Certificates: Developer ID Application not found by codesign

Question

Shadorain OP

Created Jul ’23

Replies 3

Boosts 0

Views 1.5k

Participants 3

Hello!

I am having trouble with a Developer ID Application certificate that I have clearly added to the Keychain with Keychain Access not being recognized by codesign or DMG Canvas. Here is the command that DMG Canvas uses to see if there are any certificates for signing:

$ /usr/bin/security find-identity -p codesigning
Policy: Code Signing
  Matching identities
     0 identities found

  Valid identities only
     0 valid identities found

This shows that no certificates are found but there definitely are some. I installed this cert to both the System and login keychains, I tried to the Local Items keychain but this failed with an error I will display below.

This image (names redacted) clearly shows the certs are there, valid, and not expired (behind the error) and also shows the error popup for when I try to add the cert to the Local Items keychain:

Screen Shot 2023-07-11 at 6.40.05 PM.png

Essentially I am asking why does Keychain Access say that I have the certificates but nothing can find it in order to sign applications. Thank you!

Boost

Answer 1

Bhargav_Subbarao OP

Jul ’23

Try to select the login keychain in the side pane, and then attempt to import the certificate that you have created. In this case, you selected localttems, which is why you are unable to import it. After importing it to the login keychain, run this command to be able to see the certificates

Screenshot 2023-07-15 at 11.20.28 PM.png

0

Answer 2

Shadorain OP

Jul ’23

Hi and thank you for your reply. My picture must have been misleading. I was on Local Items in the side tab there because of testing. But this cert is active and added to the login and System keychain. I also did do what you said just in case too and it didn't do anything. But thank you!

0

Answer 3

DTS Engineer OP

Apple

Jul ’23

Your screen shot shows that you have a certificate but not a digital identity, that is, you’re missing the private key that corresponds to the public key in that certificate. For more on this, see Certificate Signing Requests Explained.

Also, I recommend that you have a read of The Care and Feeding of Developer ID.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0