Hello, my iOS apps are exiting right after launch on a few of our iOS devices. I tried a couple of my apps that are deployed to our fleet and they do the same thing. If I run the app(s) in the Simulator it works fine and if I run the app(s) on the offending devices it works fine as well. Once I stop the run in Xcode the app on the device will not launch. I'm thinking something is missing like a certificate etc. Just not sure. Any ideas on how to troubleshoot this? I would really like to get this fixed.

I'm unable to sign the an example application using xcode and "automatically manage signing". The error I'm getting is: CodeSign [...] (in target 'foobar' from project 'foobar') Signing Identity: "Apple Development: [xxxx] " /usr/bin/codesign --force --sign 4ABB258102FF656E9F597546A49274C28D2B8B3E -o runtime --timestamp\=none --generate-entitlement-der [filename] 4ABB258102FF656E9F597546A49274C28D2B8B3E: no identity found Command CodeSign failed with a nonzero exit code However, I am able to see a certificate and a private identity on my keychain: % security find-certificate -aZ | grep -i 4ABB258102FF656E9F597546A49274C28D2B8B3E SHA-1 hash: 4ABB258102FF656E9F597546A49274C28D2B8B3E and % security find-key -s | grep -q 'Apple Development' && echo YES YES what is puzzling is that security does not find an identity: % security find-identity -p codesigning Policy: Code Signing Matching identities 0 identities found Valid identities only 0 valid identities found but XCode claims that everything is working fine. Anybody knows what might I be missing? I tried logging out, requesting new certificates, rebooting, moving them to another keychain, and asking to developer friends.

Hi everyone, We're trying to prepare a DriverKit App for a client test, and we've run into an unavoidable signing conflict that seems to be caused by the Xcode Archive process itself. Background & Environment: Environment: macOS 15.6.1, Xcode 16.4 Our project consists of a main App Target and a DEXT Target. Both the Debug and Release configurations for both targets are set to Xcode's default: Automatically manage signing. Our developer account holds a valid, active Developer ID Application (With Kext) certificate, which we use for signing our legacy KEXT. The Action That Triggers Failure: From this clean state, we execute Product -> Archive. The Archive process fails during the signing validation phase and presents the following three errors, completely halting the process: There is a problem with the request entity - You already have a current Developer ID Application Managed (With Kext) certificate... No profiles for 'com.company.Acxxx.driver' were found... No profiles for 'com.company.Acxxx.app' were found... This error seems to indicate that the Xcode Archive process: Ignores the project's Release configuration (even the default 'Auto' setting). Attempts to automatically create a new, standard Developer ID certificate for us. This action conflicts with the existing (With Kext) certificate in our account, causing the entire Archive process to fail. The "Failed Experiment" to Resolve This: To work around this automation conflict, we tried the solution: configuring a fully manual signing process for the Release configuration to explicitly tell Xcode to use our existing KEXT certificate. Our Steps: We disabled automatic signing for both the App and DEXT targets for the Release configuration and manually assigned the Developer ID Provisioning Profiles created for our Developer ID (With Kext) certificate. The New Problem: After doing this, the Signing Certificate field for the DEXT Target's Signing & Capabilities interface now shows None, accompanied by the misleading warning about needing a DriverKit development profile. The Outcome: This None issue now prevents us from even starting the Archive process, as the project fails to build due to the incorrect signing configuration. We've tried every debugging step — including rebuilding profiles, validating the keychain, and clearing caches — but nothing resolves this None issue. Our Dilemma: State A (Fully Automatic Signing): The Archive process fails due to the KEXT certificate conflict. State B (Manual Release Signing): The project fails to build due to the Signing Certificate: None issue, preventing us from initiating an Archive. For a development team holding a KEXT Developer ID certificate, how should an Xcode project be configured when migrating to DriverKit, so that the Archive process: Does not trigger the flawed automation logic that attempts to create a new certificate? And, does not fall into the Signing Certificate: None configuration trap? Related Forum Threads We've Studied: https://developer.apple.com/forums/thread/781932 https://developer.apple.com/forums/thread/751490 https://developer.apple.com/forums/thread/767152 https://developer.apple.com/forums/thread/721563 Best Reagrds, Charles

Hi everyone, I am trying to generate an .ipa file for my .NET MAUI (net9.0-ios) application, but every attempt fails with the same codesigning error. I have tried multiple approaches, including building from Windows paired to macOS, and directly building through the macOS terminal, but nothing is working. Below are the exact steps I followed: Steps I Performed 1.>Generated the Apple Development certificate using Keychain Access on macOS. 2.>Added that certificate into my developer account and created the corresponding provisioning profile. 3.>Created an App ID, attached the App ID to the provisioning profile, and downloaded it. 4.>Added the provisioning profile into Xcode. Verified that the certificate is correctly visible in Keychain Access (private key available). Attempted to build/publish the MAUI app to generate the .ipa file. Issue Whenever I run the publish command or build via Windows/macOS, codesigning fails with the following error: /usr/bin/codesign exited with code 1: Frameworks/libSkiaSharp.framework: replacing existing signature Warning: unable to build chain to self-signed root for signer "Apple Development: Created via API (8388XAA3RT)" Frameworks/libSkiaSharp.framework: errSecInternalComponent Failed to codesign 'PCS_EmpApp.app/Frameworks/libSkiaSharp.framework': Warning: unable to build chain to self-signed root for signer "Apple Development: Created via API (8388XAA3RT)" PCS_EmpApp.app: errSecInternalComponent Build failed with 4 error(s) and 509 warning(s) Environment .NET: 9.0 MAUI: latest tools Xcode: 26.0.1 macOS: 26.0.1 Building for ios-arm64 (device) What I suspect It looks like the signer certificate might not be trusted, or the certificate chain cannot connect to an Apple root CA. But the certificate was created using the Developer website and appears valid. Need Help With Why is codesign unable to build the certificate chain? Do I need a different type of certificate? (App Store / Distribution vs Development?) How can I successfully generate the .ipa file? Any guidance will be greatly appreciated. Thank you!

I can create an ipa file with vs using the wildcard bundle identifier but this is rejected by apple when I upload with the Transporter app saying invalid identifier and no distribution profile/certificate. When I create a new distribution profile with the correct XC identifier and distribution certificate and try to archive with visual studio publish says the bundle id is not a match for the distribution profile with iOS? This is a net 10 net maui project and my first build attempt

I get these errors. I think I've checked everything possible. "entitlements file, Identifiers etc." but I couldn't find a solution. I tried manual signing as well. Same result. The profiles I added also become invalid after a while. Everything seems normal in my developer account.

I am writing to follow up on my request for Family Control permission, which I submitted through the appropriate form over a week ago. Unfortunately, I have not yet received any response or access to the requested permissions. Could you kindly provide an update on the status of my request? If any further information or action is needed from my end, please let me know.

Hi, I am trying to make my app build on GitHub Action CI pipeline. App builds fine on xcode on my mac. For CI I am using command line xcode. I am getting following error: No profiles for 'com.snslocation.electricians-now' were found: Xcode couldn't find any iOS App Development provisioning profiles matching 'com.snslocation.electricians-now'. Automatic signing is disabled and unable to generate a profile. To enable automatic signing, pass -allowProvisioningUpdates to xcodebuild. (in target 'myapp' from project 'myapp') You can see full log of the build here: https://github.com/nbulatovi/ElectriciansNow/actions/runs/12603115423/job/35127512689 The provisioning profile is present, and verified in the previous steps in the pipeline, however xcode refuses to find it. If I add -allowProvisioningUpdates error stays. I tried manually mapping app id to profile name. Is there a way to get any debug log from xcode profile search, to see why is it not picking up the correct profile? Or can you maybe help in some other way? xcode version is 15.4, iOS SDK 17.5

Even if I recreate everything and register it, it does not register in xcode as shown below. No matter how many times I regenerate the certificate and profile, the same thing happens.

I'm building an app that uses the Screen Time API and DeviceActivityMonitoring Framework. It works when I run the simulator build on iPhone 16 but when I try to launch it on my own iPhone, I get these errors. Provisioning profile "iOS Team Provisioning Profile: Kanso- Digital-Wellness.Kanso-v2" doesn't include the com.apple.developer.device-activity.monitoring entitlement. KansoMonitorExtension 1 issue x Provisioning profile "iOS Team Provisioning Profile: Kanso-Digital-Wellness.Kanso-v2.KansoMonitorExtension" doesn't include the com.apple.developer.device-activity.monitoring en... Read something online that said a reboot would fix this, but I tried and no luck. Any ideas? I'm not very technical, so would pay someone to fix this for me :)

I am attempting to sign a *.pkg for distribution but I get "Could not find appropriate signing identity for 'Developer ID Application: CompanyName'. I'm calling this command to sign: productsign --sign 'Developer ID Application: CompanyName' "unsigned.pkg" "signed.pkg" I've downloaded the WWDR Intermediates, when I go through Keychain Access > Certificate Assistant > Evaluate on the cert and select "Code Signing" I get "Evaluation Status: Success" and "Certificate Status: Good". Additionally my certificate shows up as valid in my keychain. I'm at a loss for what is going on.

I'm trying to download a profile for a developer download for an app, but I get this error and can't install the profile. I've already registered the device and UDID and added it to the profile. Please let me know what I need to do.

Im trying to compile a free app from GitHub for personal use but i cant sign it since everytime im getting the same error "0 identities found". I have added my Apple ID to Xcode accounts, but in manage certificates, it shows "status not in keychain". On keychain access > login, it doesn’t show any Apple dev certificate obviously, and when I run security find-identity in terminal, I get a 0 identities found, 0 valid identities found. I don’t know where to begin, every tutorial I find requires downloading a certificate from Apples Dev website but my account is a free developer, not paid. A few months ago I was able to compile this same app so I know I don’t need a paid dev account. Any help appreciated.

I am trying to make a driver release, but failing (I think) because the manually generated distribution profiles are for the MacOS platform only, rather than MacOS and iOS together. As far as I can tell, everything is correct in the manual profiles apart from the platform. The necessary entitlements appear to be correct. In contrast, Xcode generated profiles list both MacOS and iOS as the platform and work fine for development and to generate a release archive. But Archives 'Distribute Content' gives only 'Custom' as a distribution mechanism, and no option for notarization. So, the question is: is this a problem with my developer account (and if so, what is the appropriate channel to fix it!), or is this something subtle in the project configuration?

Hello, first of all thanks for reading my post. I am having a trouble about Signing & Capabilities part on Xcode during few days. Hope someone knows how to deal with this. I created a Apple Development certificate with CSR on my MacOS through KeyChain but the Team ID(VC78G4S77J) on this certificate is different with my real Team ID(FYF9AT8ZA8) logged in. I don't even know where this 'VC78G4S77J' came from. Also I created the identifier, bundle ID, device and profile but they were all created with 'FYF9AT8ZA8'. So here is the problem. On Xcode Signing & Capabilities section, I selected Team and put Bundle Identifier connected with 'FYF9AT8ZA8' but Signing Certificate is shown as 'Apple Development: My ID (VC78G4S77J). Therefore when I build iOS simulator on Xcode or VScode, there is error 'No signing certificate "iOS Development" found: No "iOS Development" signing certificate matching team ID "FYF9AT8ZA8" with a private key was found.' If I try turn off 'Automatically manage signing' and select provisioning profile I created, Xcode said my profile does not include VC78G4S77J certificate, because my profile has FYF9AT8ZA8 certificate. Importing profile file is not helpful also. I think, first delete the all VC78G4S77J certificate in KeyChain and recreate FYF9AT8ZA8 certificate through KeyChain/CSR, however again VC78G4S77J certicate was created when I created on 'developer.apple.com'. I truly have no idea where did VC78G4S77J come from. Please let me solve this issue.. Warm regards.

Title: Apple's Outdated and Restrictive Certificate Signing Process: A Barrier to Innovation Introduction In the dynamic field of mobile app development, the agility and freedom offered to developers can significantly dictate the pace of innovation and user satisfaction. Apple's certificate signing process, a legacy from an earlier era of computing, starkly contrasts with more modern approaches, particularly Android's Keystore system. This article delves into the cumbersome nature of Apple's approach, arguing that its outdated and proprietary methods hinder the development process and stifle innovation. The Burdensome Nature of Apple's Certificate Signing Proprietary Restrictions: Apple's certificate signing is not just a process; it's a gatekeeper. By forcing developers to go through its own system to obtain certificates, Apple maintains a tight grip on what gets published and updated. This closed ecosystem approach reflects a dated philosophy in an age where flexibility and openness are key drivers of technological advancement. Complex and Time-Consuming: The process to acquire and maintain a valid certificate for app signing is notoriously intricate and bureaucratic. Developers must navigate a maze of procedures including certificate requests, renewals, and provisioning profiles. Each step is a potential roadblock, delaying urgent updates and bug fixes, which can be crucial for user retention and satisfaction. Lack of Autonomy: Apple's centralized control means every application must be signed under the stringent watch of its guidelines. This lack of autonomy not only slows down the release cycle but also curbs developers' creative processes, as they must often compromise on innovative features to meet Apple's strict approval standards. Comparing Android’s Keystore System Developer-Friendly: In stark contrast, Android’s Keystore system empowers developers by allowing them to manage their cryptographic keys independently. This system supports a more intuitive setup where keys can be generated and stored within the Android environment, bypassing the need for any external approval. Speed and Flexibility: Android developers can use the same key across multiple applications and decide their expiration terms, which can be set to never expire. This flexibility facilitates a quicker development process, enabling developers to push updates and new features with minimal delay. The Impact on the Developer Ecosystem Innovation Stifling: Apple's outdated certificate signing process does not just affect the technical side of app development but also impacts the broader ecosystem. It places unnecessary hurdles in front of developers, particularly small developers who may lack the resources to frequently manage certificate renewals and navigate Apple’s rigorous approval process. Market Response: The market has shown a preference for platforms that offer more freedom and less bureaucratic interference. Android's growing market share in many regions can be partially attributed to its more developer-friendly environment, which directly contrasts with Apple's tightly controlled ecosystem. Conclusion Apple’s certificate signing method, while ensuring a secure environment, is an archaic relic in today’s fast-paced tech world. It binds developers with outdated, proprietary chains that hinder rapid development and innovation. As the technological landscape evolves towards more open and flexible systems, Apple’s restrictive practices could potentially alienate developers and erode its competitive edge. For Apple to maintain its relevance and appeal among the developer community, a significant overhaul of its certificate signing process is not just beneficial—it's necessary.

I am developing and distributing an XCFramework, and I want to ensure that it remains valid for as long as possible. I have some questions regarding certificate expiration and revocation: I understand that if an XCFramework is signed with a timestamp, it remains valid even after the signing certificate expires. However, if the signing certificate is revoked, the XCFramework immediately becomes unusable. As far as I know, Apple allows a maximum of two active distribution certificates at the same time. I assume that once a certificate expires, it will eventually need to be revoked in order to issue a third certificate. Is this correct? If an expired certificate is later revoked, will the XCFrameworks signed with that certificate also become invalid, even though they were timestamped? I want to ensure that released XCFrameworks remain valid for as long as possible. What is the best approach to achieve this? If anyone has insights or official documentation references on how to manage signing certificates for long-term XCFramework validity, I would appreciate your guidance. Thank you!

i was complete my program, and export a mac app already it work ok in my macmini, but if i want send it to app store, that i have no way now i still do not know how to make this app perfect like, when i use pyinstaller to build this app, is there any info or elements need make with? i can sign my app now, even i use codesign -dvvv my.app to check the sign, it is also ok, there no any feedback said it anything wrong. so, any master know fix app sign or any infoplist please tech me... help

Hi Developer Community, I'm encountering persistent code signing failures on macOS Sonoma 15.3 with a valid Developer ID Application certificate. The error occurs consistently across multiple certificate regenerations and various troubleshooting approaches. Environment macOS Version: Sonoma 15.3 Developer Account Type: Developer ID Certificate Type: Developer ID Application Certificate Details: Developer ID Application certificate valid until 2027 Using SHA-256 with RSA Encryption Certificate shows as valid in Keychain Access with associated private key Error Message Warning: unable to build chain to self-signed root for signer "Developer ID Application: [my certificate]" [filename]: errSecInternalComponent Steps to Reproduce Install certificate chain in order: Apple Root CA (System keychain) Apple WWDR CA (System keychain) Developer ID CA (System keychain) Developer ID Application certificate (Login keychain) Verify certificate installation: security find-identity -v -p codesigning Result shows valid identity. Attempt code signing with any binary: codesign -s "Developer ID Application: [my certificate]" -f --timestamp --options runtime [filename] Results in errSecInternalComponent error Troubleshooting Already Attempted Regenerated Developer ID Application certificate multiple times from Developer Portal Completely removed and reinstalled entire certificate chain Verified trust settings on all certificates (set to "Always Trust" for code signing) Tried multiple codesign command variations including --no-strict flag Verified keychain integrity Installed latest Apple CA certificates from apple.com/certificateauthority Verified certificate chain is properly recognized by security verify-cert Additional Information All certificates show as valid in Keychain Access Private key is properly associated with Developer ID Application certificate Trust settings are correctly configured for all certificates in the chain Problem persists after clean certificate installations Error occurs with any binary I try to sign Has anyone else encountered this issue on Sonoma 15.3? Any suggestions for resolving this system-level certificate trust chain issue would be greatly appreciated. Thanks in advance!

Hi everyone, I am doing my app playground, when I change the development team or try to clear it, this bug happend? So I wonder do I have to remove it when I submit my work or just leave it there. Signing for "myapp" requires a development team. Select a development team in the Signing & Capabilities editor.