Associated Domains Entitlement causes code signing error on High Sierra

When we added a com.apple.developer.associated-domains entitlement to our apps, they crash on launch with a code signing error on our old 2011 Mac running 10.13.6 High Sierra.

The signature is accepted on current Macs, and the associated domains do work.

The command line utilities say everything is ok, the entitlement is in the signature and the embedded profile.

The apps will run fine on High Sierra without the entitlement.

The only guess I have is perhaps High Sierra is rejecting any unknown entitlement?

The error is

Code has restricted entitlements, but the validation of its code signature failed.

Unsatisfied Entitlements: 

No Unsatisfied Entitlements are listed.

Removing the entitlements from the signature lets the apps run on High Sierra.

The com.apple.developer.associated-domains entitlement is restricted, meaning that it must be authorised by a provisioning profile. Something is preventing your profile from working for this purpose. It’s hard to say what that might be. My advice is that you look in the system log for log entries that might explain what’s going on. See the Explore the System Log section of Resolving Trusted Execution Problems.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Associated Domains Entitlement causes code signing error on High Sierra
 
 
Q