000 [ 4016K] r-x/rwx SM=COW my_app.app/Contents/Frameworks/Python.framework/Versions/3.12/Python I can tell it's about codesign and signature invalid. I have tried to rebuild, re-codesign and re-notarize. But the error still persists. Could someone help me? Thanks!

Hi! I'm trying to add Sign in with Apple to my macOS app. I enabled this capability from the developer portal and created the corresponding certificate & provisioning profile (both of type Developer ID Application.) However, Xcode keeps prompting me that the profile doesn't support Sign in with Apple. If I enable Automatically manage signing from Xcode, I can build and run the app but not distribute. If I turn it off and use the profile I got, it just keeps showing the errors below and doesn't even let me build.

Hello Everyone, I am currently building an app using React Native with Swift bridging, integrating VoIP functionality using Twilio, PushKit, and CallKit. I am encountering the following issue during development: "The current provisioning profile doesn't include the com.apple.developer.voip-push-notification entitlement." What I’ve Done So Far: VoIP Certificate: I have created a valid VoIP Services certificate in the Apple Developer portal. Bundle Identifier and Provisioning Profile: A new Bundle ID was created specifically for this app. I created a provisioning profile for this Bundle ID and downloaded it for use in Xcode. Xcode Capabilities Push Notifications: Enabled Background Modes: Voice over IP: Enabled, Remote notifications: Enabled Entitlements File I have an entitlements file named VoiceCallDemoProjectRelease.entitlements with the following content: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>aps-environment</key> <string>development</string> <key>com.apple.developer.voip-push-notification</key> <true/> </dict> </plist> This entitlements file is properly linked in the project’s build settings. Project Setup I have integrated PushKit for VoIP push handling and CallKit for incoming call UI and control. Problem: In the Apple Developer portal under my App ID settings, I only see an option to enable Push Notifications. There is no option available to enable Voice over IP, and therefore the provisioning profile generated does not include the com.apple.developer.voip-push-notification entitlement. Despite enabling VoIP background mode in Xcode, adding the entitlement in my project, and using a valid VoIP certificate, the profile does not include the required entitlement. Additional Information: I am using an Individual Apple Developer Account, not an Organization account. I have already attempted re-downloading the provisioning profile, restarting Xcode, and cleaning the build folder. Question: What steps should I take to resolve this and ensure that the com.apple.developer.voip-push-notification entitlement is included in my provisioning profile? Is this limitation due to the type of developer account (individual vs. organization), and do I need to upgrade to an Organization account to access this entitlement? Is there any way to request for 'com.appple.developer.voip-push-notification' entitlement to Apple Team ? Any clarification would be appreciated. Thank you.

Subject: Questions Regarding Signing Certificates for MDM Configuration Profiles Dear all, I hope this message finds you well. I have some questions regarding the signing certificates used for MDM configuration profiles. Currently, our company uses an SSL certificate to sign MDM configuration profiles. However, with the announcement that the validity period of SSL certificates will gradually be shortened starting in 2026, we are considering alternative options for signing certificates. Through our internal testing and investigation, we have found examples of the following certificate chains being used: ・Developer ID - G1 (Expiring 02/01/2027 22:12:15 UTC) + Developer ID Application certificate chain ・Apple Root CA + Apple Worldwide Developer Relations Intermediate Certificate + MDM CSR certificate chain We would appreciate any insights or experiences you can share regarding the following points: Apple Support previously advised that "certificates issued by public certificate authorities (CAs) trusted by Apple" are recommended. The certificates listed at https://www.apple.com/certificateauthority/ are typically preinstalled on Apple devices. Are these considered "trusted public CAs" by Apple in this context? Is it acceptable in practice to use a certificate obtained from the “Certificates, Identifiers &amp; Profiles” section on developer.apple.com for signing MDM configuration profiles? We would be grateful to hear about any real-world experiences. If the answer to question 2 is yes, which certificate type within “Certificates, Identifiers &amp; Profiles” would be most appropriate for signing configuration profiles? If using certificates from question 2 is not suitable, are there alternative certificate types (other than SSL) that are valid for longer periods (e.g., more than one year) and appropriate for signing MDM configuration profiles? Apple's official documents do not seem to clearly specify what type of certificate should be used to sign MDM configuration profiles. If you know of any helpful documents or resources related to this topic, we would greatly appreciate it if you could share them. Thank you very much for your time and support. We would truly appreciate any advice or guidance you can provide.

// Request curl --location --request POST 'https://api.appstoreconnect.apple.com/v1/devices' --header 'Authorization: ${the_token}' --header 'Content-Type: application/json' --data-raw '{ "data": { "type": "devices", "attributes": { "name": "${the_device_name}", "udid": "${the_device_udid}", "platform": "IOS" } } }' // Response { "errors": [ { "status": "403", "code": "FORBIDDEN_ERROR", "id":"8a45808f-aa56-4e29-bef0-3f836d571a24","title": "This request is forbidden for security reasons", "detail": "You are not allowed to perform this operation. Please check with one of your Team Admins, or, if you need further assistance, please contact Apple Developer Program Support. https://developer.apple.com/support" } ] }

I'm hoping to make certain in-house apps fail to launch by revoking the in-house certificate that they were built on. This is by way of encouraging users of these apps to download updates built on a new certificate. How long will it take app built on a now-revoked certificate to no longer launch? Also, what is Apple's process for checking the validity of an in-house certificate in an app built on that certificate, running on iOS devices? I understand that provisioning profiles have built-in expiration dates, but will an in-house app that's built on a valid provisioning profile keep running even on a revoked certificate if the revocation happened before the certificate's own expiration date? Craig Umanoff

Hi there, can anyone help here. I think somewhere along the way I screw certificates or don't have the right one, anyway long story short when building product I get this error: Embedded binary is not signed with the same certificate as the parent app. Verify the embedded binary target's code sign settings match the parent app's.

I've been running into issues with Xcode Cloud/my workflow when it's trying to archive the app. I've tested locally and both archiving and building the app for release works. I've tried a few things to clear it. pod deintegrate and pod install Checking off "archive" for the build scheme Creating a certificate for both development and distribution. I made sure automatic signing was enabled as well. I have a ci_scripts/ci_post_clone.sh script that successfully completes. Have tried setting the xcode version of the workflow to 16.2 which is what my local xcode version is. I've switched it back to the latest, 16.4. running pod update Updating flutter However, I consistently get the following 2 errors : `Showing All Messages Run command: 'xcodebuild archive -workspace /Volumes/workspace/repository/ios/Runner.xcworkspace -scheme Runner -destination generic/platform=iOS -archivePath /Volumes/workspace/build.xcarchive -derivedDataPath /Volumes/workspace/DerivedData -resultBundleVersion 3 -resultBundlePath /Volumes/workspace/resultbundle.xcresult -resultStreamPath /Volumes/workspace/tmp/resultBundleStreame3592434-5b88-48da-a3c4-f750abee4d08.json -IDEPostProgressNotifications=YES CODE_SIGN_IDENTITY=- AD_HOC_CODE_SIGNING_ALLOWED=YES CODE_SIGN_STYLE=Automatic DEVELOPMENT_TEAM=JG794CQD68 COMPILER_INDEX_STORE_ENABLE=NO -hideShellScriptEnvironment' ` and Showing All Messages Unhandled exception: ProcessException: No such file or directory Command: /Users/local/flutter/bin/flutter assemble --no-version-check --output=/Volumes/workspace/DerivedData/Build/Intermediates.noindex/ArchiveIntermediates/Runner/BuildProductsPath/Release-iphoneos/ -dTargetPlatform=ios -dTargetFile=lib/main.dart -dBuildMode=release -dConfiguration=Release -dIosArchs=arm64 -dSdkRoot=/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS18.5.sdk -dSplitDebugInfo= -dTreeShakeIcons=true -dTrackWidgetCreation=false -dDartObfuscation=false -dAction=install -dFrontendServerStarterPath= --ExtraGenSnapshotOptions= --DartDefines=RkxVVFRFUl9WRVJTSU9OPTMuMzUuMQ==,RkxVVFRFUl9DSEFOTkVMPXN0YWJsZQ==,RkxVVFRFUl9HSVRfVVJMPWh0dHA6Ly9naXRodWIuY29tL2ZsdXR0ZXIvZmx1dHRlci5naXQ=,RkxVVFRFUl9GUkFNRVdPUktfUkVWSVNJT049MjBmODI3NDkzOQ==,RkxVVFRFUl9FTkdJTkVfUkVWSVNJT049MWU5YTgxMWJmOA==,RkxVVFRFUl9EQVJUX1ZFUlNJT049My45LjA= --ExtraFrontEndOptions= -dSrcRoot=/Volumes/workspace/repository/ios -dTargetDeviceOSVersion= -dCodesignIdentity=- release_ios_bundle_flutter_assets #0 _ProcessImpl._runAndWait (dart:io-patch/process_patch.dart:519:7) #1 _runNonInteractiveProcessSync (dart:io-patch/process_patch.dart:686:18) #2 Process.runSync (dart:io-patch/process_patch.dart:79:12) #3 Context.runSyncProcess (file:///Users/local/flutter/packages/flutter_tools/bin/xcode_backend.dart:154:20) #4 Context.runSync (file:///Users/local/flutter/packages/flutter_tools/bin/xcode_backend.dart:118:34) #5 Context.buildApp (file:///Users/local/flutter/packages/flutter_tools/bin/xcode_backend.dart:539:34) #6 Context.run (file:///Users/local/flutter/packages/flutter_tools/bin/xcode_backend.dart:51:9) #7 main (file:///Users/local/flutter/packages/flutter_tools/bin/xcode_backend.dart:17:5) #8 _delayEntrypointInvocation.<anonymous closure> (dart:isolate-patch/isolate_patch.dart:312:33) #9 _RawReceivePort._handleMessage (dart:isolate-patch/isolate_patch.dart:193:12) Command PhaseScriptExecution failed with a nonzero exit code Any help here would be greatly appreciated.

productsign Command Appears to Succeed but Package has No Valid Signature Category: Security, macOS, Code Signing Question: productsign command, when signing a PKG created with productbuild, appears to succeed with a success message (Wrote signed product archive to ...) but spctl verification results in rejected, source=no usable signature, indicating that the signature was not actually applied. Details: Goal: To sign a distribution package created with productbuild using a Developer ID Installer certificate. Certificate Used: Developer ID Installer: [Company Name] ([Team ID]) This certificate was issued by Previous Sub-CA and is not the latest G2 Sub-CA recommended by Apple. We cannot create a new G2 Sub-CA certificate as we have reached the limit of 5. productsign Command: productsign --sign "Developer ID Installer: [Company Name] ([Team ID])" [input.pkg] [output.pkg] productsign Output: Wrote signed product archive to [output.pkg] (Appears as a success message). spctl Signature Verification: spctl -a -vv [output.pkg] Result: rejected, source=no usable signature Notarization Service Results (Behavioral difference between Macs): On Mac A, the submission status was Accepted. On Mac B, the status was Invalid, with the notarization log message being The binary is not signed.. Troubleshooting Steps Taken: We attempted to sign both component and distribution packages with productsign, and in both cases, the signature was not recognized by the system. We skipped productsign and relied on the notarization service's auto-signing, but the notarization log still reported The binary is not signed., and the notarization failed. We have confirmed that the certificate and private key are properly associated in Keychain Access. My Questions: Given that we are using an older Previous Sub-CA certificate and cannot create a new one, why does productsign appear to succeed when the signature is not being applied? What could cause the behavioral difference where notarization is Accepted on Mac A but Invalid on Mac B? Is this a known issue with Apple's tools, or is it possibly caused by the specific structure of our PKG? What is the recommended workflow or debugging method to successfully sign and notarize a PKG under these circumstances? Thank you for your assistance

My post-build script takes the "developeridexport" archive export, zips it up and uses notarytool to notarize it. I then add the .zip to a .dmg disk image. The next step is to codesign the disk image before notarizing that too. The issue is my Developer ID Application certificate is not accessible to the build host. (When I was doing this in Microsoft AppCenter (now defunct), it had a copy of my Developer ID Application certificate.) What steps do I need to take to get the disk image signed for notarization? Thanks! Lance

I am trying to set up code signing for my macOS/Tauri app and I’m running into a problem with my Developer ID Application certificate in Keychain Access. Steps I followed: Generated a CSR on my Mac using Keychain Access → Certificate Assistant → Request a Certificate From a Certificate Authority. Uploaded the CSR to the Apple Developer portal. Downloaded the resulting .cer file and installed it in my login Keychain. The certificate appears under All Items, but it does not show under My Certificates, and there is no private key attached. What I expected: The certificate should pair with the private key created during CSR generation and show under My Certificates, allowing me to export a .p12 file. What I’ve tried so far: Verified that the WWDR Intermediate Certificate is installed. Ensured I’m on the same Mac and same login Keychain where I created the CSR. Revoked and regenerated the certificate multiple times. Tried importing into both login and system Keychains. Problem: The certificate never links with the private key and therefore cannot be used for signing. Has anyone experienced this issue or knows why the certificate would fail to pair with the private key in Keychain Access? Any workaround or fix would be greatly appreciated.