I use three Macs for development of a web application. On each of the Macs (macOS 14.4) I used mkcert to install a local CA and to issue developer certificates (all separately). Accessing the web app with https://localhost:8080 works fine on two Macs with all browsers, but on one Mac Safari claims to have another root CA for localhost which it does not trust. And I cannot override the trust settings. Using Keychain Access I do not find this certificate. Safari shows it like this: Scrolling down I can see DNS Names localhost, localhost.localdomain and lvl.me, so I suspect it is a leftover from trying to install a root CA before using mkcert. The mkcert certificate looks like this and I can see it in the System keychain: So Safari complains and I cannot tell it to trust the server certificate as the CA does not fit (I think). Firefox and Chrome open the website just fine after warning me and me telling them to do so. I tried to find the wrong CA using Keychain Access and Terminal (security find-certificate -a -c localhost, security find-certificate -a -c lvh...) but in vain. Where can I find this certificate and how can I delete it?

My app stops responding during the 'signing scold.app' process while uploading to App Store Connect in Xcode 15.3. What should I do?

My app crashes while uploading to App Store Connect in Xcode 15.3. What should I do?

We have developed a library and a DriverKit driver on Mac platform. And we need to disable SIP to install dext and later point of time if we enable SIP then the dext is non functional. So is it mandatory to disable the SIP for whole life time of dext? Also it is not recommended to disable the SIP for a long time, as it may create a security hole. Standard ways are given on Apple support page that how to notarise an application to distribute over the internet. Here one mandatory account is required that is Apple Developer account which is a paid account we believe. Standing at this point can you share the complete steps of software distribution process which will include code signing, notarisation process and stapling.

Hi everyone! We use to have an intel Mac machine where we generate the Developer ID Installer & Application certs for signing and notarization process. This process works sweet. Now, we move from an intel to a m1 Mac machine, where we want to do the same process as before. I had try two different approaches, but ending up with the same result. I export the cert with the private key from my intel to the m1 machine, but when I try to sign, I get: Invalid signature. (Not sure what this error means in this case as everything works on the intel machine. I am guessing the cipher for creating either the private key or the signature differs between the architecture) I try to generate new certs for this m1 machine, but I get the following error: You already have a current Developer ID installer certificate or a pending certificate request. I try with the same account, but also with a different account. In both cases got the same error. I create a ticket for apple, where they said to expect a reply between one and two business days, but no luck yet.

I'm trying to build my Expo app. I already built it for Android, but now I'm struggling to create a release on iOS to upload on TestFlight. I have the apple developer account of my university, and they added our bundle ID there(I'm not an admin). When I try to build with EAS, it requires a p12 file. So, I tried to generate it in this way: From Keychain Access I created a CSR(by adding my mail and name) and then on Apple Developers I uploaded it(Certificates > +), so I downloaded a .cer file I opened the .cer on Keychain Access and I dragged it under "login" section From there I exported the p12 file But that p12 gives me always this error when I run npx eas build --platform ios : Provided Distribution Certificate is no longer valid on Apple's server after submitting the p12 file on eas console. Can someone help us? Thanks in advance for your availability :)

An error occurred. Unable to import “Apple Development: Name ()”. Error: -25294 Mac mini M1 macOS Sonoma Version 14.4.1

In my certificate list, I see a certificate type called “iOS Distribution Managed”. What is the difference between this and “iOS Distribution”? It's kind of automatic. I don't remember creating it

Hi, I have been using a Developer ID Installer Certificate to sign my installer packages since a long time now. Recently, the sign command started giving me error, Error - Certificate is expired or not yet valid. Please check certificate validity. The certificate itself is valid till 2025, so I am confused on the issue. To get a clearer understanding, I created a new certificate by following instructions in the link, https://developer.apple.com/help/account/create-certificates/create-developer-id-certificates However, when I try to use this to sign my installer package, I get the following error, Unable to build a valid certificate chain. Please make sure that all certificates are included in the certificate file. I am using ZXPSignCmd to sign the installers. Hoping for guidance to a quick resolution.

hi, just to know: when i, download certificates and install by doble click appear and error. when choos icloud... here a pictureof theerror any comment or. help will be apreciatesomuch. .thanks . https://ibb.co/7rGbKr4

Hi Team, Need your help on solving the errSecInternalComponent error which is getting generated while doing a xcode archive command from jenkins jobs. Currently using Sonoma-14.4, Xcode-15.2, in local it's working well both build and archive but in case of jenkins i am unable to get that, i already given security-unlock commands also before the archive stage but no use, Commands passed: security unlock-keychain -p xxxx /Users/ec2-user/Library/Keychains/login.keychain-db; \ security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k xxxxx Please let me know if i have missed any configuration thing. Error Signing Identity: "iPhone Distribution: " Provisioning Profile: "Notification Content Dist Profile" (ffb7be92-3e65-4be4-b161-07c7f75723f0) /usr/bin/codesign --force --sign 1FD10D04940E92C7A212E4A27C1E11D5C3DB12E9 --preserve-metadata\=identifier,entitlements,flags --generate-entitlement-der /Users/ec2-user/Library/Developer/Xcode/DerivedData/ReferenceApp-CardAppSDK-bwgchbllhpzevwgvnuwqvjywfeju/Build/Intermediates.noindex/ArchiveIntermediates/ReferenceApp-CardAppSDK/IntermediateBuildFilesPath/UninstalledProducts/iphoneos/NotificationContentExtension.appex/Frameworks/PushNotificationExtensions.framework Warning: unable to build chain to self-signed root for signer "iPhone Distribution: " /Users/ec2-user/Library/Developer/Xcode/DerivedData/ReferenceApp-CardAppSDK-bwgchbllhpzevwgvnuwqvjywfeju/Build/Intermediates.noindex/ArchiveIntermediates/ReferenceApp-CardAppSDK/IntermediateBuildFilesPath/UninstalledProducts/iphoneos/NotificationContentExtension.appex/Frameworks/PushNotificationExtensions.framework: errSecInternalComponent please help on this ASAP

Since 2023 Apple have strongly suggested signing XCFrameworks to verify their origins. This has worked perfectly fine for the last year. Seeing that our certificate was about to expire, we revoked it and created a new one which we will use to sign all future releases. However, because that first certificate has been revoked, all previous releases of our XCFramework now have invalid signatures because the certificate they used no longer exists. While an update to the latest XCFramework would solve the issue, that's not always a possibility for people with lower minimum deployment targets that can only run an older version of our XCFramework. In the wwdc video on the topic it states: When the xcframework author's signing certificate expires, Xcode is able to automatically validate that a new certificate for Apple Developer Program identities is from the same developer. Does this mean that if we had not pre-empted the expiry and instead let the certificate expire, we wouldn't have this backwards compatibility issue? The course of action we've had to take is to manually go through all of our releases for the last year and re-sign them with the latest certificate. This doesn't seem like a tenable solution each year. Looking for guidance on how to manage this situation each year.

I made some changes to my MAUI app in VS 2022 on Windows 11. I had no trouble testing my app on a locally connected iPhone before, but now when I try to debug the same app (with changes), on the same iPhone, and the same Windows machine, with the same valid certificates in the VS Apple Accounts Details, I get this error: iOS code signing key 'Apple Development: B... (...)' not found in keychain. Why is it even referring to the keychain when I'm on a Windows machine using VS2022 valid certificates in the VS Apple Accounts Details Also, I'm getting "MSB6006: 'codesign' exited with code 3." error when trying to test/debug on a remote mac machine.

Hello . Currently, only the ios version is on sale on the App Store. The application is offering an icloud-linked, auto-renewable subscription. I want to sell to the app store connect with the same identifier, AppID at the same time. I simply added visionos to the existing app project to provide the visionos version early, but the existing UI-related code and the location-related code are not compatible. We used the same identifier with the same name, duplicated and optimized only what could be implemented, and created it without any problems on the actual device. However, when I added the visionos platform to the App Store cennect and tried to upload it through the archive in the app for visionos that I created as an addition, there was an error in the identifier and provisioning, so the upload was blocked. The result of looking up to solve the problem App Group -I found out about the function, but it was judged that a separate app was for an integrated service, so it was not suitable for me. Add an APP to an existing app project via target and manually adjust the platform in Xcode -> Build Phases -> Compile Soures -> Archive upload success?( I haven't been able to implement this stage of information yet.) I explained the current situation. Please give me some advice on how to implement it.visionos has a lot of constraints, so you need to take a lot of features off.