Notarization Rejects Valid Developer ID Certificates - Apple Infrastructure Issue? Environment macOS: 15.6.1 Xcode: 26.0.1 Architecture: arm64 (Apple Silicon) Team ID: W---------- Certificate Status: Valid until 2030 (verified on developer.apple.com) Problem Apple's notarization service consistently rejected properly signed packages with error: "The binary is not signed with a valid Developer ID certificate." Despite: ✅ Valid certificates on developer.apple.com ✅ Local signing succeeds (codesign --verify passes) ✅ Proper certificate/key pairing verified ✅ Package structure correct Failed Submission IDs September 2025: adeeed3d-4732-49c6-a33c-724da43f9a4a 5a910f51-dc6d-4a5e-a1c7-b07f32376079 3930147e-daf6-4849-8b0a-26774fd92c3c b7fc8e4e-e03c-44e1-a68e-98b0db38aa39 d7dee4a1-68e8-44b5-85e9-05654425e044 da6fa563-ba21-4f9e-b677-80769bd23340 What I've Tried Re-downloaded fresh certificates from Apple Developer Portal Verified certificate chain locally Tested with multiple different builds Confirmed Team ID matches across all configurations Verified no unsigned nested components Waited 3 months for potential propagation delays Verified all agreements are current and accepted Re-tested with minimal test package - same error persists Local Verification # Certificates present and valid security find-identity -v -p codesigning | grep "Developer ID" 1) XXXXXXXXXX "Developer ID Application: <<REDACTED>> (W----------)" 2) XXXXXXXXXX "Developer ID Installer: <<REDACTED>> (W----------)" # Signing succeeds codesign --verify --deep --strict --verbose=2 [app] → Success Question This appears similar to thread #784184. After 3 months and ensuring all agreements are signed, the issue persists with identical error. The certificates work for local signing but Apple's notarization service rejects them. Could this be: Backend infrastructure issue with Team ID W----------? Certificate not properly registered in Apple's notarization database? Known issue requiring Apple Support intervention? Has anyone else experienced valid Developer ID certificates being rejected specifically by the notarization service while working locally?

The process has been stuck "In Progress" for 8 days now. We had a scheduled New Year Offer for our software that would run based around this important new update, and obviously we missed it because of this crazy issue. Notarization used to take a few seconds. Now it does not work, neither on my newly set up Mac, nor in my old (completely unchanged) one. My company and finances are totally frozen at this point due to this issue. PLEASE help, look into my actual account and do what is needed!

I am using the xcrun notarytool submit --apple-id xxxxx@gmail.com --password xxxxx--team-id xxxxxx --output-format json --wait --no-progress /my/dmg/file to notarize my DMG file. But it always gives me back the error, Error: HTTP status code: 403. A required agreement is missing or has expired. This request requires an in-effect agreement that has not been signed or has expired. Ensure your team has signed the necessary legal agreements and that they are not expired. I did log in my developer account and found no place to sign any agreement. Actually in the morning when I logged in the developer account, it indeed pop up the agreement for me to sign and I did sign it. But now it seems I don't have any more agreements to sign. So, any ideas about what I should do?

Hi at all, we started a notarization process and after 3 hours is still in progress.

I have built a flutter desktop app and I notarized it. I have to distribute it directly as I cannot turn on App Sandboxing due to the functions included in the application. I created a build of the app from Xcode and then uploaded it for notarization and it was successfully notarized. If I compress that app into a .zip and share it over the internet, it successfully opens on any computer. But when I create a dmg using appdmg from npm and I try to distribute it, it does not open and shows me the option to either move to bin or cancel. When I notarize the dmg using the command: xcrun notarytool submit "YourApp.dmg" --apple-id "email" --password "app-specific-password" --team-id "YOUR_TEAM_ID" --wait It notarizes successfully. I have also done: xcrun stapler staple "YourApp.dmg" And validated it but it does not seem to work when I distribute it over the internet by uploading on my website. It is a bit strange that when I distribute the notarized app, it does not show any error when distributed over the internet by uploading on my website and then downloading but for a notarized dmg, which is properly signed, it gives that error that wether move to bin or do nothing. Would love someone's help on this!

Hello Apple Developer Community, I’m encountering an issue where my macOS app (signed with a valid ‘Developer ID Application’ certificate and accepted by Apple’s notary service) fails when I attempt to staple the notarization ticket. The Apple notary service reports ‘Accepted’ each time, but xcrun stapler staple always returns Error 65, with the local check (spctl -a -vvv) showing ‘Unnotarized Developer ID.’ Here are some key points: Certificate: I have a valid ‘Developer ID Application’ certificate (unexpired) in my login and system keychains, with Apple’s intermediate certificates also installed and set to System Defaults or Always Trust. Notarization: Regardless of whether I submit a .zip of the .app or the final .dmg for notarization, notarytool reports ‘Accepted.’ Stapling: xcrun stapler staple (or notarytool staple) on the exact file I uploaded fails with Error 65, claiming it can’t validate the downloaded ticket. Environment Checks: Checked for duplicate or outdated certificates—only one Developer ID remains. Repeated on multiple code-signed builds (both .app and .dmg) with the same result. Manually tested code-signing the .app with entitlements (for the hardened runtime) and then signing the .dmg without entitlements. Logs: The relevant excerpt from stapler indicates “Could not validate ticket for [app]. The staple and validate action failed! Error 65,” even though Apple’s notary service claims success. Could you please advise any additional troubleshooting steps or possible causes for local validation failure after a successful notarization? I’ve already ensured the environment is up to date with valid intermediates, only one Developer ID certificate. Any insight on diagnosing ticket mismatch or known tool bugs with Error 65 would be appreciated. Thank you!

I have an app that only crashes once it's been notarised. I read a few posts that essentially said before trying to identify issues by reviewing the crash report I should ensure signing and notarisation has happened correctly. I've worked through the document "Resolving common notarization issues" spctl -vvv --assess --type exec: gives no errors and correctly returns my developer id. codesign -dvv: returns a timestamp My app uses a hardened runtime. My app shows up in Xcode as a macOS Archive (e.g not a Generic Xcode Archive) Here is the crash report. Translated Report (Full Report Below) Process: Scene Finder [44479] Path: /Users/USER/Downloads/Scene Finder.app/Contents/MacOS/Scene Finder Identifier: Version: 0.9 (20250206.1) Code Type: ARM-64 (Native) Parent Process: launchd [1] User ID: 501 Date/Time: 2025-02-11 13:09:03.7786 +1000 OS Version: macOS 15.3 (24D60) Report Version: 12 Anonymous UUID: EE8B1269-0A8A-3AB6-516B-C752E8A18B5A Sleep/Wake UUID: 436CD7CF-7B13-4A9C-9425-7EF94CC007A9 Time Awake Since Boot: 98000 seconds Time Since Wake: 9524 seconds System Integrity Protection: enabled Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_CRASH (SIGABRT) Exception Codes: 0x0000000000000000, 0x0000000000000000 Termination Reason: Namespace SIGNAL, Code 6 Abort trap: 6 Terminating Process: Scene Finder [44479]

I'm about at my wit's end trying to figure out why I can sign and notarize code, but am unable to staple the notarization, no matter what I do. I've reinstalled Xcode, reinstalled certificates, and tried about every suggestion that I can find, but still no luck. 2023 M3 MacBook Pro, OS X 15.3.1, Xcode 16.2. I have created a very basic Xcode app to test this with. I am building the project: codegen generate && xcodebuild -project SimpleNotarizationTest.xcodeproj -scheme SimpleNotarizationTest -configuration Release clean build (see attached file for build log) build-log.txt The signature and entitlements verify: codesign -d --entitlements :- ~/Library/Developer/Xcode/DerivedData/SimpleNotarizationTest-*/Build/Products/Release/SimpleNotarizationTest.app Output: Executable=/Users/minter/Library/Developer/Xcode/DerivedData/SimpleNotarizationTest-ecqihdiubptfnldimmjgnqpjr xun/Build/Products/Release/SimpleNotarizationTest.app/Contents/MacOS/SimpleNotarizationTest warning: Specifying ':' in the path is deprecated and will not work in a future release <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple .com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>com.apple.security.app-sandbox</key><true/><k ey>com.apple.security.files.user-selected.read-only</key><true/></dict></plist> I created a zip file: ditto -c -k --keepParent ~/Library/Developer/Xcode/DerivedData/SimpleNotarizationTest-*/Build/Products/Release/SimpleNotarizationTest.app SimpleNotarizationTest.zip I submitted the app for notarization and it was approved: xcrun notarytool submit SimpleNotarizationTest.zip --apple-id "$APPLE_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --team-id "$APPLE_TEAM_ID" --wait Output: Conducting pre-submission checks for SimpleNotarizationTest.zip and initiating connection to the Apple notary service... Submission ID received id: d2c0d6b0-cd55-4fa6-b958-09767d562a33 Upload progress: 100.00% (23.6 KB of 23.6 KB) Successfully uploaded file id: d2c0d6b0-cd55-4fa6-b958-09767d562a33 path: /Users/minter/tmp/simple-app-stapling/SimpleNotarizationTest.zip Waiting for processing to complete. Current status: Accepted......... Processing complete id: d2c0d6b0-cd55-4fa6-b958-09767d562a33 status: Accepted I attempt to staple the app: xcrun stapler staple -v ~/Library/Developer/Xcode/DerivedData/SimpleNotarizationTest-*/Build/Products/Release/SimpleNotarizationTest.app And it fails. See verbose stapling log. verbose-stapling-log.txt The top line is that it finds and downloads the ticket, but can't/won't staple. Downloaded ticket has been stored at file:///var/folders/dd/cgm9_v3n399_zqqsphgzs5jh0000gn/T/1b7cb7d8-9a9e-462c-831b-09de1b896d9e.ticket. Could not validate ticket for /Users/minter/Library/Developer/Xcode/DerivedData/SimpleNotarizationTest-ecqihdiubptfnldimmjgnqpjrxun/Build/Products/Release/SimpleNotarizationTest.app The staple and validate action failed! Error 65. Wade-Minter~/tmp/simple-app-stapling(:|✔) % From my debugging, I can say: The code signature appears valid and includes a secure timestamp from Feb 23, 2025 The app is properly signed with Developer ID Application The notarization ticket is being successfully retrieved from Apple's servers (as shown in the verbose output) The ticket is being downloaded to a temporary location, but the stapler is failing to validate it with error 65 The app bundle structure appears complete with all required components The CDHash matches between the code signature and the notarization ticket: 604544b32d7074dd77e2e6f2070f6e2d41f6368d If I run: spctl -a -vv ~/Library/Developer/Xcode/DerivedData/SimpleNotarizationTest-*/Build/Products/Release/SimpleNotarizationTest.app The output is: Wade-Minter~/tmp/simple-app-stapling(:|✔) % spctl -a -vv ~/Library/Developer/Xcode/DerivedData/SimpleNotarizationTest-*/Build/Products/Release/SimpleNotaspctlionTest.app /Users/minter/Library/Developer/Xcode/DerivedData/SimpleNotarizationTest-ecqihdiubptfnldimmjgnqpjrxun/Build/Products/Release/SimpleNotarizationTest.app: rejected source=Unnotarized Developer ID origin=Developer ID Application: Fourth Line LLC (6U2KJ5KDT4) To summarize: The app is being recognized as "Unnotarized Developer ID" despite successful notarization The stapler is able to retrieve the ticket but fails during validation The error code 65 consistently appears during stapling attempts All code signing and bundle integrity checks pass The notarization ticket is being successfully downloaded but not successfully attached Any insight will be appreciated, since I've exhausted every option that I can find.

Hello everyone, I’m currently developing an Electron application, and I’m trying to properly sign and notarize it for macOS. The notarization process itself seems to complete successfully—the file is accepted without issues. However, when I attempt to staple the notarization ticket to the executable, I consistently get Error 65 with TheStableAndValidateActionFailed. The issue is puzzling because the executable does not change at any point during the process. After facing this issue multiple times in my own project, I decided to test it on a more controlled setup. I followed the steps from this https://www.youtube.com/watch?v=hYBLfjT57hU and the instructions from this macos-code-signing-example which have previously worked for others. Yet, even with this setup, I still get the same Error 65. Below, I have attached the verbose logs for reference. I’m trying to understand what could be causing this issue—whether it’s related to certificates, the signing process, or something else entirely. Has anyone encountered a similar problem, and if so, how did you resolve it? Any insights would be greatly appreciated!

Hi, I have an account that is only a few days old. My first notary went smooth and was done within minutes. Every subsequent notary has been stuck pending. The oldest one being a day or so.

Hey everyone, I've been trying to notarize my Electron macOS app for the past two days without any success. My longest attempt took nearly 4 hours, and my current attempt has already been running for 2 hours and 26 minutes. From what I can see in the logs, the signing step has completed successfully, and the app is currently in the notarization stage. But it's been stuck there with no real updates or progress indicators. Is this kind of delay normal? Has anyone else experienced such long notarization times? Any help or insight would be greatly appreciated! Thanks in advance.

I started the notarization process for my electron app (just a browser window loading a URL) yesterday (26/03/2025) at around 05:23 GMT. I noticed in a couple of posts here in the forum that it may sometimes take a day to notarize the first app submitted by a team, but it has been over 30 hours now. Here's the log from xcrun notarytool history. createdDate: 2025-03-26T05:23:11.102Z id: ddcb3fca-4667-4acb-8fd1-3298a7c244cc name: xolock-browser.zip status: In Progress Do help me out here, I have zero idea why this is taking so long. Thanks in advance!

I have been trying to notarize my application for about a month via this command - xcrun notarytool submit "Backlsh.zip" --apple-id "" --password "" --team-id "" but it throws error - { "logFormatVersion": 1, "jobId": "c8173ee6-edd2-4c51-a86b-8f3b8dea0a84", "status": "Rejected", "statusSummary": "Team is not yet configured for notarization. Please contact Developer Programs Support at developer.apple.com under the topic Development and Technical / Other Development or Technical Questions.", "statusCode": 7000, "archiveFilename": "Backlsh.zip", "uploadDate": "2025-03-06T05:33:56.287Z", "sha256": "b45e579f0c47070b55d74ac49e49c81d32f2315bd290ca5592f71f314018c44d", "ticketContents": null, "issues": null } I have raised ticket to apple support but i havent received any help yet ! I have tried to submit 5 times. Kindly help !

Hi All. I'm having a notarization issue trying to get a product built. Starting around the beginning of April, I have a notarization process failing every time with an invalid server certificate. The returned error is: Error: HTTPError(statusCode: nil, error: Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “notary-artifacts-prod.s3.amazonaws.com” which could put your confidential information at risk." UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, NSErrorPeerCertificateChainKey=( "<cert(0x107810200) s: *.s3.amazonaws.com i: Amazon RSA 2048 M01>", "<cert(0x107810c00) s: Amazon RSA 2048 M01 i: Amazon Root CA 1>", "<cert(0x107811400) s: Amazon Root CA 1 i: Starfield Services Root Certificate Authority - G2>", "<cert(0x107811c00) s: Starfield Services Root Certificate Authority - G2 i: Starfield Class 2 Certification Authority>" The problem certificate appears to be "Amazon RSA 2048 M01" which appears to be expired. The error fires in response to an 'xcrun notarytool log' command. The initial ' xcrun notarytool submit' has already worked. The build server in this case is running Jenkins, with a Makefile driven notarization stage. It all worked perfectly until a build on April 3rd, all builds have failed since. I have tried using '--no-s3-acceleration'. But that fails even faster with: Conducting pre-submission checks for ICFA.zip and initiating connection to the Apple notary service... Submission ID received id: d50a2157-7acb-4bd6-b1d1-6d0b1d52d5c9 Error: The operation couldn’t be completed. (Network.NWError error 2.) Any help or suggestions would be appreciated. Right now I have folks needing a valid build. Thanks in advance.

I have a binary which I have signed with a valid developer certificate. Here is how I verify the signature was correctly applied: % codesign -dvv ./test_program.exe Executable=/Users/REDACTED/code_signing/test_program.exe Identifier=com.REDACTED.hello_world Format=Mach-O thin (arm64) CodeDirectory v=20500 size=489 flags=0x10000(runtime) hashes=9+2 location=embedded Signature size=9071 Authority=Mac Developer: REDACTED NAME (REDACTED_ID) Authority=Apple Worldwide Developer Relations Certification Authority Authority=Apple Root CA Timestamp=Apr 16, 2025 at 11:26:43 AM Info.plist=not bound TeamIdentifier=REDACTED Runtime Version=14.2.0 Sealed Resources=none Internal requirements count=1 size=192 ============================== Additionally, I have confirmed in keychain access that my certificate is valid. Here is the output from the GUI: Issued by: Apple Worldwide Developer Relations Certification Authority Expires: Wednesday, April 15, 2026 at 3:50:14 PM Eastern Daylight Time This certificate is valid ============================== When I zip then send the executable for notarization, I get an "Invalid" response. Here is the log from that response: % xcrun notarytool submit ./test_program.zip --keychain-profile REDACTED --wait Conducting pre-submission checks for test_program.zip and initiating connection to the Apple notary service... Submission ID received id: 0d64c285-eb59-4b34-b911-0e6cbb1dbc16 Upload progress: 100.00% (6.39 KB of 6.39 KB) Successfully uploaded file id: 0d64c285-eb59-4b34-b911-0e6cbb1dbc16 path: /Users/REDACTED/code_signing/test_program.zip Waiting for processing to complete. Current status: Invalid......... Processing complete id: 0d64c285-eb59-4b34-b911-0e6cbb1dbc16 status: Invalid =============================== And here is the log indicating the reason for the notarization failure: xcrun notarytool log "0d64c285-eb59-4b34-b911-0e6cbb1dbc16" --keychain-profile REDACTED "./log_file.txt" { "logFormatVersion": 1, "jobId": "0d64c285-eb59-4b34-b911-0e6cbb1dbc16", "status": "Invalid", "statusSummary": "Archive contains critical validation errors", "statusCode": 4000, "archiveFilename": "test_program.zip", "uploadDate": "2025-04-16T16:23:38.993Z", "sha256": "9e3bd03301f4930a0e4015873b435c8d64c291e7c63d0552f17652dc7ce16195", "ticketContents": null, "issues": [ { "severity": "error", "code": null, "path": "test_program.zip/test_program.exe", "message": "The binary is not signed with a valid Developer ID certificate.", "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721", "architecture": "arm64" } ] } ============================== The notarization server saying that it's not signed by a valid developer certificate, but to the best of my ability I have confirmed that a valid developer certificate is being used.

I use the 'notarytool' to notarize applications and .pkg installers for Developer ID distribution. When using the notary tool with a fresh Apple Developer account, the notarization process remains stuck in the 'In progress' state. However, if I try the same app with an older developer account (one that has notarized at least one app in the past), the notarization works. All agreements are accepted in developer portal and Appstore Connect.

I haven't been able to notarize my macOS app for the past two days. Now, I believe this is an issue with the notarization process because I've tried notarizing the default app that's provided whenever you open a new Swift application, but that completely failed as well. And I've been waiting for the past two days and it's been stuck on in progress. This is the second time this has happened to me in the past two months and oftentimes I have to wait more than a day or two for the notarization to occur. I just, I don't understand why it's deadlocked like this. I've done nothing. I haven't changed my certificates. I haven't done any different configurations within my Mac. The last time that this happened, the issue went away after two days, but my biggest concern right now is that if this happens whenever we need to urgently push updates, we can't. I have absolutely no idea what to do and I'm just extremely frustrated because this is happening right before our launch day. I've been stuck on notarizing again for the past two days and I've seen no progress, I've seen no responses from support emails and the ones that do aren't even applicable to my current scenario. ⁠

Starting a few hours ago (roughly 2:45PM Eastern time) we began experiencing elevated latency with the Developer ID Notary Service. There is nothing listed on the developer system status page about degraded performance or a service outage. Operations that usually take ~15 minutes, are stacking up for hours. The oldest pending entry we have was created at 2:45PM Eastern: createdDate: 2025-06-24T18:45:22.539Z id: 5209a4d2-eae4-4714-aa8e-6961677ff2e We currently have 27 pending builds in the notary service since we are required to notarize internal builds to ensure we satisfy our requirements so this is creating an issue for us.

My notarization submission been "In Progress" status for over 30 minutes now. I thought this process should be much faster.

see: xcrun notarytool history --apple-id "devxxfishpond.sh" --team-id "XMXG6C4xxx" --password "hedi-xzkt-xxxxxxxx" Successfully received submission history. history -------------------------------------------------- createdDate: 2025-07-22T05:32:06.213Z id: ac32c72d-c799-4936-a090-aca4f8d3c3c3 name: Fishpond.zip status: In Progress -------------------------------------------------- createdDate: 2025-07-20T10:20:22.228Z id: 38bb9dfb-a8e2-4174-b330-f79c985f3a93 name: Fishpond.zip status: In Progress -------------------------------------------------- createdDate: 2025-07-20T09:05:26.709Z id: bba156d0-7ecd-4c24-863f-834da08a8916 name: Fishpond.zip status: In Progress -------------------------------------------------- createdDate: 2025-07-20T08:56:47.509Z id: 3d5c97ac-fd76-4cc3-85ee-bac8a92ea412 name: Fishpond.zip status: Invalid