How to enable WWDR cerificate?

We have got the Developer ID Application certification from apple official website. But it shows that the certificate is not trusted in the Keychain App.

After investigation in this website, and we know that we should install Apple Worldwide Developer Relation Certification Authority (WWDR) G3 from https://www.apple.com/certificateauthority/

We download G3 and install the certificate, and it shows "The certificate is marked as not trusted by all users", as shown in the attachment.

Could some expert help us to move on? Thanks!

Up vote post of PastCoder Down vote post of PastCoder
2.5k views
Posted by
PastCoder
Reply
Add a Comment

Replies

Not an expert but Developer ID certs do not use WWDR intermediate certificates (those are for Apple Development).

In Keychain Access:

  • right click your Developer ID Application: Name (Team) certificate
  • select Evaluate "Developer ID Application: Name (Team)"
  • click Continue
  • click Show Certificate

First click of Show Certificate (without changing selection) should show a chain like:

  • Apple Root CA
    • Developer ID Certification Authority
      • Developer ID Application: Name (Team)

Depending on issue date, Developer ID Certification Authority would be one of:

  • Developer ID - G1 (Expiring 02/01/2027 22:12:15 UTC)
  • Developer ID - G2 (Expiring 09/17/2031 00:00:00 UTC)

For that WWDR it looks like you are missing Apple Root CA - G3 Root in your system roots.

Posted by
mikeyh
Up vote reply of mikeyh Down vote reply of mikeyh
Add a Comment

Thanks for your help. My MacOS is 12.3, and Xcode is 13.4.1 .

Follow your guide, I right-click and evaluate my certificate, and got the pictures as below. Seems not same as you point out.

Posted by
PastCoder
Up vote reply of PastCoder Down vote reply of PastCoder
Add a Comment

So that looks like you are missing the entire chain of intermediate and root certificates probably because you are on outdated macOS 12.3 and haven't used Xcode managed certificates which will usually install everything you need.

Ideally you want to be on the latest macOS release which includes the latest root certificates in System Roots AND highly recommend you use Xcode managed certificates (Xcode > Preferences > Account tab > Manage Certificates) to download and install your Developer ID certificate even if you are not using Xcode automatic signing (or using a third party build system).

If you do need to install manually then based on your expiry, you will probably need to install the following from https://www.apple.com/certificateauthority/:

  • Login keychain: Developer ID - G2 (Expiring 09/17/2031 00:00:00 UTC)
  • System Root: Apple Root CA - G2 Root

Manual installation and trust of root certificates is not recommended. Update your macOS and use Xcode managed certificates.

Posted by
mikeyh
Up vote reply of mikeyh Down vote reply of mikeyh
Add a Comment

Thanks. Your method works, and now Developer ID certificate is valid and green. However, the WWDR R3 is still wrong. I have installed  Apple Root CA - G3 Root , but not worked.

Posted by
PastCoder
Up vote reply of PastCoder Down vote reply of PastCoder
Add a Comment

Which method did you use?

Updating macOS should install the Apple root certificates then use Xcode managed certificates for your Apple Development certificate.

That WWDR may actually be the Apple Inc. Root (not G3).

Posted by
mikeyh
Up vote reply of mikeyh Down vote reply of mikeyh
Add a Comment

Thanks. I use the Xcode managed certificates. Then I think you must be right.

Very glad with your help. You are a good man. Really appreciate with you.

Posted by
PastCoder
Up vote reply of PastCoder Down vote reply of PastCoder
Add a Comment

Please mark my second reply as the correct answer to close this topic: https://developer.apple.com/forums/thread/709545?answerId=719589022#719589022

Posted by
mikeyh
Up vote reply of mikeyh Down vote reply of mikeyh
Add a Comment