You can now easily request access to managed capabilities for your App IDs directly from the new Capability Requests tab in Certificates, Identifiers & Profiles > Identifiers. With this update, view available capabilities in one convenient location, check the status of your requested capabilities, and see any notes from Apple related to your requests. Learn more about capability requests.

Hello, my team is trying to fix a code signing issue with our app. Our production build works, but our debug build broke after upgrading to macOS 15. This is because our app contains an app extension that can no longer access our app group container after the upgrade to macOS 15. It looks like this is due to ~/Library/Group Containers being protected by SIP now. We were not code signing our debug app, and now security is stricter. Because of historical reasons, we need to use a Makefile to build our app instead of just using Xcode. We are trying to determine the best way to sign our debug app. It looks like our app extension is able to access our app group container if we sign the app with a developer certificate. However, we are wondering if the developer certificate is required. We see that Xcode can sign debug builds with the “-” code signing identity. We tried doing this from our Makefile in the same way we sign with the developer certificate, but it doesn’t work. Is this expected behavior?

p12证书导出是灰色的，一直导出不了 ![]（“https://developer.apple.com/forums/content/attachment/36357e8a-bbb0-4661-a57c-720d41c3d9aa” “title=微信截图_20241119125858.png;宽度=962;高度=273”）

I'm trying to renew our Distribution Certificate, but when I request a certificate from a certificate authority as described and create the certificate via developer.apple.com and install it, it is installed without a private key, so I can't export it to .p12. What am I doing wrong? Last year this went without any problems. Please help me out, because I have to renew the certificate before 12-12-2024.

I have an internal customer who is trying to submit an IPA to TestFlight via a Jenkins pipeline, and they are submitting their IPA to our central code signing service first. But they're seeing failures in their logs such as: { "id" : "bb07c32d-b4d6-48c4-abfe-390a46dec3ca", "status" : "409", "code" : "STATE_ERROR.VALIDATION_ERROR.90179", "title" : "Asset validation failed", "detail" : "Invalid Code Signing. The executable 'Payload/their.app/Frameworks/Pods_their.framework/Pods_their' must be signed with the certificate that is contained in the provisioning profile." } I obtained the signed IPA file, and examined one of the items flagged as incorrectly signed with "codesign -d -vvvv". I see the correct team identifier in the output, along with the correct ("Distribution") authority. I unbundled the IPA with "ditto -xk", extracted the plist from the embedded provisioning file with "security cms -D -i", and examined the lone developer certificate with "plutil -extract DevelopCertificates.0" and "certtool d". The subject name fields correspond to the correct cert: "Other name" and "OrgUnit" contain "our" team name, "Org" has our company name, "Common Name" has the name of the authority mentioned above. In short, it looks like we're signing it properly, but Apple notarization is refusing it. (For the record, something on Apple's side complained about using "altool" instead of "notarytool". I don't know if that's our problem or not.) What else should I be doing to confirm the status of the signatures? I'm missing something, but I have no idea what.

Hi, I am trying to upload the Certificate Signing Request but its failing and showing this error: CSR algorithm/size incorrect. Expected: RSA(2048)

I'm trying to sign a build coming from a gitlab runner, but for some reason security find-identity is yielding no results during the pipeline. Hitting the runner via SSH shows the results as I would expect, as well as VNCing into the runner and using the terminal. whoami on all 3 shows the same result My current attempt is to build the keychain on the fly so that I can ensure I have access to the identity, and it succeeds in building the keychain and importing the certs, but find-identity still shows zero results in the pipeline. - security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" - security list-keychains -d user -s "$KEYCHAIN_PATH" "/Users/######/Library/Keychains/login.keychain-db" "/Library/Keychains/System.keychain" - security set-keychain-settings "$KEYCHAIN_PATH" - security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" - security import "$SIGNING_KEY_DECODED" -P "$P12_PASSWORD" -A -f pkcs12 -k $KEYCHAIN_PATH -T "/usr/bin/codesign" - > # escape : CERT_IDENTITY="##########" security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PASSWORD" -D "$CERT_IDENTITY" -t private "$KEYCHAIN_PATH" - echo $(security find-identity) The echo at the end returns the following: Policy: X.509 Basic Matching identities 0 identities found Valid identities only 0 valid identities found Running the same command via ssh/terminal over VNC after the build fails returns the following: Policy: X.509 Basic Matching identities 1) C6......A2 "iPhone Distribution: ###########" 1 identities found Valid identities only 1) C6......A2 "iPhone Distribution: ###########" 1 valid identities found Which suggests that the keychain creation and certificate import is working as expected. I'm not ruling out the possibility of this being an issue on gitlab's end, but this has been working historically, and only really stopped working since we've updated to Sonoma (we're on 14.7.1 now). We have an active runner on Ventura 13.6.1 that's working still.

After the ios background creates the group and adds it to the Identifiers, an error is displayed at xcode signing. Error: An Application group with Identifier 'group.xx' is not available. Please enter a different string. Looking at Figure 1 and Figure 2, you can see that I have created in the background, but it will not succeed in XCODE. Does anyone know the reason I started to think that the account and certificate problems, but after the replacement is not successful How to solve this problem, thank you

Hi there I'm having issues signing my app after the app was transfered to my account. This is what I did (in order) and what is happening. Accepted the transfer Updated som code Tried to update the old app with the new app on a test device. This failed with the message Upgrade's application-identifier entitlement string (..DKG.dk..) does not match installed application's application-identifier string (...3ZG.dk..); rejecting upgrade. Added the required entitlements file to XCode to reflect both teams. Now signing fails with the error Provisioning profile "iOS Team Provisioning Profile: ...hyp..." doesn't include the previous-application-identifiers entitlement. Requested a new profile from Apple but got rejected What do I do now? Thanks

No matter how many times I download what seems to be a cert for Mac App Distribution Certificate Type Mac App Distribution When I look at its Apple Mac App Signing extension property in the keychain, it always says Apple Mac App Signing (Development) Whenever I try to use it to code sign, the signing is 'generic' which fails security checks. AI says... The certificate field Apple Mac App Signing (Development) (1.2.840.113635.100.6.1.7) indicates that the certificate is intended for development purposes. This type of certificate is used for signing macOS applications during the development and testing phases. But that is not what I am expecting to get from the certificate type Mac App Distribution. What can I do to actually get to production?

I would like to code sign an app or installer with an RSA 4096-bit code signing certificate. I created a CSR using RSA4096bit and ECC in Mac Keychain Access, but I was unable to use that CSR to create a code signing certificate on the Apple Developer site. How do I issue an RSA4096-bit or ECC code signing certificate?

we are currently using an APNs Authentication Key to send notifications and have not generated any Development or Production APNs certificates. Could you please confirm whether using the APNs Authentication Key alone is sufficient under the updated requirements? Alternatively, do we need to generate Development and Production APNs certificates that support SHA-2 for compliance with the changes?

The product archive package's signature is invalid. Ensure that it is signed with your "3rd Party Mac Developer Installer" certificate. (90237) I'm receiving this error, despite the fact that I'm using this certificate when creating the pkg (with electron-forge) My configuration is shown below - note the 3rd Party Mac Developer Installer identity when using new MakerPKG. const config: ForgeConfig = { packagerConfig: { asar: true, name: 'Deep Focus', icon: 'resources/icon.icns', osxSign: { identity: 'Apple Distribution: Timeo Williams (3Y4F3KTSJA)', type: 'distribution', provisioningProfile: '/Users/timeo/Desktop/Deep Focus/deepWork/distribution.provisionprofile', preAutoEntitlements: false, // eslint-disable-next-line @typescript-eslint/explicit-function-return-type optionsForFile() { return { entitlements: 'build/entitlements.mas.plist' } } }, extendInfo: 'build/info.plist', osxUniversal: { mergeASARs: true }, appCategoryType: 'public.app-category.productivity', appBundleId: 'com.electron.deepfocus', extraResource: [ 'resources/.env', 'resources/icon.icns', ] }, rebuildConfig: {}, makers: [ new MakerSquirrel({}), new MakerZIP({}), new MakerRpm({}), new MakerDeb({}), new MakerDMG({ appPath: './out/Deep Focus-darwin-arm64/Deep Focus.app', name: 'Deep Focus', icon: './resources/icon.icns', format: 'ULFO', overwrite: true, contents: (opts) => [ { x: 130, y: 220, type: 'file', path: opts.appPath }, { x: 410, y: 220, type: 'link', path: '/Applications' } ] }), new MakerPKG({ name: 'Deep Focus', identity: '3rd Party Mac Developer Installer: Timeo Williams (3Y4F3KTSJA)' }) ], plugins: [ new VitePlugin({ build: [ { entry: 'src/main.ts', config: 'vite.main.config.ts', target: 'main' }, { entry: 'src/preload.ts', config: 'vite.preload.config.ts', target: 'preload' } ], renderer: [ { name: 'main_window', config: 'vite.renderer.config.mts' // Path to Vite config for renderer process } ] }), new FusesPlugin({ version: FuseVersion.V1, [FuseV1Options.RunAsNode]: false, [FuseV1Options.EnableCookieEncryption]: true, [FuseV1Options.EnableNodeOptionsEnvironmentVariable]: false, [FuseV1Options.EnableNodeCliInspectArguments]: false, [FuseV1Options.EnableEmbeddedAsarIntegrityValidation]: true, [FuseV1Options.OnlyLoadAppFromAsar]: true }) ] } Yet, I'm getting the error from Transporter that it's invalid?

From my developer account, when I generate CSR and submit for certificate generation private key not available and loaded into keychain

I just made a TikTok account accidentally using my Apple ID I’m trying to delete the account and the only way to delete it is to put this code in I don’t know where to look for the code and apparently it was sent to my private relay.appleid.com.

I get these errors. I think I've checked everything possible. "entitlements file, Identifiers etc." but I couldn't find a solution. I tried manual signing as well. Same result. The profiles I added also become invalid after a while. Everything seems normal in my developer account.

I am writing to follow up on my request for Family Control permission, which I submitted through the appropriate form over a week ago. Unfortunately, I have not yet received any response or access to the requested permissions. Could you kindly provide an update on the status of my request? If any further information or action is needed from my end, please let me know.

Hi, I am trying to make my app build on GitHub Action CI pipeline. App builds fine on xcode on my mac. For CI I am using command line xcode. I am getting following error: No profiles for 'com.snslocation.electricians-now' were found: Xcode couldn't find any iOS App Development provisioning profiles matching 'com.snslocation.electricians-now'. Automatic signing is disabled and unable to generate a profile. To enable automatic signing, pass -allowProvisioningUpdates to xcodebuild. (in target 'myapp' from project 'myapp') You can see full log of the build here: https://github.com/nbulatovi/ElectriciansNow/actions/runs/12603115423/job/35127512689 The provisioning profile is present, and verified in the previous steps in the pipeline, however xcode refuses to find it. If I add -allowProvisioningUpdates error stays. I tried manually mapping app id to profile name. Is there a way to get any debug log from xcode profile search, to see why is it not picking up the correct profile? Or can you maybe help in some other way? xcode version is 15.4, iOS SDK 17.5

Even if I recreate everything and register it, it does not register in xcode as shown below. No matter how many times I regenerate the certificate and profile, the same thing happens.

I'm building an app that uses the Screen Time API and DeviceActivityMonitoring Framework. It works when I run the simulator build on iPhone 16 but when I try to launch it on my own iPhone, I get these errors. Provisioning profile "iOS Team Provisioning Profile: Kanso- Digital-Wellness.Kanso-v2" doesn't include the com.apple.developer.device-activity.monitoring entitlement. KansoMonitorExtension 1 issue x Provisioning profile "iOS Team Provisioning Profile: Kanso-Digital-Wellness.Kanso-v2.KansoMonitorExtension" doesn't include the com.apple.developer.device-activity.monitoring en... Read something online that said a reboot would fix this, but I tried and no luck. Any ideas? I'm not very technical, so would pay someone to fix this for me :)

I am attempting to sign a *.pkg for distribution but I get "Could not find appropriate signing identity for 'Developer ID Application: CompanyName'. I'm calling this command to sign: productsign --sign 'Developer ID Application: CompanyName' "unsigned.pkg" "signed.pkg" I've downloaded the WWDR Intermediates, when I go through Keychain Access > Certificate Assistant > Evaluate on the cert and select "Code Signing" I get "Evaluation Status: Success" and "Certificate Status: Good". Additionally my certificate shows up as valid in my keychain. I'm at a loss for what is going on.