Developer ID Intermediate Certificate Updates
To help protect customers and developers, we require that all third-party apps, Apple Wallet passes, Safari Extensions, Safari Push Notifications, and App Store purchase receipts be signed by a trusted certificate authority. The Developer ID Certificate Authority issues the certificates you use to sign your software for Mac devices, allowing our systems to confirm that your software hasn’t been modified and is delivered to users as intended.
Starting January 27, 2022, the digital certificates you use to sign your software and installer packages on macOS will be issued from the new Developer ID intermediate certificate that expires on September 16, 2031. Learn how to prepare for the new intermediate certificate and explore alternative options if you build and sign software with Xcode 11.4 or earlier.
Using the new certificate with Xcode 11.4.1 or later
If you’re running Xcode 13.2 or later, the updated certificate will download automatically when you sign software after January 28, 2022. If your Xcode version doesn’t support the automatic download of the Developer ID Intermediate Certificate, you can download it from the Certificate Authority page. Newly issued Developer ID certificates associated with the new intermediate certificate can build and sign software on Xcode 11.4.1 and later.
Using the new certificate with previous Xcode releases
If you’re running Xcode 11.4 or earlier and are unable to update to a later release, the Apple Developer website will continue to offer Developer ID certificates associated with the original intermediate certificate. Newly issued certificates from this intermediate certificate will be valid for less than five years, but will work on previous Xcode releases with automatic signing disabled. If you need to build on previous Xcode releases, create a new certificate associated with the previous intermediate certificate. This option will be available for at least one year, starting January 27, 2022.
Why was the Developer ID Intermediate Certificate updated if the previous version doesn’t expire until 2027?
Certificates cannot be issued with a validity period that extends past the intermediate certificate’s expiration date. Updating the intermediate certificate allows developers to obtain certificates before expiration that last for the expected duration, and provides ample time to prepare for the expiration of the existing intermediate certificate.
Do I need to regenerate any of my certificates?
No. Your existing certificates will continue to function until expiration or revocation, whichever comes first.
Will users be affected by the certificate renewal?
No. Users won’t be affected by the certificate renewal.
Will my software in development continue working?
Yes. The development versions of your software will continue to run until the provisioning profile used to compile it expires or you revoke your signing certificate. Mac development certificates are associated with the Apple Worldwide Developer Relations Certification Authority update that took place last year.
Should I keep both intermediate certificates installed?
Yes. The existing intermediate certificate that expires on February 1, 2027, is still required in order to sign content with existing Developer ID signing certificates. Keep the existing intermediate certificate installed as long as you’re signing software with the associated certificates.
Are there any changes to the notarization process?
No. The new Developer ID signing certificates can be used to submit your software for notarization. Remember to include a secure timestamp when signing your software for submission to the notary service.