I have a binary which I have signed with a valid developer certificate. Here is how I verify the signature was correctly applied: % codesign -dvv ./test_program.exe Executable=/Users/REDACTED/code_signing/test_program.exe Identifier=com.REDACTED.hello_world Format=Mach-O thin (arm64) CodeDirectory v=20500 size=489 flags=0x10000(runtime) hashes=9+2 location=embedded Signature size=9071 Authority=Mac Developer: REDACTED NAME (REDACTED_ID) Authority=Apple Worldwide Developer Relations Certification Authority Authority=Apple Root CA Timestamp=Apr 16, 2025 at 11:26:43 AM Info.plist=not bound TeamIdentifier=REDACTED Runtime Version=14.2.0 Sealed Resources=none Internal requirements count=1 size=192 ============================== Additionally, I have confirmed in keychain access that my certificate is valid. Here is the output from the GUI: Issued by: Apple Worldwide Developer Relations Certification Authority Expires: Wednesday, April 15, 2026 at 3:50:14 PM Eastern Daylight Time This certificate is valid ============================== When I zip then send the executable for notarization, I get an "Invalid" response. Here is the log from that response: % xcrun notarytool submit ./test_program.zip --keychain-profile REDACTED --wait Conducting pre-submission checks for test_program.zip and initiating connection to the Apple notary service... Submission ID received id: 0d64c285-eb59-4b34-b911-0e6cbb1dbc16 Upload progress: 100.00% (6.39 KB of 6.39 KB) Successfully uploaded file id: 0d64c285-eb59-4b34-b911-0e6cbb1dbc16 path: /Users/REDACTED/code_signing/test_program.zip Waiting for processing to complete. Current status: Invalid......... Processing complete id: 0d64c285-eb59-4b34-b911-0e6cbb1dbc16 status: Invalid =============================== And here is the log indicating the reason for the notarization failure: xcrun notarytool log "0d64c285-eb59-4b34-b911-0e6cbb1dbc16" --keychain-profile REDACTED "./log_file.txt" { "logFormatVersion": 1, "jobId": "0d64c285-eb59-4b34-b911-0e6cbb1dbc16", "status": "Invalid", "statusSummary": "Archive contains critical validation errors", "statusCode": 4000, "archiveFilename": "test_program.zip", "uploadDate": "2025-04-16T16:23:38.993Z", "sha256": "9e3bd03301f4930a0e4015873b435c8d64c291e7c63d0552f17652dc7ce16195", "ticketContents": null, "issues": [ { "severity": "error", "code": null, "path": "test_program.zip/test_program.exe", "message": "The binary is not signed with a valid Developer ID certificate.", "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721", "architecture": "arm64" } ] } ============================== The notarization server saying that it's not signed by a valid developer certificate, but to the best of my ability I have confirmed that a valid developer certificate is being used.

I use the 'notarytool' to notarize applications and .pkg installers for Developer ID distribution. When using the notary tool with a fresh Apple Developer account, the notarization process remains stuck in the 'In progress' state. However, if I try the same app with an older developer account (one that has notarized at least one app in the past), the notarization works. All agreements are accepted in developer portal and Appstore Connect.

I haven't been able to notarize my macOS app for the past two days. Now, I believe this is an issue with the notarization process because I've tried notarizing the default app that's provided whenever you open a new Swift application, but that completely failed as well. And I've been waiting for the past two days and it's been stuck on in progress. This is the second time this has happened to me in the past two months and oftentimes I have to wait more than a day or two for the notarization to occur. I just, I don't understand why it's deadlocked like this. I've done nothing. I haven't changed my certificates. I haven't done any different configurations within my Mac. The last time that this happened, the issue went away after two days, but my biggest concern right now is that if this happens whenever we need to urgently push updates, we can't. I have absolutely no idea what to do and I'm just extremely frustrated because this is happening right before our launch day. I've been stuck on notarizing again for the past two days and I've seen no progress, I've seen no responses from support emails and the ones that do aren't even applicable to my current scenario. ⁠

Starting a few hours ago (roughly 2:45PM Eastern time) we began experiencing elevated latency with the Developer ID Notary Service. There is nothing listed on the developer system status page about degraded performance or a service outage. Operations that usually take ~15 minutes, are stacking up for hours. The oldest pending entry we have was created at 2:45PM Eastern: createdDate: 2025-06-24T18:45:22.539Z id: 5209a4d2-eae4-4714-aa8e-6961677ff2e We currently have 27 pending builds in the notary service since we are required to notarize internal builds to ensure we satisfy our requirements so this is creating an issue for us.

My notarization submission been "In Progress" status for over 30 minutes now. I thought this process should be much faster.

see: xcrun notarytool history --apple-id "devxxfishpond.sh" --team-id "XMXG6C4xxx" --password "hedi-xzkt-xxxxxxxx" Successfully received submission history. history -------------------------------------------------- createdDate: 2025-07-22T05:32:06.213Z id: ac32c72d-c799-4936-a090-aca4f8d3c3c3 name: Fishpond.zip status: In Progress -------------------------------------------------- createdDate: 2025-07-20T10:20:22.228Z id: 38bb9dfb-a8e2-4174-b330-f79c985f3a93 name: Fishpond.zip status: In Progress -------------------------------------------------- createdDate: 2025-07-20T09:05:26.709Z id: bba156d0-7ecd-4c24-863f-834da08a8916 name: Fishpond.zip status: In Progress -------------------------------------------------- createdDate: 2025-07-20T08:56:47.509Z id: 3d5c97ac-fd76-4cc3-85ee-bac8a92ea412 name: Fishpond.zip status: Invalid

Tried notarizing my app yesterday afternoon via Mac terminal, and when I came back to work this morning it was still "In Process...". I closed terminal, and checked appleid.apple.com, and it was asking me to reset my password- maybe because the notarization timed out? Either way, I reset my password, generated a new app-specific password and tried notarizing the app again, but it's now been 3 hours and it's still "In Process..." again. When I check the status via terminal, nothing seems off- and the status is In Progress. How can I determine if there's a bigger issue I need to fix before notarizing? UUID: e7ae29c8-2478-41a3-93b4-3f274de643d0

I am building an electron app bundled with python. My code signing was fast, but when it came to notarization, it has already taken over 6+ hours. How can I speed things up?

I have an application that I have been signing, notarizing and distributing to beta testers for a year with no issues, note: I have never got stapling to work I always get a error 65 in the process. But up until yesterday that hasn't been an issue and online verification has always worked. Yesterday morning around 9am online gatekeeper verification has been failing with: APP not opened, apple cannot verify app is free of malware. etc this keeps happening, with every build I try. redownloading previously successful builds show the same behavior I know I can allow in privacy and security, but heading towards launch I dont want to have to tell users to do that. has there been a change in how gatekeeper works or issues with the service? any help with this or getting stapling working would be very appreciated!

My notary service has been stuck for more than 5 hours. Is it taking long time because the notary service is down or because i am a new user

I've submitted my app, signed with a new Developer Id Certificate for a distribution outside of the App Store, 88 hours ago. xcrun notarytool history ... Shows the submission as "In Progress". xcrun notarytool log ... Tells me "Submission log is not yet available or submissionId does not exist". I don't know if that's expected for an "In Progress" submission. As far as I can tell the signing worked without problems. I'm using the Tauri toolchain, which under its hood is using notarytool. How long can I expect this to take? If there is a problem with my submission does the status just stay on "In Progress" or do I get an error? Thanks

I try to notarize my package, everything works except one signature of a binary. But the output of codesign seems fine. Notary log: "logFormatVersion": 1, "jobId": "350315e0-38ae-4224-a13b-1c4dc20c1cb7", "status": "Invalid", "statusSummary": "Archive contains critical validation errors", "statusCode": 4000, "archiveFilename": "VocalNet_Installer.pkg", "uploadDate": "2024-11-26T18:07:57.042Z", "sha256": "fc59a3c2c3669f641a18d6e6df9b91e9369f8cf9cd827d5a75762beb99dfbcfe", "ticketContents": null, "issues": [ { "severity": "error", "code": null, "path": "VocalNet_Installer.pkg/SLink.pkg Contents/Payload/Applications/SLink.app/Contents/MacOS/SLink", "message": "The signature of the binary is invalid.", "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087735", "architecture": "arm64" } ] } Codesign output: Executable=/Users/200gaga/Main/VocalNet/SLink.app/Contents/MacOS/SLink Identifier=SLink Format=app bundle with Mach-O thin (arm64) CodeDirectory v=20500 size=319089 flags=0x10000(runtime) hashes=9965+3 location=embedded VersionPlatform=1 VersionMin=720896 VersionSDK=720896 Hash type=sha256 size=32 CandidateCDHash sha256=26dc42451d203f54e29de37a5f74b8d9f9ab30c2 CandidateCDHashFull sha256=26dc42451d203f54e29de37a5f74b8d9f9ab30c26bb1dcde85d3db13fcb9ab4f Hash choices=sha256 CMSDigest=26dc42451d203f54e29de37a5f74b8d9f9ab30c26bb1dcde85d3db13fcb9ab4f CMSDigestType=2 Executable Segment base=0 Executable Segment limit=81920 Executable Segment flags=0x1 Page size=4096 CDHash=26dc42451d203f54e29de37a5f74b8d9f9ab30c2 Signature size=9058 Authority=Developer ID Application: SESSION LOOPS, INC. (29DGL5KQ37) Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=Nov 26, 2024 at 13:04:23 Info.plist entries=9 TeamIdentifier=29DGL5KQ37 Runtime Version=11.0.0 Sealed Resources version=2 rules=13 files=5060 Internal requirements count=1 size=168

Hello, After my developer Id had expired after 5 years, I created a new one, codesigned the app successfully, but could not notarize: xcrun notarytool submit mac_release/flow5.zip --keychain-profile "XFLR5" --wait Conducting pre-submission checks for flow5.zip and initiating connection to the Apple notary service... Error: HTTP status code: 401. Invalid credentials. Username or password is incorrect. Use the app-specific password generated at appleid.apple.com. Ensure that all authentication arguments are correct I don't think I was using an app specific password before, but the last time I went through this process was 5 years ago. Thanks in advance for any help.

Hello, I've notarised my app like this: ` codesign codesign --force --deep --entitlements "/Users/username/myapp/myapp.app/Contents/app.entitlements" --sign "Developer ID Application: Username (my team id)" "/Users/username/myapp/myapp.app" codesign -v /Users/username/myapp/myapp.app ` ` create .zip file ditto -c -k --keepParent "myapp.app" "myapp.zip" ` ` submit binary to Apple xcrun notarytool submit Shalloville.zip --apple-id "my icloud" --password "xxxx-xxxx-xxxx-xxxx" --team-id "my team id" ` Is there anything wrong? I submitted the .zip file on 27/11 and it's still "In Progress". Successfully received submission history. history -------------------------------------------------- createdDate: 2024-11-29T16:05:44.609Z id: eccf6248-4f2f-4cc1-bb90-88cf13aa08a0 name: Shalloville.zip status: In Progress -------------------------------------------------- createdDate: 2024-11-27T08:57:56.373Z id: 7d9887dc-6bf8-4e39-bcbe-0f22d02dce4f name: Shalloville.zip status: In Progress -------------------------------------------------- createdDate: 2024-11-27T07:05:05.544Z id: 84c08d62-189d-48b2-80d9-170ddc3edb67 name: Shalloville.zip status: In Progress

Hello Team, I am building an Electron app and building platform-related installers line exe, appimage and dmg. To build an installer, I am using the electron builder library. When I do code signing and notarization, the signing process gets stuck without any error. I have verified certificate and other information are correct. Below are more details. Versions @electron/notarize": "^2.5.0 @electron/rebuild": "3.3.0 electron": "26.2.1 electron-builder": "^25.1.8 electron-devtools-installer": "3.2.0 Current Setup CircleCI pipeline Developer ID Application certificate is properly installed and verified Notarization is configured in both package.json and build arguments I see the last log as below where it gets stuck without any error. • selecting signing options file=release/build/mac-arm64/xxxx Assistant.app entitlements=assets/entitlements.mac.plist hardenedRuntime=true timestamp=http://timestamp.apple.com/ts01 requirements=undefined additionalArguments=[] Package.json "build": { "productName": "xxxxx - Your AI Work xxxxx", "executableName": "xxxx xxxxx", "artifactName": "xxxxx-Assistant-${version}-${arch}.${ext}", "appId": "org.erb.xxxx", "asar": true, "asarUnpack": "**\\*.{node,dll}", "files": [ "dist", "node_modules", "package.json", "assets/tray.ico", "!**/*.lproj/**/*", "!**/locale.pak", "!locales/**/*" ], "afterSign": ".erb/scripts/notarize.js", "mac": { "timestamp": "http://timestamp.apple.com/ts01", "identity": "xxxxx Technology Inc (xxxxxxxx)", "target": [ "dmg", "zip" ], "electronLanguages": [ "en-US" ], "icon": "build/mac-icon/Logo512x512.icns", "type": "distribution", "hardenedRuntime": true, "entitlements": "assets/entitlements.mac.plist", "entitlementsInherit": "assets/entitlements.mac.plist", "gatekeeperAssess": false }, "dmg": { "icon": "build/mac-icon/xxxxxxLogo512x512.icns", "contents": [ { "x": 130, "y": 220 }, { "x": 410, "y": 220, "type": "link", "path": "/Applications" } ] }, "directories": { "app": "release/app", "buildResources": "assets", "output": "release/build" }, "extraResources": [ "./assets/**" ] } Entitlement <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <!-- Required for Electron/Chromium JIT --> <key>com.apple.security.cs.allow-jit</key> <true/> <!-- Required for basic Electron functionality --> <key>com.apple.security.inherit</key> <true/> <!-- Required for network communication (REST APIs) --> <key>com.apple.security.network.client</key> <true/> </dict> </plist> I have made the following verification. I already tried on multiple macos with different processors. Verified on a high-speed network. Certificate is exported to .p12 and verified. All Env Variables are set with the correct value. (APPLE_APP_SPECIFIC_PASSWORD+APPLE_ID+APPLE_TEAM_ID ) I have tried with CSC_LINK/CSC_KEY_PASSWORD + Keystore as well. Appriciate any help.

Hi guys, I got an error about mac notarization result return 132. here is the stack trace on the logs: 2025-02-25 02:53:55,503 ERROR [org.ecl.cbi.ws.mac.not.xcr.not.NotarytoolNotarizer] (macos-notarization-service-pool-thread-13) Error while parsing the output after the upload of '/tmp/macos-notarization-service/pending-files/myapplication.dmg' to the Apple notarization service: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Premature end of file. at java.xml/com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:204) at java.xml/com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:178) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:400) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:327) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError(XMLScanner.java:1465) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next(XMLDocumentScannerImpl.java:1013) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:605) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:542) at java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:889) at java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:825) at java.xml/com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141) at java.xml/com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1224) at java.xml/com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:637) at java.xml/com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl.parse(SAXParserImpl.java:326) at java.xml/javax.xml.parsers.SAXParser.parse(SAXParser.java:197) at org.eclipse.cbi.ws.macos.notarization.xcrun.common.PListDict.fromXML(PListDict.java:134) at org.eclipse.cbi.ws.macos.notarization.xcrun.notarytool.NotarytoolNotarizer.analyzeSubmissionResult(NotarytoolNotarizer.java:39) at org.eclipse.cbi.ws.macos.notarization.xcrun.common.NotarizationTool.upload(NotarizationTool.java:50) at org.eclipse.cbi.ws.macos.notarization.xcrun.common.Notarizer.lambda$uploadFailsafe$3(Notarizer.java:65) at net.jodah.failsafe.Functions.lambda$get$0(Functions.java:48) at net.jodah.failsafe.RetryPolicyExecutor.lambda$supply$0(RetryPolicyExecutor.java:66) at net.jodah.failsafe.Execution.executeSync(Execution.java:128) at net.jodah.failsafe.FailsafeExecutor.call(FailsafeExecutor.java:379) at net.jodah.failsafe.FailsafeExecutor.get(FailsafeExecutor.java:68) at org.eclipse.cbi.ws.macos.notarization.xcrun.common.Notarizer.uploadFailsafe(Notarizer.java:65) at org.eclipse.cbi.ws.macos.notarization.NotarizationService.lambda$notarize$0(NotarizationService.java:192) at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1768) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) at java.base/java.lang.Thread.run(Thread.java:840) Do you know why? If you have any thread or documents telling about the details of return values of the command: 'xcrun notarytool submit'

I'm developing an app using Electron Builder for a potential port to Windows in the future. I've had a heck of a time getting credentials to work and felt like I was in some sort of time loop doing the same things over and over again to no avail. I finally was able to sign my app, sign the .dmg and start the notarization process. That was last night and it still says "In Progress". If anyone is able to push it through, that would be awesome! (id: 2520e724-7069-408a-9ea4-60b23e8435a7) I saw another thread on here where people stated it was taking forever, I'm not sure if this is just because its my first time, but I was hoping to get a beta out to testers this weekend. I just need a version that doesn't get flagged as "Malware" by Gatekeeper. This is just for a standalone macOS application, not the App Store. Is there a reason that this process takes an absurd amount of time? Will it always be like this or is this just a fluke and it was a bad time to try?

Hi, I've code-signed my app and notarized it, and created a DMG, and when I slacked it or airdropped it to someone for testing the FIRST time they open it, they get a warning that it was Slacked or airdropped to them and do they want to open it. if they say yes everything is fine. So looking through here someone said I need to sign the app and then make a dmg and sign the dmg and then send that for notorization and then staple that. So I did, and I still get a warning the first tie someone try's to run it. What am I doing wrong? I know I can buy software and not get a warning from apple. so how do I get my app to work correctly like that?

Hi, I'm getting error 65 upon stapling and I am suspecting that non-default trust settings may be the reason as outlined here: Unfortunately whatever I do, I can't seem to reset the trust settings to their default values (removing the blue/white "+"), I'm not being asked for credentials upon closing the certificate window. I have also tried to unlock the System Roots key chain, to no avail. Also, when running security dump-trust-settings -d I get Number of trust settings : 0 for all certificates. Any ideas as to what I may be doing wrong? Is there any other setting that may be involved? Thanks!

Hey there, I'm experiencing an issue with notarization of my macOS application, which is blocking a release. We have signing/notarization hooked up to our CI process, both for prior releases as well as development builds (at the trunk tip). The notarization process has typically taken anywhere from a few minutes to a few tens of minutes, but for our most recent release, it's taking an unreasonably long time. I've compiled the submission info for each build (+ reattempted notarizations) below. What's interesting is that the oldest one was accepted- however, it timed out our CI process, so we never actually released it. Subsequent builds are more or less identical in terms of their content, however, they've been stewing in the notarization process for over 13 hours in some cases. % xcrun notarytool info 67413dae-64f5-4372-972d-e0ac158e18e3 Successfully received submission info createdDate: 2025-04-02T16:28:25.999Z id: 67413dae-64f5-4372-972d-e0ac158e18e3 name: Warp Vault.app.zip status: In Progress % xcrun notarytool info 0c72b243-4a8d-4976-a97b-75689d7e2497 Successfully received submission info createdDate: 2025-04-02T05:49:05.861Z id: 0c72b243-4a8d-4976-a97b-75689d7e2497 name: Warp Vault.app.zip status: In Progress % xcrun notarytool info 8e2edfc2-58bc-4b33-bc8e-078155759a81 Successfully received submission info createdDate: 2025-04-02T05:23:28.870Z id: 8e2edfc2-58bc-4b33-bc8e-078155759a81 name: Warp Vault.app.zip status: In Progress % xcrun notarytool info 8fb17b0c-ace4-4b6f-bef8-68d22696814d Successfully received submission info createdDate: 2025-04-02T05:07:48.187Z id: 8fb17b0c-ace4-4b6f-bef8-68d22696814d name: Warp Vault.app.zip status: Accepted At the time of checking, the UTC date was: % TZ="UTC" date Wed Apr 2 18:42:14 UTC 2025 It's interesting to me that the notarization process is taking this long. We've notarized many development builds (with debugging flags enabled) in the time between our last public release and our attempt to notarize this one. What's more, the original build for this release was notarized within the span of about 15 minutes, but subsequent submissions of the same build have hung for tens of hours. My two questions are: How can I get our pending notarizations "unstuck"?, and To prevent these types of hangs in the future, should I also routinely build/sign/notarize non-debug builds of my application during the development process? Best regards and many thanks, Charlton