Certificates, Identifiers & Profiles

RSS for tag

Discuss the technical details of security certificates, identifiers, and profiles used by the OS to ensure validity of apps and services on device.

Certificates, Identifiers & Profiles Documentation

Post

Replies

Boosts

Views

Activity

Command CodeSign failed with a nonzero exit code
I have not been able to open any of my apps since I uploaded my latest update midOctober 2023. Previously I have tried everything on forums from removing derived data, adding new options in build folder and more. Since then I have wasted hours trying to open any app from my iCloud / hard disk and I wonder if part of the problem is caused by backing up to iCloud, as I can open from an external hard disk. It takes almost as long to upload from hard disk than cloud so whole thing annoying, does this add clues to this frustrating problem ? Also when I opened one of my apps it had made hundreds of unassigned assets that all had to be removed individually. I have no idea how to continue with my work I have three other apps in progress, but am halted at present but such a stupid small detail. // here is full commet /Users/ruwickigmail.com/Desktop/0-APPS-2023/InstaAnimates/InstaAnimates.xcodeproj: warning: Unable to find a target which creates the host product for value of $(TEST_HOST) '/Users/ruwickigmail.com/Desktop/0-APPS-2023/InstaAnimates/DerivedData/InstaAnimates/Index.noindex/Build/Products/Debug-maccatalyst/InstaAnimates.app/Contents/MacOS/InstaAnimates' (in target 'InstaAnimatesTests' from project 'InstaAnimates') My bundle ID is fine but it crashes on loading so may be due to something in signing but everything looks fine. I note that there are hundreds of enquiries on the forums, but most are unanswered. as this is an regular Xcode Apple problem and there are hundreds of people being put of continuing with their apps could the Apple team look into this please.
1
0
309
4w
Unable to create App ID or upload to AppStore Connect
Hi, When I try to create an App ID for my app, I get the following message: "An App ID with Identifier '' is not available. Please enter a different string. I have not manually created an App ID under my team with this bundle identifier. I have 'Automatic Signing' checked in Xcode but am unable to upload or register an app with the same bundler Identifier through Xcode as well. I am not a member of any other team so this bundle identifier should be unique and should not have been used before. Would appreciate any help. Thanks.
2
0
368
Oct ’24
How to correctly regenerate expired provisioning profiles and use them in .NET MAUI iOS apps?
I have a .NET MAUI iOS app where its provisioning profiles at first expired a few days ago. So I created new "Apple Development" and "Apple Distribution" certificates using an existing certificate signing request created on 19 October 2023 at 11:46 AM, included the new certificates in the expired provisioning profiles, regenerated and downloaded the provisioning profiles. In the "bundle signing" section of the "project properties" window of Visual Studio for Mac version 17.6.14 (build 413), I have made the following settings: Configuration: release Platform: any CPU Signing identity is not set to automatic I have selected the correct provisioning profile, but when deploying the app in release mode, the following error message is thrown so the app cannot be deployed to the device: ERROR: Failed to install the app on the device. (com.apple.dt.CoreDeviceError error 3002.) NSURL = file:///Users/intelligenthosting/Desktop/IMA-Attendance-App/maui/maui/bin/Release/net7.0-ios/ios-arm64/maui.app/ ---------------------------------------- Unable to Install ?IMA Attendance? (IXUserPresentableErrorDomain error 14.) NSLocalizedRecoverySuggestion = Failed to install embedded profile for com.imaedu.attendanceapp : 0xe800801f (Attempted to install a Beta profile without the proper entitlement.) NSLocalizedFailureReason = This app cannot be installed because its integrity could not be verified. ---------------------------------------- Failed to install embedded profile for com.imaedu.attendanceapp : 0xe800801f (Attempted to install a Beta profile without the proper entitlement.) (MIInstallerErrorDomain error 13.) SourceFileLine = 308 FunctionName = -[MIInstallableBundle _installEmbeddedProfilesWithError:] LibMISErrorNumber = -402620385 LegacyErrorString = ApplicationVerificationFailed 1%... 2%... 3%... 4%... 5%... 6%... 7%... 8%... 9%... 10%... 11%... 12%... 13%... 14%... 15%... 16%... 18%... 19%... 20%... 21%... 22%... 23%... 24%... 25%... 26%... 27%... 28%... 30%... 31%... 32%... 33%... 34%... 35%... 36%... 37%... 38%... 39%... 40%... 41%... 42%... 43%... 44%... 45%... 46%... 47%... 48%... 49%... 50%... 51%... 52%... 53%... 54%... 55%... 56%... 57%... 59%... 60%... 62%... 66%... 68%... error MT1045: Failed to execute 'devicectl': 'devicectl -j /var/folders/ny/qt1fm9zx063__j1b_nglx8pw0000gn/T/tmpFalYTp.tmp device install app --device "iPad (3)" /Users/intelligenthosting/Desktop/IMA-Attendance-App/maui/maui/bin/Release/net7.0-ios/ios-arm64/maui.app' returned the exit code 1. Application could not be uploaded to the device. What have I done wrong in the above process? What is the most appropriate method to update expired provisioning profiles? Thanks in advance
1
0
287
Oct ’24
ITMS-90426: Invalid Swift Support when uploading VisionOS app to Appstore Connect with dylib
I'm trying to upload a build to app store connect. It's a build from a Unity project with the polyspatial SDK, and I also need to include a c++ library, which I've added as a dylib signed with the same provisioning profile as the app. The profile is an Apple Distribution profile created from an enterprise account. It succesfully uploads to Appstore connect, but fails with the following error message: ITMS-90426: Invalid Swift Support - The SwiftSupport folder is missing. Rebuild your app using the current public (GM) version of Xcode and resubmit it. This is unhelpful as I'm using a current version of Xcode. I've read that it's a provisioning issue, but I'm using the provisioning profile for apple distribution on an enterprise account, not an ad hoc profile. I've tried manually adding the SwiftSupport folder from the Xcode toolchain to the ipa/xarchive, resign and upload with Transporter, but that doesn't work. After spending a day trying to troubleshoot this, I'm at a loss. Any help with this is much appreciated. Note: I can sideload the app onto an AVP with an ad hoc build and ad hoc provisioning profile (I've added the signed dylib to build phases Link with Libraries and Embed Frameworks). Somehow this doesn't need the SwiftSupport?
2
0
519
Oct ’24
DriverKit: embedded.mobileprofile has the wildcard USB Vendor ID instead of my assigned Vendor ID
I've added my Vendor ID to the appropriate entitlement files but my binary fails validation when trying to upload it to the store for distribution. The embeded.mobileprovision file in the generated archive shows an asterisk instead of my approved Vendor ID. How can I make sure the embedded provisioning file has my Vendor ID?
4
0
907
May ’24
App Transfer Issue: Upgrade's application-identifier entitlement string ({new_team_id}.{bundle_id}) does not match installed application's application-identifier string ({old_team_id}.{bundle_id}); rejecting upgrade.
Starting Point I recently transferred an app from an old to a new developer account. The transfer itself went smoothly with the app using the following capabilities: CoreData, CloudKit, Push Notifications, In-App Purchases Keychain is not used After completing the app transfer, I worked on a new update. For this, I set the new developer account as the development team of the project in Xcode. However, as soon as I try to install the new version locally on my physical test device, I get the following error message: application-identifier entitlement string ({new_team_id}.{bundle_id}) does not match installed application's application-identifier string ({old_team_id}.{bundle_id}); rejecting upgrade.` (Note: The test device has the latest production version installed, which was still published by the old developer account. The update can be installed without any problems if no previous version is installed. {new_team_id}, {old_team_id} and {bundle_id} are a substitute for the original content.) What I've tried so far I found a Technical Note on this topic and followed the steps suggested. However, the Apple Support wasn't able to provide me with the required Special Provisioning Profile. That's why I tested a different approach with a dummy application: I have completed an update as described above (new developer account selected as development team). Next, I uploaded it to App Store Connect and published it as a new version. I received the following warning during the upload process, but ignored it since I don't use the keychain: At first glance, the publication process appears to have gone smoothly. While the update caused the above error during local testing, the update via the App Store went smoothly. As the latest production version has now also been published from the new Apple Developer Account, further updates can now also be tested locally on a physical device without any problems. Questions Why is it that the update causes an error when tested locally, but works without problems via the App Store? Can this approach also be used without concern for an app with a large active user base, which also uses the capabilities described above (in particular CoreData & CloudKit) without causing problems? Thanks a lot for your support in advance!
0
1
457
Oct ’24
Renewing (not Editing) Provisioning development profile (universal distribution) that is about to expire
Hello there! I found the page on Docs about Editing provisioning profiles: https://developer.apple.com/help/account/manage-profiles/edit-download-or-delete-profiles/ but there, are showed only cases where one should edit it or when it is expired. It is not showed the case where the profile IS ABOUT to expire. What If it is about to expire and I want to act before expiring? Somewhere on the forum I read that clicking "save" with no changes could be enough, but it is not clear to me if I need to choose something more about it. I add a screenshot since It seems to me the UI changed a bit recently. using Enterprise developer program, in-house distribution I can see no certificate with dec 31 2025 (+ - 1 day) on my dev page certificates list. but I have, among my certificates, an iOS distribution certificate with exactly nov 23 2026 es expiration date. why are two choices present with two different expiration dates? with which criteria should I pick one or the other? if I have no need to change something, what should I do or do not in this screen at renewal time? (I.E. at beginning of December 2024?) app Id should be the bundle id, is it so? but in this moment app and id are different, shouldn't they be the same?
3
0
449
Oct ’24
Signing is wrong
Hello, I have a problem signing the application. I'm trying to sign 3rd Party Mac Developer Installer, but it says Invalid: ➜ Desktop productbuild --component TechView.app /Applications --sign "3rd Party Mac Developer Installer: KARLOS KORTES ()" --product TechView.app/Contents/Info.plist TechView.pkg productbuild: Adding component at /Users/wildwolf/Desktop/TechView.app productbuild: Signing product with identity "3rd Party Mac Developer Installer: KARLOS KORTES ()" from keychain /Users/wildwolf/Library/Keychains/login.keychain-db productbuild: Adding certificate "Apple Worldwide Developer Relations Certification Authority" productbuild: Adding certificate "Apple Root CA" productbuild: Wrote product to TechView.pkg productbuild: Supported OS versions: [Min: 10.13, Before: None] ➜ Desktop xcrun notarytool submit TechView.pkg --key /Users/wildwolf/Desktop/AuthKey_26Z7J3RBZQ.p8 --key-id 26Z7J3RBZQ --issuer 2af626b1-ffca-4ec1-b9d0-cb1bbdc94742 --wait Conducting pre-submission checks for TechView.pkg and initiating connection to the Apple notary service... Submission ID received id: 3cbfd59c-69a9-42e9-8fd9-074aee705ab9 ^Rload progress: 60.47 % (33.4 MB of 55.2 MB) ^Rload progress: 61.49 % (33.9 MB of 55.2 MB) Upload progress: 100.00 % (55.2 MB of 55.2 MB) Successfully uploaded file id: 3cbfd59c-69a9-42e9-8fd9-074aee705ab9 path: /Users/wildwolf/Desktop/TechView.pkg Waiting for processing to complete. Current status: Invalid...................... Processing complete id: 3cbfd59c-69a9-42e9-8fd9-074aee705ab9 status: Invalid When I sign the Developer ID Installer, everything goes well: ➜ Desktop productbuild --component TechView.app /Applications --sign "Developer ID Installer: KARLOS KORTES ()" --product TechView.app/Contents/Info.plist TechView.pkg productbuild: Adding component at /Users/wildwolf/Desktop/TechView.app productbuild: Using timestamp authority for signature productbuild: Signing product with identity "Developer ID Installer: KARLOS KORTES ()" from keychain /Users/wildwolf/Library/Keychains/login.keychain-db productbuild: Adding certificate "Developer ID Certification Authority" productbuild: Adding certificate "Apple Root CA" productbuild: Wrote product to TechView.pkg productbuild: Supported OS versions: [Min: 10.13, Before: None] ➜ Desktop xcrun notarytool submit TechView.pkg --key /Users/wildwolf/Desktop/AuthKey_26Z7J3RBZQ.p8 --key-id 26Z7J3RBZQ --issuer 2af626b1-ffca-4ec1-b9d0-cb1bbdc94742 --wait Conducting pre-submission checks for TechView.pkg and initiating connection to the Apple notary service... Submission ID received id: ad1ecc74-5445-43e1-9d45-30b14f0e7132 Upload progress: 100.00 % (55.2 MB of 55.2 MB) Successfully uploaded file id: ad1ecc74-5445-43e1-9d45-30b14f0e7132 path: /Users/wildwolf/Desktop/TechView.pkg Waiting for processing to complete. Current status: Accepted........................ Processing complete id: ad1ecc74-5445-43e1-9d45-30b14f0e7132 status: Accepted Certificates in the system: ➜ Desktop security find-identity -p codesigning -v E6E85E18DB601386F0B6DCDBA728D31BAD2A19F2 "Apple Development: KARLOS KORTES (**************)" 3CC85A4F196339D3B23DF6A5D2519F427D89BA75 "Apple Distribution: KARLOS KORTES (**************)" 351BA454290A9ACAC14DC3D7B3491BAF81CD4CA1 "Developer ID Application: KARLOS KORTES (**************)" 3 valid identities found ➜ Desktop security find-identity -p codesigning -v E6E85E18DB601386F0B6DCDBA728D31BAD2A19F2 "Apple Development: KARLOS KORTES (**************)" 3CC85A4F196339D3B23DF6A5D2519F427D89BA75 "Apple Distribution: KARLOS KORTES (**************)" 351BA454290A9ACAC14DC3D7B3491BAF81CD4CA1 "Developer ID Application: KARLOS KORTES (**************)" 3 valid identities found ➜ Desktop security find-identity -p basic -v B7D14C5A225C2D08A78F10801DF5FBD600F41977 "3rd Party Mac Developer Installer: KARLOS KORTES (**************)" (CSSMERR_TP_CERT_REVOKED) 1F4AB0AE48760BA22F17AFB1E488D7A5F3AA1C72 "3rd Party Mac Developer Installer: KARLOS KORTES (**************)" E6E85E18DB601386F0B6DCDBA728D31BAD2A19F2 "Apple Development: KARLOS KORTES (**************)" 3CC85A4F196339D3B23DF6A5D2519F427D89BA75 "Apple Distribution: KARLOS KORTES (**************)" 036AB7D7CD8862B5C6EA2B759ADB69E88C3B9F30 "Developer ID Installer: KARLOS KORTES (**************)" 351BA454290A9ACAC14DC3D7B3491BAF81CD4CA1 "Developer ID Application: KARLOS KORTES (**************)" 6 valid identities found What have I tried already, reinstalled, deleted, added new certificates, but the signature with 3rd Party Mac Developer Installer does not work, what am I doing wrong?
1
0
329
Sep ’24
Asset validation failed (90161)
I uploaded the ipa package to the Apple Developer Center, and it keeps showing the error "Asset validation failed (90161): Invalid Provisioning Profile." The provisioning profile included in the com.ttlock.roommaster bundle (Payload/keeperapp) is invalid. [Missing code-signing certificate]. It says that my certificate is invalid, but I have created it many times and followed all the procedures correctly. However, I still cannot upload it successfully! I don't know how to solve this problem.
1
0
306
Sep ’24
Revoking Certificates
My Mac died and I need to revoke all Developer ID certificates which I cannot do myself. I have 5 of each so can't currently add new ones. How do I get these removed. I have submitted a ticket to Apple 10 days ago but other than the acknowledgment have heard nothing. I am totally stuck!
2
0
360
Sep ’24
Issues while signing macOS app
Hi everyone! We use to have an intel Mac machine where we generate the Developer ID Installer & Application certs for signing and notarization process. This process works sweet. Now, we move from an intel to a m1 Mac machine, where we want to do the same process as before. I had try two different approaches, but ending up with the same result. I export the cert with the private key from my intel to the m1 machine, but when I try to sign, I get: Invalid signature. (Not sure what this error means in this case as everything works on the intel machine. I am guessing the cipher for creating either the private key or the signature differs between the architecture) I try to generate new certs for this m1 machine, but I get the following error: You already have a current Developer ID installer certificate or a pending certificate request. I try with the same account, but also with a different account. In both cases got the same error. I create a ticket for apple, where they said to expect a reply between one and two business days, but no luck yet.
9
0
964
May ’24
What are these kind of certificates?
Hello there, I need guidance understanding what some certificates are related to. a) On my Apple developer page home I see that RENEWAL date for my apple developer enterprise program subscription is 2024-october-10 b) in devices section, there is a banner showing that my membership will EXPIRE on 2024-october-09 c) in certificates section I have 6 "development" certificates expiring in multiple dates from 2024-october-11 to 2025-may-22. these ones are "certificate Type - development" and **"certification name with my personal name" ** none of dates in certificates section matches exactly renewal or expiring dates for my apple developer page subscription or profile certificate. why dates in a and b are different? what are certificates in certificates section (those mentioned in "c") ? they seems different from "mac development" and such. What happens if they expire? thank you in advance.
5
0
427
Sep ’24
Importing .developerprofile from xcode 15 -> 16?
I am trying out the new xcode 16, and am trying to sign some existing apps. I have a .developerprofile from xcode 15. But I cannot find a way to import it (I think I need the private certs, in order to sign an app). There is no "import" button at the bottom of the Accounts tab, within the xcode Accounts Settings.... Is there any other way (e.g: Terminal) to import an existing .developerprofile into xcode? Or am I missing something?
4
2
1.1k
Jun ’24