I have created Apple Development Signing Certificate for my macbook-air device with my developer account email here and when i export the certificate to view details but I found this then, How can I convert it to human readable language or any other better than this to see its content?
Certificates, Identifiers & Profiles
RSS for tagDiscuss the technical details of security certificates, identifiers, and profiles used by the OS to ensure validity of apps and services on device.
Post
Replies
Boosts
Views
Activity
If I understand correctly, Apple Distribution certificate type aims to replace the separate platform-specific certificate types. (Please don't jump me, I know this is a very simplified way to put it :D)
I am 100% sure Apple Distribution certificate can be used instead of a "Mac App Distribution" certificate, but I'm not sure whether the same is true for installers, namely the "Mac Installer Distribution" certificate.
I have read eskimo's great articles on packaging (https://developer.apple.com/forums/thread/701581) and signing (https://developer.apple.com/forums/thread/128166) but I have not seen a definite answer to this question in those.
Our command line builds started to fail with a 'no certificate of type Mac Installer Distribution is found' without any actual apparent change to the build process, so I'm just trying to understand this certificate type better.
I see no sign of this certificate ever having existed in developer.apple.com under Certificates tab.
We use the xcodebuild -exportArchive command with an -exportOptionsPlist that has the following content:
<dict>
<key>[redacted]</key>
<string>[redacted]</string>
<key>[redacted]</key>
<string>[redacted]</string>
</dict>
<key>installerSigningCertificate</key>
<string>3rd Party Mac Developer Installer</string>
<key>signingCertificate</key>
<string>Mac App Distribution</string>
and this has not changed at all either between the last successful build and the failing ones.
I listed the existing code signing identities with security find-identity -p codesigning and only an Apple Distribution certificate shows up, not Mac Installer Distribution certificate.
Hey guys, I'm trying to build a game using GameMaker Studios for iOS but running into this automatic signing issue - I haven't had this issue on past builds, so it's confusing as to what this is. Any ideas of what I could try to solve this? I've tried many solutions but with my limited knowledge I haven't gotten very far - thank you!
Hi, I have developed a MacOS app I'd like to distribute outside app store. I am an indie developer, there is no company, just me.
If I disable gatekeeper, app installs and runs fine. But to distribute, it seems I now have to sign the app (notarise etc) - which means joining Apple Developer Program and paying $99 p.a. for the pleasure.
But before I sign up, I wanted to check what will be shown on the certificate? I'd prefer not to show my (fairly unique) name/surname for privacy reasons. Will I be able to specify CN etc for the certificate or am I doomed to publicise my name with the app?
Thanks
Hello fellow developers,
I hope you're all doing well. I've encountered an issue that I'm hoping someone here might have some insights on.
When I try to package my IPA for the production version, I receive a notification that the provisioning profile doesn't match the private key certificate. However, when packaging for the test version, everything works perfectly. I've ensured that I'm using the provisioning profile for the production version and even exported the key for this profile, but they still don't seem to match.
Upon further inspection, I noticed that when I applied for the production version of the mobileprovision, the Certificate Name automatically changed to the company name.
Has anyone else experienced this issue? If so, how did you resolve it? Any guidance would be greatly appreciated.
Thank you in advance for your time and assistance.
Best regards
Hi all
I have made an application on Windows Adobe Animate /Air ios. when I tried to get a provisioning profile from Adobe, they said I would have to get this from Apple. So I had to join an Apple developers program which I did at a cost of £79 non-refundable. I began to make up my Provisioning profile on apple developers site and at the very end of the process it told me to press a dedicated button on my Apple computer well I don't have an Apple computer that's why I made the application on Windows Adobe Animate with Air ios converter. When I pointed this out to Adobe their reply was to ask Apple if there is a way round this problem. Well I am asking you guys, is there a way round this?
Alan
Hello all,
I am having really weird trouble with productsign process using Developer ID Installer certificate.
I started cooperation with another company and got both Developer ID Application and Developer ID Installer certificates (including private keys) from them and I am also a part of their apple developer team. Now, I am able to use the first one to codesign binaries, but when trying to sign pkg using the second one, I always get this response:
productsign: error: Could not find appropriate signing identity for “Developer ID Installer: The company (XXYYZZ..)“
I've already tried to sign the pkg with certificate of another company and this one works as expected. I've also tried the process on another macOS, the same result. The company is using this certificate on their mac machine without problems.
I am calling productsign phase using standard shell script:
sudo productsign --sign "Developer ID Installer: The company (XXYYZZ..)" "test.pkg" "signedTest.pkg"
We've already tried to use newly generated certificate based on my certificate request, still the same. Also tried using only the team ID code instead of the whole name as advised on some forums, still the same.
Do you have any idea or hint how to fix this? I've already lost more than a day with thing that should work without a trouble. Tested on macOS 12.7.1 and Catalina.
Vladimír
Hi,
I'm trying to manage singing certificates but it's proving impossible without having the Apple Developer subscription. I think it should be basic that any developer can handle their certificates as they wish. The opposite could easily result in increased security risk for all Apple users.
I was hoping I could:
Delete existing certificates, since I can't manage to find the password, so they're useless
Create a new certificate.
It would also be create if when creating a new certificate I could use a different email and name. The ones in my AppleID are my personal email and name, which are used for the certificates. However, I'd like to use my brand's name and email for the app I'm building.
Is there a way to do this without paying USD 99 per year to Apple?
I've been at this for hours, searching all over, trying to find a solution. I've created a very simple app, basically 1 window that has a label saying "Hello World". 'm trying to sign this app with a Provisioning Profile that was created like so:
Created "Mac App Distribution" and "Mac Installer Distribution" certificates. Installed them, they show as valid "3rd Party Mac Developer..." in Keychain Access.
Created an Identifier for an "app", gave a Description and Bundle ID
Created a Profile for a "Mac App Store" type Distribution, used my ID from step 2, chose the "Mac App Distribution" certificate (there was only one), inputted a profile name
Then, over to xcode. In Signing & Capabilities uncheck "Automatically manage signing", enter the Bundle Identifier as it was made in step 2 above, import profile as was created in step 3 above. All seems well, however when I press that play button in order to compile and run, I immediately get a "quit unexpectedly" with the following in the details:
Exception Type: EXC_CRASH (SIGKILL (Code Signature Invalid))
Exception Codes: 0x0000000000000000, 0x0000000000000000
Termination Reason: CODESIGNING 1 Taskgated Invalid Signature
I can create a "Developer ID Application" no problem, but all goes awry when trying to build in order to make it to the Apple Store.
I'm on 16-inch 2019 MacBook Pro, Sonoma 14.1.1, xcode 15.0.1.
Is there something super lame I've looked over?
Hey everybody,
We're trying to migrate from one CI to another and we've met a problem. Our setup is mostly Fastlane+match so there are little build changes in terms of CI, but the same certificate we used on prev CI doesn't work on the new one (we have both CIs now and the same commit passes on the old one and fails on the new one).
Two steps from the match with installing certs:
Output of security find-identity
These are virtual machines.
We have run into a very unique situation with codesigning and testing the apps under TestFlight under macOS 12 and macOS 13/14.
We have existing apps on the macApp store and we are trying to basically update them. When we run the newly updated versions via Testflight under macOS 12, everything is working. However, the same apps under macOS 13/14 and Testflight crashes and we have narrowed it to a codesigned dylib issue of ours. We are getting a invalid code signature message when we try to load a dylib under macOS 13/14 and the app crashes as we cant get the dylib code pointer. Basically CFBundleGetFunctionPointerForName returns an invalid value.
Just to explain we build our dylibs/bundles and codesign them outside - as these are built at the command line level and finally we package these within our apps under XCODE and go through the whole app building/archiving, code signing, validation and uploading that to the appstore.
The crash log shows -
Code Type: ARM-64 (Native)
Parent Process: launchd [1]
User ID: 501
Date/Time: 2023-11-28 23:31:11.9903 +0900
OS Version: macOS 13.6 (22G120)
Report Version: 12
Anonymous UUID:
Time Awake Since Boot: 370000 seconds
System Integrity Protection: enabled
Crashed Thread: 7
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000
Exception Codes: 0x0000000000000001, 0x0000000000000000
Termination Reason: Namespace SIGNAL, Code 11 Segmentation fault: 11
Terminating Process: exc handler [91418]
VM Region Info: 0 is not in any region. Bytes before following region: 4368842752
REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL
UNUSED SPACE AT START
--->
__TEXT 104674000-1047f0000 [ 1520K] r-x/r-x SM=COW ...essional 2017
Thread 0:: Dispatch queue: com.apple.main-thread
0 libsystem_kernel.dylib 0x195a83de4 _kernelrpc_mach_port_deallocate_trap + 8
1 libsystem_kernel.dylib 0x195a85270 mach_port_deallocate + 28
2 QuartzCore 0x19d0cc458 CA::Context::destroy() + 512
3 QuartzCore 0x19d22135c invocation function for block in CA::Context::commit_transaction(CA::Transaction*, double, double*) + 100
We have double checked/triple checked the certificates and profiles and everything is valid. What is strange is that it works under macOS 12 and Testflight but not under macOS 13/14. For both Intel/Arm.
Any ideas anyone?
Here are the actions I performed on my developer account:
1 - I created an IOS Development certificate. 2 - I registered my device: IPhone 10 IOS 16.7.2
3 - I created an identifier for my application4 - I cannot generate a correct provisioning profile to debug my application on my iPhone:Review Provisioning Profile
Name: ProfileProvisionIPhone10
Status: Active
Platform: iOS
Expires: 2024/12/09
Type: Development
Created By: Michel Poulet
Enabled Capabilities: In-App Purchase
App ID: AppIdGenTurfEvo (com.companyname.GenTurfEvo)
Certificates: 1 total
Devices: 1 totalWhen I import my provisioning profile to my iPhone with Xcode, I get the following error:
Failed to install one or more provisioning profiles on the device. Please ensure the provisioning profile is configured for this device. If not, please try to generate a new profile.
Do you have an idea of the problem ?
Thank you in advance for your help.
Dear Users,
I'm unable to mark an imported internal CA-certificate as trusted in latest IOS. The certificate does not show up in Certificate Trust Settings, however i was generally able to import and enable it.
Where can i find technical specifications on what IOS requires?
All i found was this article for IOS 13[1] however my root-certificate fulfills all requirements.
I attach[2] the root-certificate for testing purpose to this post, so it can be tested & analyzed.
Thank you.
[1] https://support.apple.com/en-in/103769
[2] http://plzk.de/ROOT_CA.crt
Hi there :)
We are trying to install our application from Xcode to an iPhone 14 Pro. After building the app, we must go to General -> VPN & Device Management to trust the certificate.
Unfortunately, the certificate is not showing on the iPhone, and we can not install the app. Does anyone know how we can solve this problem?
Thank you very much in advance for your help!
Hi there :)
We are trying to install our application from Xcode to an iPhone 14 Pro. After building the app, we need to go to General -> VPN & Device Management to trust the certificate.
Unfortunately, the certificate is not showing on the iPhone, and we can not install the app. Does anyone know how we can solve this problem?
Thank you very much in advance for your help!
I'm trying to setup a new build machine and I can't seem to get the signing certificates detected by the security
tool with "0 valid identities found"
My id is linked to a team but my role is "app manager". In my console I can see the certificates but cant download
the developerID installer cert.
In Xcode no ceritifcates show up for that team ID in the list.
The certs were generated by the developer console.
I had to get the client to insecurely send me the certs because of this restriction. I imported them into the
keychain but the tool still won't show anything.
Is this another problem not having the correct root certificate installed ? I had all this setup in a VMWAre which
was working before I lost all data due to a crash so setting it up fresh on a mac mini.
I should be able to have just synced the certs through xcode and start signing installers. I researched hundreds
of pages and no answer for my problem.
We've got 3 MacOS apps on TestFlight that all suddenly became unusable to our testers who upgraded the OS to 14.2.
The error message says:
"The application can't be opened. -10673"
But also there was another window that opened up stating "The beta app, , is no longer available. The provisioning profile is invalid"
The provisioning profile doesn't specify OS versions - it's signed with distribution and installation certificates for AppStore.
These apps have been used that's been successfully provisioned, uploaded, downloaded and tested by various testers prior to now.
Each app has an explicit Apple ID and provisioning profile - all still valid.
What would cause this? How can I fix this?
I registered a Mac as a device in apple-developer using a third-party UID for collaboration, but the Mac cannot be selected when creating a provisioning profile. And they say udid and uuid are the same. Why is that?
The third party's Mac has been updated to Ventura OS using Open Core patcher.
Hello fellow developers,
I've come across a bit of a challenge and would appreciate some insights. I successfully backed up my Developer ID Application certificate as a .p12 file and smoothly imported it into my login keychain. However, when attempting to import it into my iCloud keychain for an added layer of backup security, I encountered two error messages:
"One object could not be imported."
"The selected keychain could not be found."
Any thoughts or suggestions on resolving this hiccup would be greatly appreciated!
Thanks in advance for your expertise!
Hello, I am rather new at publishing apps for Iphone and I am facing some difficulties. Maybe someone could point me what I am not understanding.
I am having some issues handling the usage of the Development Certificate . I have created a CSR, supplied it at apple.developer system to get a development certificate. I downloaded such a certificate and installed it. When I try to use it I get this status saying it is not trusted :
The result is this when trying to use it:
"
/Users/eao/build/dev/aquila_companion.xcodeproj: error: Missing private key for signing certificate. Failed to locate the private key matching certificate "Apple Development: Tiago DAagostini (GDH9UYDL8A)" in the keychain. To sign with this signing certificate, install its private key in your keychain. If you don't have the private key, select a different signing certificate for CODE_SIGN_IDENTITY in the build settings editor. (in target 'appaquila_companion' from project 'aquila_companion')
"
What am I missing? Where this p12 key should be? And is that related to that image where the Certificate is deemed not trusted?