Hi, I need to create a new Developer ID installer certificate as I cannot locate the private key on my old computer. I need to revoke the certificate. I have the Account holder and admin rights but I can't see the revoke option. And when I try to create a new certificate, the panel response is "There is already an existing one." Again, I need to install a new Developer ID installer certificate on the KeyChain of my new computer with its private key. I can't codesign and complete my work at the moment ! I have sent several support e-mails but no single response ! Any guidance is much appreciated. thank you.

I'm trying to sign a build coming from a gitlab runner, but for some reason security find-identity is yielding no results during the pipeline. Hitting the runner via SSH shows the results as I would expect, as well as VNCing into the runner and using the terminal. whoami on all 3 shows the same result My current attempt is to build the keychain on the fly so that I can ensure I have access to the identity, and it succeeds in building the keychain and importing the certs, but find-identity still shows zero results in the pipeline. - security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" - security list-keychains -d user -s "$KEYCHAIN_PATH" "/Users/######/Library/Keychains/login.keychain-db" "/Library/Keychains/System.keychain" - security set-keychain-settings "$KEYCHAIN_PATH" - security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" - security import "$SIGNING_KEY_DECODED" -P "$P12_PASSWORD" -A -f pkcs12 -k $KEYCHAIN_PATH -T "/usr/bin/codesign" - > # escape : CERT_IDENTITY="##########" security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PASSWORD" -D "$CERT_IDENTITY" -t private "$KEYCHAIN_PATH" - echo $(security find-identity) The echo at the end returns the following: Policy: X.509 Basic Matching identities 0 identities found Valid identities only 0 valid identities found Running the same command via ssh/terminal over VNC after the build fails returns the following: Policy: X.509 Basic Matching identities 1) C6......A2 "iPhone Distribution: ###########" 1 identities found Valid identities only 1) C6......A2 "iPhone Distribution: ###########" 1 valid identities found Which suggests that the keychain creation and certificate import is working as expected. I'm not ruling out the possibility of this being an issue on gitlab's end, but this has been working historically, and only really stopped working since we've updated to Sonoma (we're on 14.7.1 now). We have an active runner on Ventura 13.6.1 that's working still.

Hi, I am trying to upload the Certificate Signing Request but its failing and showing this error: CSR algorithm/size incorrect. Expected: RSA(2048)

I have an internal customer who is trying to submit an IPA to TestFlight via a Jenkins pipeline, and they are submitting their IPA to our central code signing service first. But they're seeing failures in their logs such as: { "id" : "bb07c32d-b4d6-48c4-abfe-390a46dec3ca", "status" : "409", "code" : "STATE_ERROR.VALIDATION_ERROR.90179", "title" : "Asset validation failed", "detail" : "Invalid Code Signing. The executable 'Payload/their.app/Frameworks/Pods_their.framework/Pods_their' must be signed with the certificate that is contained in the provisioning profile." } I obtained the signed IPA file, and examined one of the items flagged as incorrectly signed with "codesign -d -vvvv". I see the correct team identifier in the output, along with the correct ("Distribution") authority. I unbundled the IPA with "ditto -xk", extracted the plist from the embedded provisioning file with "security cms -D -i", and examined the lone developer certificate with "plutil -extract DevelopCertificates.0" and "certtool d". The subject name fields correspond to the correct cert: "Other name" and "OrgUnit" contain "our" team name, "Org" has our company name, "Common Name" has the name of the authority mentioned above. In short, it looks like we're signing it properly, but Apple notarization is refusing it. (For the record, something on Apple's side complained about using "altool" instead of "notarytool". I don't know if that's our problem or not.) What else should I be doing to confirm the status of the signatures? I'm missing something, but I have no idea what.

As of Nov 25, 2024, Xcode 16.1 won't recognize an App Store provisional profile as Eligible so you cannot select the provisional profile for signing. Which means you cannot archive it for upload to Apple. Setting it to manual or automatic signing does not help. Even going to the dev site and making new, fresh provisional profiles did not work. rebooting xcode did not work. rebooting the computer did not work.

In Xcode's (version 16.1) "Devices and Simulators" window pressing the device's context menu item "Show Provisioning Profiles..." does nothing: no new window, no message, nothing. How can I fix this?

I'm trying to renew our Distribution Certificate, but when I request a certificate from a certificate authority as described and create the certificate via developer.apple.com and install it, it is installed without a private key, so I can't export it to .p12. What am I doing wrong? Last year this went without any problems. Please help me out, because I have to renew the certificate before 12-12-2024.

p12证书导出是灰色的，一直导出不了 ![]（“https://developer.apple.com/forums/content/attachment/36357e8a-bbb0-4661-a57c-720d41c3d9aa” “title=微信截图_20241119125858.png;宽度=962;高度=273”）

After using backup to setup my new Mac Mini my xCode App projects run ok in the Simulator but fail to Archive or Analyze with the error: "The specified item could not be found in the keychain." The item is a provisioning profile. I was able to Run, Archive and Validate these projects on my old Mac Mini just before the final backup. Are there known problems in backup of provisioning profiles or keychains? I have tried creating new profiles etc without success for several days. I'm not an expert developer so I'm hoping there is a simple solution. Please suggest the best way to resolve and/or clarify this problem.

Hello, my team is trying to fix a code signing issue with our app. Our production build works, but our debug build broke after upgrading to macOS 15. This is because our app contains an app extension that can no longer access our app group container after the upgrade to macOS 15. It looks like this is due to ~/Library/Group Containers being protected by SIP now. We were not code signing our debug app, and now security is stricter. Because of historical reasons, we need to use a Makefile to build our app instead of just using Xcode. We are trying to determine the best way to sign our debug app. It looks like our app extension is able to access our app group container if we sign the app with a developer certificate. However, we are wondering if the developer certificate is required. We see that Xcode can sign debug builds with the “-” code signing identity. We tried doing this from our Makefile in the same way we sign with the developer certificate, but it doesn’t work. Is this expected behavior?

How can I modify bundleID of an app after building ipa file? I try to modify the bundle id in my app by : unzip ipa modify bundle id in info.plist within app resign app with entitlements 4.zip ipa but ipa appeared to not be able to install on iphone is that any way to modify bundle id after building ipa file? Thanks for your Support

Hello I build an application in Xcode for MacOS. But the exported app I cannot open on different Mac systems. I get the message 'The application X can't be opened'. I can only run the application on the Mac where Xcode is installed. I used different signing certificates: Apple Distribution, Developer ID application (this should be the one), Mac App Distribution. I archive the application, then use Direct Distribution, then after complished the notary service, I export the app.

My non-cloud Developer ID certificate will expire soon, and my account also has a cloud-managed Developer ID Certificate. My Mac application build workflow uses Archiving, so the cloud cert should be fine for that. But my workflow also signs bundled apps, such as Sparkle framwork's Autodupate app, using the codesign tool. Is it correct that codesign only uses certificates from the local Keychain, and so cannot use a Cloud-managed Developer ID certificate? Before I manually renew the non-cloud Developer ID certificate, I want to make sure I'm not missing some easier method. Thanks.

Hi, I'm trying to ssh into another machine, copy an app into that machine and codesign it using my "Dev ID Application" certificate, then copy it back to my original machine. I'm getting the "errSecInternalComponent" error when running codesign. This is the bash script I'm running: ssh ${REMOTE_SERVER} "security -v unlock-keychain -p <REDACTED> /Users/<REDACTED>/Library/keychains/login.keychain-db" ssh ${REMOTE_SERVER} "codesign -vvv --deep --force --verify --verbose --timestamp --options runtime --sign \"Developer ID Application: <REDACTED>\" \"/tmp/$BUILD_ID/ui-app/<APP_NAME>.app\"" ssh ${REMOTE_SERVER} "codesign -dv --verbose=4 /tmp/$BUILD_ID/ui-app/<APP_NAME>.app" I've tried to follow all the available info found online, managed to sign it successfully through the machine's UI, set the ACL of the private key to ALLOW ALL, restarted the keychain service, tried with the system keychain, approved all pop ups through the UI. Still with no luck through the SSH session. Any help would be greatly appreciated. Thanks!

I have the latest version of xcode

I've updated Xcode to 16.1, then I've created a new provisioning profile in developer.apple.com, successfully built and signed my application. It was on monday, 2024-11-04. Two or three days later I was asked to add more devices and I had to create a new profile. I've noticed a new feature to control profile's name (yeah, cool!), had to accept new agreements. Then, have created a new profile, downloaded it, but could not add it with double-click to Xcode or import to Keychain Access - "Failed to install one or more provisioning profiles on the device". And whatever I tried, I couldn't register any new profiles since. Therefore, my app cannot be signed and tested anymore. This is quite weird as nothing has changed on the system throughout the week. Is this a known issue or is there any fix for that?

Hi! I'm having troubles to sign my Xamarin Forms application, im getting the following error "Error : Could not find any available provisioning profiles for MyProject.iOS on iOS.". I've recently cleaned my Provisioning profiles folder ~/Library/MobileDevice/Provisioning Profiles since it wasn't being updated with my latest provisioning profile for my app. But now my provisioning profiles are not being downloaded, I'm not getting any other error on downloading profiles. I've tried from Xcode -> Settings -> Account -> Download manual profiles. Tried too open the profile downloaded from the Apple Developer Portal, also tried copy manually the provisioning profile downloaded to the previous mentioned path, none of those works. The user that im logged in on Xcode is the admin/owner so is not a permissions issue. IDK what can be wrong or what can I try. So I'm going to be grateful for your help :(

I am trying to export my AppleScript as an application and have enabled my developer ID to sign it. I, however, get an error the following error: Any ideas? Thank you and best regards, pd NOTE: macOS Sonoma 14.7.

Dear Support, I am trying to verify the installation of my macOS app via Test Flight. I have verified through code sign that it is properly signed and has all of the the required entitlements, including sandbox. The package uploaded successfully via Transporter, and the app installs with Test Flight. However, the app will not run. After numerous attempts, I discovered that the embedded.provisionprofile is missing from the Contents of the app bundle in the version that installs via Test Flight. If I install directly from the same PKG I uploaded to Transporter (that TestFlight is using for the build) I can verify that the embedded.provisionprofile is present. Why does uploading the PKG and installing through Test Flight result in the removal of the embedded provisioning file? Is this expected and/or could be another reason why my app is refusing to run? Much appreciated, ~Ross

Hello, I was trying to solve the error "Command CodeSign failed with a nonzero exit code" that occurs when I try to archive and publish my app. I realized the Team IDs on the Portal (To right corner next to my name eg "Pete Park - ABC1D2E334") and my Mac Keychain Acces (eg "Pete Park - XYZ9W8V776") do not match. The number on KeyChain Access, is that's a Team ID. (clueless self learner here) If yes, do they need to match? Any suggestion for the CodeSign error? Is "errSecInternalComponent" the error? Sorry if these questions are obvious or stupid. Thanks so much for any advice.