Apple Worldwide Developer Relations Intermediate Certificate Expiration
To help protect customers and developers, we require that all third-party apps, passes for Apple Wallet, Safari Extensions, Safari Push Notifications, and App Store purchase receipts are signed by a trusted certificate authority. The Apple Worldwide Developer Relations Certificate Authority issues the certificates you use to sign your software for Apple devices, allowing our systems to confirm that your software is delivered to users as intended and has not been modified.
The current Apple Worldwide Developer Relations Certification Intermediate Certificate (intermediate certificate) is set to expire on February 7, 2023. The renewed certificate will be used to sign new software signing certificates issued after January 28, 2021 for the Apple Developer Programs. Remaining service certificates will be updated in the future and this page will be updated to reflect additional certificate changes.
This change impacts members of the Apple Developer Program and Apple Developer Enterprise Program who develop for macOS, iOS, tvOS, or watchOS. Download the renewed certificate and follow the instructions below.
Enterprise iOS Distribution Certificates generated after September 1, 2020, require the new intermediate certificate to be installed on all machines that code sign with this certificate. This impacts developers in the Apple Developer Enterprise Program.
This requirement also impacts all software signing certificates generated after January 28, 2021, by developers with Personal accounts in Xcode, as well as members of the Apple Developer Program, Apple Developer Enterprise Program, and iOS University Developer Program.
The new Apple Worldwide Developer Relations Intermediate Certificate is downloaded automatically by Xcode 11.4.1 or later and is available for download on the Certificate Authority page. Confirm that the correct intermediate certificate is installed by verifying that the expiration date is set to 2030.
Xcode 11.4.0 and earlier may not be able to sign software using signing certificates issued by the new Apple Worldwide Developer Relations Certification Intermediate Certificate. If you’re unable to upgrade to a supporting version of macOS or Xcode on your build machine, you can build and archive your app using an earlier Xcode client and sign it for distribution using the latest release. Alternatively, you can utilize the codesign tool to sign your software using the command line.
Apple Push Notification service and Pass Type ID certificates
Apple Push Notification service certificates including the Pass Type ID certificate will be updated in fall 2021 and will be associated to a new intermediate certificate focused on Push Notification services. At this time, we will be reducing the number of certificates required to interact with APNs. Until this update, continue to use the existing intermediate certificate, which expires in February 2023.
Developer ID signing certificates and Apple Pay certificates
Developer ID signing and Apple Pay Payment Processing Certificates are associated with a different intermediate certificate. No updates are required at this time. If you perform any certificate validation on Apple Pay Merchant Identity Certificates you may need to update your logic to support the latest intermediate certificate.
Enterprise iOS Distribution certificates
iOS Distribution certificates generated as part of the Apple Developer Enterprise Program between February 7 and September 1, 2020, will expire on February 7, 2023. Rotate the certificate before expiration to ensure your apps are installed and signed with an active certificate.
Certificate generation changes
If you’re member of multiple developer programs, you must use a new Certificate Signing Request (CSR) for each team. Generating a new CSR for each program ensures that the certificate is associated with a different private key.
App Store Receipt Signing Certificate
The App Store Receipt Signing Certificate will be associated with a new intermediate certificate. If you perform manual validation outside of the Validating Receipts API such as validation of the certificate chain, we recommend updating your code to match the validation with the recommendations outlined in Validating Receipts with the App Store.
Certificate update overview
|Impacted Certificates||Update Date|
|iOS Distribution (for Apple Developer Enterprise Program)||9/1/2020|
|iOS App Development||1/28/2021|
|Mac App Distribution||1/28/2021|
|Mac Installer Package||1/28/2021|
|Apple Pay Merchant Identity||1/28/2021|
|Apple Push Notification service (Sandbox)||Fall 2021|
|Apple Push Notification service SSL (Sandbox & Production)||Fall 2021|
|Pass Type ID Certificate||Fall 2021|
- Developer ID Application
- Developer ID Installer
- Apple Pay Payment Processing Certificate