I have created a XPC server and client using C APIs. I want to ensure that I trust the client, so I want to have a codesigning requirement on the server side, something like - xpc_connection_set_peer_code_signing_requirement(listener, "anchor apple generic and certificate leaf[subject.OU] = \"1234567\"") This checks if the client code was signed by a code-signing-identity issued by Apple and that the teamID in the leaf certificate is 1234567. My questions are- Is using teamID as a signing requirement enough? What else can I add to this requirement to make it more secure? How does xpc_connection_set_peer_code_signing_requirement work internally? Does it do any cryptographic operations to verify the clients signature or does it simply do string matching on the teamID? Is there a way actually verify the clients signature(cryptographically) before establishing a connection with the server? (so we know the client is who he claims to be)

How do I replace an Apple Developer ID Certificate that indicates it is not trusted? When I look at my Certificate Expiring 02-20-2025, I see a valid status displayed. (See annotation #1.) However, when I look at my Apple Developer ID Certificate renewal, I see the words not trusted. (See annotation #2.) I downloaded the renewal certificate and double double-clicked the downloaded item to place it in my KeyChain. This certificate period is from 01-21-2025 to 01-22-2030. QUESTIONS Why does the renewal certificate say "certificate is not trusted"? (Its period is 01-21-2025 to 01-22-2030. Today is 01-27-2025.) How did the renewal certificate get damaged? What must I do to get the damaged certificate replaced with a valid one?

Hello, first of all thanks for reading my post. I am having a trouble about Signing & Capabilities part on Xcode during few days. Hope someone knows how to deal with this. I created a Apple Development certificate with CSR on my MacOS through KeyChain but the Team ID(VC78G4S77J) on this certificate is different with my real Team ID(FYF9AT8ZA8) logged in. I don't even know where this 'VC78G4S77J' came from. Also I created the identifier, bundle ID, device and profile but they were all created with 'FYF9AT8ZA8'. So here is the problem. On Xcode Signing & Capabilities section, I selected Team and put Bundle Identifier connected with 'FYF9AT8ZA8' but Signing Certificate is shown as 'Apple Development: My ID (VC78G4S77J). Therefore when I build iOS simulator on Xcode or VScode, there is error 'No signing certificate "iOS Development" found: No "iOS Development" signing certificate matching team ID "FYF9AT8ZA8" with a private key was found.' If I try turn off 'Automatically manage signing' and select provisioning profile I created, Xcode said my profile does not include VC78G4S77J certificate, because my profile has FYF9AT8ZA8 certificate. Importing profile file is not helpful also. I think, first delete the all VC78G4S77J certificate in KeyChain and recreate FYF9AT8ZA8 certificate through KeyChain/CSR, however again VC78G4S77J certicate was created when I created on 'developer.apple.com'. I truly have no idea where did VC78G4S77J come from. Please let me solve this issue.. Warm regards.

When connected to the company's internal network without accessing the Internet, can an IPA installation package be generated if the certificate files are imported in advance?