Hi there :) We are trying to install our application from Xcode to an iPhone 14 Pro. After building the app, we must go to General -> VPN & Device Management to trust the certificate. Unfortunately, the certificate is not showing on the iPhone, and we can not install the app. Does anyone know how we can solve this problem? Thank you very much in advance for your help!

Dear Users, I'm unable to mark an imported internal CA-certificate as trusted in latest IOS. The certificate does not show up in Certificate Trust Settings, however i was generally able to import and enable it. Where can i find technical specifications on what IOS requires? All i found was this article for IOS 13[1] however my root-certificate fulfills all requirements. I attach[2] the root-certificate for testing purpose to this post, so it can be tested & analyzed. Thank you. [1] https://support.apple.com/en-in/103769 [2] http://plzk.de/ROOT_CA.crt

I am a complete noob to macOS, iOS or tvOS development and am simply trying to follow this article from the LibRetro documentation: https://docs.libretro.com/development/retroarch/compilation/ios/. I have followed all of the steps up to and including the first RetroArch build attempt, but I get a plethora of errors during that step as shown by the attached transcript. Any help would be very much appreciated. MTIA! :-D Transcript of Xcode Build Log

Hi! I'm having an issue notarizing my app. I've developed my app in python, packaged it with py2app and then codesigned it using command-line: codesign --deep --sign "Developer ID Application: Name (ID)" MyApp.app and verified it using: codesign --verify --verbose MyApp.app with no problem. I then continued to notarize it with notarytool: xcrun notarytool submit MyApp.zip --keychain-profile "MyProfile" --wait and everything went smoothly, however, the process ended as invalid. This is a recurring issue (used altool beforehand) where I get errors that prevent the notarization due to signature issues, some of them: "The signature of the binary is invalid." "The executable does not have the hardened runtime enabled." "The binary is not signed with a valid Developer ID certificate." "The signature does not include a secure timestamp." And so on. The issue is that this is occurring to the contents of the app and the python libraries and other dependencies it uses, not MyApp.app itself. I've read online in many places and couldn't find what am I missing, I've followed the code-signing and notarization instructions to no prevail. I hope someone here can help me solve this problem or figure out what am I missing. Many thanks :)

We have run into a very unique situation with codesigning and testing the apps under TestFlight under macOS 12 and macOS 13/14. We have existing apps on the macApp store and we are trying to basically update them. When we run the newly updated versions via Testflight under macOS 12, everything is working. However, the same apps under macOS 13/14 and Testflight crashes and we have narrowed it to a codesigned dylib issue of ours. We are getting a invalid code signature message when we try to load a dylib under macOS 13/14 and the app crashes as we cant get the dylib code pointer. Basically CFBundleGetFunctionPointerForName returns an invalid value. Just to explain we build our dylibs/bundles and codesign them outside - as these are built at the command line level and finally we package these within our apps under XCODE and go through the whole app building/archiving, code signing, validation and uploading that to the appstore. The crash log shows - Code Type: ARM-64 (Native) Parent Process: launchd [1] User ID: 501 Date/Time: 2023-11-28 23:31:11.9903 +0900 OS Version: macOS 13.6 (22G120) Report Version: 12 Anonymous UUID: Time Awake Since Boot: 370000 seconds System Integrity Protection: enabled Crashed Thread: 7 Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000 Exception Codes: 0x0000000000000001, 0x0000000000000000 Termination Reason: Namespace SIGNAL, Code 11 Segmentation fault: 11 Terminating Process: exc handler [91418] VM Region Info: 0 is not in any region. Bytes before following region: 4368842752 REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL UNUSED SPACE AT START ---> __TEXT 104674000-1047f0000 [ 1520K] r-x/r-x SM=COW ...essional 2017 Thread 0:: Dispatch queue: com.apple.main-thread 0 libsystem_kernel.dylib 0x195a83de4 _kernelrpc_mach_port_deallocate_trap + 8 1 libsystem_kernel.dylib 0x195a85270 mach_port_deallocate + 28 2 QuartzCore 0x19d0cc458 CA::Context::destroy() + 512 3 QuartzCore 0x19d22135c invocation function for block in CA::Context::commit_transaction(CA::Transaction*, double, double*) + 100 We have double checked/triple checked the certificates and profiles and everything is valid. What is strange is that it works under macOS 12 and Testflight but not under macOS 13/14. For both Intel/Arm. Any ideas anyone?

I have an Apple Development certificate issued by: Apple Worldwide Developer Relations Certification Authority (until February 20, 2030). From time to time the Xcode build fails and I see that my certificate is invalid. In this situation, I see two "Apple Worldwide Developer Relations Certification Authority" certificates. One is valid until 2030 and the other is valid until 2023. When I remove the second one (until 2023), my Apple Development certificate becomes valid and the build goes fine. But after a while CodeSign fails again, and I have to remove the second certificate again to build the application. Seems to be that second certificates is auto downloaded by Xcode, how can i fix it?

Hey everybody, We're trying to migrate from one CI to another and we've met a problem. Our setup is mostly Fastlane+match so there are little build changes in terms of CI, but the same certificate we used on prev CI doesn't work on the new one (we have both CIs now and the same commit passes on the old one and fails on the new one). Two steps from the match with installing certs: Output of security find-identity These are virtual machines.

I am trying to build a Unity 3D app for iOS using Xcode. My app used to build successfully earlier but for some reason it has stopped building now and I get the error saying signing for "Unity-iPhone" requires a development team. I have selected automatically manage signing and also selected my personal development team.

It tells me my certificate is bad (doesn't have a private key), and that it needs me to revoke it so it can generate a new one, and I do that, and it loops forever. Oh and I get email from Apple saying it's been revoked. Not sure if it's related but I also can't use a Developer ID certificate. Also says it doesn't have a private key. I even generated a new certificate using openssl so I could make sure I had the private key and the .csr file and still no happiness. I also managed to kill my login keychain at some point, because why not. I've googled and stackoverflowed and nothing works. This is on macOS 13.6.1, and Xcode Version 15.0.1 (15A507). I am frustrated to the point of tears at this point.

I think there's something broken with certificates or Xcode that's preventing me to sign a new version of a Mac app I've made. First, I know my "login" keychain password. I can use this password to export a .p12 file for my "Apple Development: {email} (CLW499436V)" item in my login keychain. Second, I can use security find-identity -v -p codesigning to see my signing identities. It shows two of them. They have a different initial number, and then the same string "Apple Development: {email} (CLW499436V)". The behavior using codesign -vf --sign SIGNING_ID ./test.app is different for each one of them. One requests the signature with the following message: I can input my "login" keychain password, which I know, and all is good The other uses the following message: It requires "the keychain password", which I have no clue what it is. Now, in Xcode, if I go to the Build Settings/Signing, I can set my "Coding Signing Identity". Opening the dropdown I can see a section named "Certificates in Keychain", and there's one "Apple Development: {email} (CLW499436V)". I don't know which one is that. Anyways, if I select that, going to "Signing & Capabilities" I see an error that tells me to select "Apple Developer" in the previous setting. When I do that, however, it seems Xcode is trying to sign the app with the certificate that request a password I don't know. I don't think I had this problem in the past, so I'm not sure how I've reached this situation. I also don't seem to be able to remove certificates and create new ones because I'm not subscribed (paying) to the Apple Developer program. Maybe there's a way to remove them that I have missed? How can I go back to having Xcode automatically sign my app?

I've been at this for hours, searching all over, trying to find a solution. I've created a very simple app, basically 1 window that has a label saying "Hello World". 'm trying to sign this app with a Provisioning Profile that was created like so: Created "Mac App Distribution" and "Mac Installer Distribution" certificates. Installed them, they show as valid "3rd Party Mac Developer..." in Keychain Access. Created an Identifier for an "app", gave a Description and Bundle ID Created a Profile for a "Mac App Store" type Distribution, used my ID from step 2, chose the "Mac App Distribution" certificate (there was only one), inputted a profile name Then, over to xcode. In Signing & Capabilities uncheck "Automatically manage signing", enter the Bundle Identifier as it was made in step 2 above, import profile as was created in step 3 above. All seems well, however when I press that play button in order to compile and run, I immediately get a "quit unexpectedly" with the following in the details: Exception Type: EXC_CRASH (SIGKILL (Code Signature Invalid)) Exception Codes: 0x0000000000000000, 0x0000000000000000 Termination Reason: CODESIGNING 1 Taskgated Invalid Signature I can create a "Developer ID Application" no problem, but all goes awry when trying to build in order to make it to the Apple Store. I'm on 16-inch 2019 MacBook Pro, Sonoma 14.1.1, xcode 15.0.1. Is there something super lame I've looked over?

Hi, I'm trying to manage singing certificates but it's proving impossible without having the Apple Developer subscription. I think it should be basic that any developer can handle their certificates as they wish. The opposite could easily result in increased security risk for all Apple users. I was hoping I could: Delete existing certificates, since I can't manage to find the password, so they're useless Create a new certificate. It would also be create if when creating a new certificate I could use a different email and name. The ones in my AppleID are my personal email and name, which are used for the certificates. However, I'd like to use my brand's name and email for the app I'm building. Is there a way to do this without paying USD 99 per year to Apple?

I have an app that was built on my first mac, i got a new one and moved the code and everthing to this new mac. I exported the private key and certificate from the old mac to the new one. Tried everthing on the internet about signing an app, but it just doesn't work. Now i'm stuck in a loop on xcode. I get the message "Revoke Certificate", when i click it, xcode create a new one, but it's already expired(despites it saying that will expire in 2024), if i try to manage certificates and create from there, nothing happens. If i delete the expired certificate from keychain, the revokate certificate message comes back. Any tips?

Hello all, I am having really weird trouble with productsign process using Developer ID Installer certificate. I started cooperation with another company and got both Developer ID Application and Developer ID Installer certificates (including private keys) from them and I am also a part of their apple developer team. Now, I am able to use the first one to codesign binaries, but when trying to sign pkg using the second one, I always get this response: productsign: error: Could not find appropriate signing identity for “Developer ID Installer: The company (XXYYZZ..)“ I've already tried to sign the pkg with certificate of another company and this one works as expected. I've also tried the process on another macOS, the same result. The company is using this certificate on their mac machine without problems. I am calling productsign phase using standard shell script: sudo productsign --sign "Developer ID Installer: The company (XXYYZZ..)" "test.pkg" "signedTest.pkg" We've already tried to use newly generated certificate based on my certificate request, still the same. Also tried using only the team ID code instead of the whole name as advised on some forums, still the same. Do you have any idea or hint how to fix this? I've already lost more than a day with thing that should work without a trouble. Tested on macOS 12.7.1 and Catalina. Vladimír

My idea is to help small businesses (without IT infrastucture) generate apple wallet passes for their customers (to identify them later). All the data would be stored in my database and will be accessible by businesses. So Customer would show apple wallet pass which business would be able to scan and fetch customer info from my database. And businesses would be able to create/modify their passes through my app. Can I generate apple wallet passes using my pass type id? In https://developer.apple.com/forums/thread/48719, one of the comments mentioned: You agree not to ... use Your Pass Type ID to sign a third party's pass. I haven't seen this rule anywhere on apple's website, so not sure if it is still active. and distribution needs to be under Your own trademark or brand. Does that mean I can't generate passes for other businesses? Although, I am providing service related to wallet passes and pass generation is not part of the main service itself. If so, is there any legal workaround for my use case? E.g. maybe putting my company logo as main logo etc. Thanks! P.S. creating paid apple developer account to obtain business' own pass type id and certificate is not a viable solution

Xcode version : 14.0 Beta 3 macOS version : 13 Beta 3(22A5295i) Hi, I'm signing the DriverKit in Developer ID Application type profile with Developer ID Application (With Kext) type certificate on Xcode. But status shows error with"Xcode 14 and later requires a DriverKit development profile enabled for IOS and macOS.Visit the developer website to create or download a DriverKit profile" I have downloaded all profiles and Certificates to my Mac and installed all of them, then checked the website. I'm wondering what's different between "Development type" & "Developer ID Application type" profile ? and the reason why "2022-07-22 14:41:54.162815+0800 0x22ee2    Error       0x0                  138    0    kernelmanagerd: Error occurred while handling request "DextLaunch(arguments: Optional(["Driver Extension Server Name": com.asix.dext.usbdevice, "Check In Token": 371, "Driver Extension Server Tag": 4294975444, "CFBundleIdentifier": com.asix.dext.usbdevice, "DriverKit Reslide Shared Cache": 0, "kOSBundleDextUniqueIdentifier": <222f1e51 f5e890f7 b467c2a0 da761dbd 9b14dc5f 1bf56ff6 4eeab6b2 fed9683c>]))": Error Domain=NSPOSIXErrorDomain Code=8 "Exec format error" error code show on when I starting the app. I'll appreciate that someone can give me some idea or suggestions. Thanks a lot.

Hi, If I remove a Pass Type Identifier that is linked with a production (currently live) Pass Type ID certificate, will it affect my production pass certificate? When I press delete it states: "Delete Pass Type ID" "Deleting this Pass Type ID will prevent you from sending future updates to any associated passes. Installed passes will not be affected." But I want to make sure I will not be breaking anything in production. Any help? Many Thanks

I've built an app in Electron. I am in the process of preparing to release the app on my website as a free download. Since the app is free, I'm not really looking to spend a ton of money on security certificates. I can get the app to work on Windows by clicking through the Windows Defender, but I cannot run it at all on Mac even after disabling Gatekeeper. So my question is... Is it possible for me to get a certificate for my Electron app through the apple developer program. Keep in mind I have never touched the apple developer ecosystem. Avoiding subscriptions for this app's security certificates is what I am looking for. As that is all I have seen as options online so far. Any other suggestions are more than welcome! Thanks in advance!

I am facing issues with .pkpasses bundle. Currently, I generate multiple .pkpass files, and store them in a zip as .pkpasses. Once I drag this ZIP into my IOS simulator or mail it to my iPhone, nothing happens. These are the steps I followed (https://developer.apple.com/documentation/walletpasses/distributing_and_updating_a_pass) Create a .zip file containing the .pkpass files for the passes that are part of the bundle. Change the extension of the .zip file to .pkpasses. I have uploaded my bundle.pkpass to Google Drive: https://drive.google.com/file/d/1UIjRpiwWtYGnPILDQV3aAfmu1D7MGE_L/view?usp=sharing Is anybody facing similar problems? I am not sure if this is an IOS17 issue, because I haven't worked with .pkpasses files before.

Hello fellow developers, I hope you're all doing well. I've encountered an issue that I'm hoping someone here might have some insights on. When I try to package my IPA for the production version, I receive a notification that the provisioning profile doesn't match the private key certificate. However, when packaging for the test version, everything works perfectly. I've ensured that I'm using the provisioning profile for the production version and even exported the key for this profile, but they still don't seem to match. Upon further inspection, I noticed that when I applied for the production version of the mobileprovision, the Certificate Name automatically changed to the company name. Has anyone else experienced this issue? If so, how did you resolve it? Any guidance would be greatly appreciated. Thank you in advance for your time and assistance. Best regards