Hello fellow developers,
I hope you're all doing well. I've encountered an issue that I'm hoping someone here might have some insights on.
When I try to package my IPA for the production version, I receive a notification that the provisioning profile doesn't match the private key certificate. However, when packaging for the test version, everything works perfectly. I've ensured that I'm using the provisioning profile for the production version and even exported the key for this profile, but they still don't seem to match.
Upon further inspection, I noticed that when I applied for the production version of the mobileprovision, the Certificate Name automatically changed to the company name.
Has anyone else experienced this issue? If so, how did you resolve it? Any guidance would be greatly appreciated.
Thank you in advance for your time and assistance.
Best regards
Certificates, Identifiers & Profiles
RSS for tagDiscuss the technical details of security certificates, identifiers, and profiles used by the OS to ensure validity of apps and services on device.
Post
Replies
Boosts
Views
Activity
Hi, I have developed a MacOS app I'd like to distribute outside app store. I am an indie developer, there is no company, just me.
If I disable gatekeeper, app installs and runs fine. But to distribute, it seems I now have to sign the app (notarise etc) - which means joining Apple Developer Program and paying $99 p.a. for the pleasure.
But before I sign up, I wanted to check what will be shown on the certificate? I'd prefer not to show my (fairly unique) name/surname for privacy reasons. Will I be able to specify CN etc for the certificate or am I doomed to publicise my name with the app?
Thanks
Hey guys, I'm trying to build a game using GameMaker Studios for iOS but running into this automatic signing issue - I haven't had this issue on past builds, so it's confusing as to what this is. Any ideas of what I could try to solve this? I've tried many solutions but with my limited knowledge I haven't gotten very far - thank you!
If I understand correctly, Apple Distribution certificate type aims to replace the separate platform-specific certificate types. (Please don't jump me, I know this is a very simplified way to put it :D)
I am 100% sure Apple Distribution certificate can be used instead of a "Mac App Distribution" certificate, but I'm not sure whether the same is true for installers, namely the "Mac Installer Distribution" certificate.
I have read eskimo's great articles on packaging (https://developer.apple.com/forums/thread/701581) and signing (https://developer.apple.com/forums/thread/128166) but I have not seen a definite answer to this question in those.
Our command line builds started to fail with a 'no certificate of type Mac Installer Distribution is found' without any actual apparent change to the build process, so I'm just trying to understand this certificate type better.
I see no sign of this certificate ever having existed in developer.apple.com under Certificates tab.
We use the xcodebuild -exportArchive command with an -exportOptionsPlist that has the following content:
<dict>
<key>[redacted]</key>
<string>[redacted]</string>
<key>[redacted]</key>
<string>[redacted]</string>
</dict>
<key>installerSigningCertificate</key>
<string>3rd Party Mac Developer Installer</string>
<key>signingCertificate</key>
<string>Mac App Distribution</string>
and this has not changed at all either between the last successful build and the failing ones.
I listed the existing code signing identities with security find-identity -p codesigning and only an Apple Distribution certificate shows up, not Mac Installer Distribution certificate.
I have created Apple Development Signing Certificate for my macbook-air device with my developer account email here and when i export the certificate to view details but I found this then, How can I convert it to human readable language or any other better than this to see its content?
Hi,
After spending two months trying to launch this app I decided to start from scratch, and regenerate everything from code signing requests, certs, apps, appIDs, App Store entries, EVERYTHING, and at the end of all of it, I get exactly the same problem I've had for months:
"Invalid Provisioning Profile. The provisioning profile included in the bundle
com.chiltonwebb.secretprojectname [com.chiltonwebb.secretprojectname.pkg/Payload/secretprojectname.app] is invalid.
[Invalid 'com.apple.application-identifier' entitlement value.] For more information, visit the macOS
Developer Portal. (ID: 723cede2-3c9f-4069-b4fa-581ebd3468b9)"
I'm tired of guessing. I've tried everything I can find in these forums. What is the official way to diagnose this problem?
-Chilton
Dear Sirs,
I've written a Swift App, a C++ application and a Driver Extension using DriverKit and AudioDriverKit. As it works on my development machine now I'd like to give it to some other users and so I'm trying to make a Release Build. I've created a Signing Certificate for "Apple Distribution" which I can use for my Swift App and the C++ application which also both use "com.apple.developer.driverkit.userclient-access". I've been given this entitlement and the "Distribution Support" is for "Development, Ad hoc, App Store, Developer ID". For my Driver Extension I'm using the entitlements "com.apple.developer.driverkit" and "com.apple.developer.driverkit.family.audio" which I've also been given and which show the identical "Distribution Support". But when I try to use my Signing Certificate XCode refuses to use the provisioning profile for the Dext and says "Xcode 14 and later requires a DriverKit development profile enabled for iOS and macOS. Visit the developer website to create or download a DriverKit profile." On the other hand I have to use the same Signing Certificate for my Swift App that embeds the Dext and the Dext itself. How can I create a Signing Certificate for Release mode that works for both, the Swift App and the Dext?
Thanks and best regards,
Johannes
If I make a certsigningrequest to get a certificate in the developer account, it is not uploaded , i uploaded it but does not appeared it , can you help me ?
Hi, how to re-sign an open ipa file with my developer account and install to my device for testing.
Thanks
I looked at other posts with this problem and didn't find anything that worked.
I used Keychain Access and Certificate Assistant to create a CSR; I uploaded that on the portal. Downloaded the certificate, and I get that error whenever I try to import it. I can import it into the System one, but then it's untrusted, and I still can't export it as a p12 file.
This is one of the few times I did everything by reading the documentation as I did it, so I'm very confused.
Hi..
I have created the free apple developer account for the purpose of learning the iOS development. In my Mac book air M2 two certificates (APPLE DEVELOPMENT CERTIFICATES) were created by the XCODE automatically these certificates have an expiry of 1 year from the date of creation.
Kindly tell me what will happen after these certificates are expired, will I be able to create new certificates with my free developer account ?
Will XCODE will be able to create new certificates in the same way after these certificates are expired ?
Or, the existing certificates need to be renewed again ?
I request you to please clarify these points as per the entitlements of my free developer account.
Also tell what is the maximum number of certificates which can be created by XCODE ?
I tried to search on internet but could not find any source which can clear these queries.
Regards
Behavior:
I was recently having issues with errSecInternalComponent during codesign when using sudo su but NOT when logged into the non administrator account. Which appears to be due to the intermediate certificate not being in the admin user's keychain.
Workaround:
Add intermediate certificate (in my case the Apple Worldwide Developer Relations Certification Authority (G3) available here) to the Admin (who is running sudo su) user's keychain.
Why this is unexpected:
security find-identity -p codesigning indicates the identity is valid, but codesign fails with Warning: unable to build chain to self-signed root for signer and errSecInternalComponent. This behavior also seems to imply that while using codesign and sudo su, we are using the switched user (myuser)'s keychain for the signing identity, but the admin user's keychain for intermediate certificates.
Setup:
Admin user (referred to as admin)
Regular user (referred to as myuser)
For resting purposes do cp /usr/bin/true /Users/myuser/MyTrue
Steps to reproduce:
Login to the computer via Mac OS GUI as myuser
Install developer certificate and intermediates as myuser such that myuser's keychain has the development certificate and apple WWDR certificate
Verify that development certificate is valid and can codesign
myuser@mymachine % security find-identity -p codesigning
Policy: Code Signing
Matching identities
1) <REDACTED> "Apple Development: My User (<REDACTED>)"
1 identity found
Valid identities only
1) <REDACTED> "Apple Development: My User (<REDACTED>)"
1 valid identity found
Verify that signing works
myuser@mymachine % codesign -s "Apple Development" -f ~/MyTrue
/Users/myuser/MyTrue: replacing existing signature
Login to computer via Mac OS GUI as admin
As admin verify your login keychain does NOT contain the Apple Development identity or any intermediate WWDR certificates (delete them if present).
Use sudo su myuser to switch to myuser while in the admin GUI account.
admin@mymachine % sudo su myuser
myuser@mymachine %
Verify that development certificate is valid and can codesign after switching
myuser@mymachine % security find-identity -p codesigning
Policy: Code Signing
Matching identities
1) <REDACTED> "Apple Development: My User (<REDACTED>)"
1 identity found
Valid identities only
1) <REDACTED> "Apple Development: My User (<REDACTED>)"
1 valid identity found
Verify that codesigning fails
myuser@mymachine % codesign -s "Apple Development" -f ~/MyTrue
Warning: unable to build chain to self-signed root for signer: <REDACTED> "Apple Development: My User"
/Users/myuser/MyTrue: errSecInternalComponent
Verify that after installing the WWDR G3 intermediate in the admin user's keychain, signing works as expected.
myuser@mymachine % codesign -s "Apple Development" -f ~/MyTrue
/Users/myuser/MyTrue: replacing existing signature
Failed to build iOS app
Error (Xcode): No profiles for 'com.jurabek7788.sos' were found: Xcode couldn't find any iOS App Development provisioning profiles matching
'com.jurabek7788.sos'. Automatic signing is disabled and unable to generate a profile. To enable automatic signing, pass -allowProvisioningUpdates to
xcodebuild.
/Users/user/Desktop/SOS%20flutter%20/set_of_service_app/ios/Runner.xcodeproj
It appears that there was a problem signing your application prior to installation on the device.
Verify that the Bundle Identifier in your project is your signing id in Xcode
open ios/Runner.xcworkspace
Also try selecting 'Product > Build' to fix the problem.
Encountered error while building for device.
this is my error coming when i build ios app. And main problem is already did all the things
Hi,
I'm trying to sign an App (original python compiled for MAC) and the codesign process is failing with error:
The command from terminal that produced the error was:
codesign --sign "$devID" $file2sign
Warning: unable to build chain to self-signed root for signer "Apple Development: ..."
errSecInternalComponent
I have both a dev certificate (current, just downloaded a couple of days ago) and the intermediate certificates.
When I run the command
security find-identity -v -p codesigning
I can perfectly see my dev cert, but only listed as "valid identities" nothing is listed as "matching identities"
Any help will be highly appreciated!
Hi,
I'm trying to sign and app which is a python compiled exe for Mac OS (one file only).
The app runs perfectly on my own mac (or some else's, but only after being admin authorized)
after running
codesign --sign "$devID" $file2sign
I got the following error:
Warning: unable to build chain to self-signed root for signer "Apple Development:..."
errSecInternalComponent
As per screenshot, I have both a current Dev cert and the intermediate certs installed.
Any help will be highly appreciated!
Xcode Cloud always exports archive using ad-hoc, development and app-store profiles. This uses up 5-6 more minutes always for my app. How to disable and allow export only in single distribution profile
The certificate used in the app published earlier is showing as invalid or not considering in the provisioning profile now.So please help us how to resolve this issue with same certificate to publish an update for the app.
Hi,
I was about to delete the expired provisioning profiles, meaning the ones where it said "Expired" in the last column. Now I see there are some more where the expiration date is clearly in the past, but they don't show as expired. Any idea why that is?
Kind regards
Thomas
We have a Jenkins job that runs a script on a Mac to create our installers.
This was working last week.
Today, it's failing with:
`"Apple Development: John Lussmyer (xxxxxxxxx)" (CSSMERR_TP_CERT_EXPIRED)
The other identities used for the build work. So far, I've been unable to find anything in my Account that indicates something has expired.
Can anyone tell me how to get this fixed?
Hi to all,
a few years ago I worked with PhoneGap developing apps. As for then I did all the deploys so never got the need to have the answer to my current issue.
The problem is.. we have a 3rd party company developing us a Flutter App and we want for some of our company's members to test it by being them to deploy using our certificates so the tests can be done. However generating the development certificate always makes it's name to be the same that belongs to the account that generated it.
I believe it would work but how could I make it more manageable by setting it's name as the 3rd party company's name (let's say company's name is "XPTO")?
Is there a better way to accomplish this, deploying to testflight so our colleges can test it?