Apple Worldwide Developer Relations Intermediate Certificate Expiration

To help protect customers and developers, we require that all third-party apps, Apple Wallet passes, Safari Extensions, Safari Push Notifications, and App Store purchase receipts are signed by a trusted certificate authority. The Apple Worldwide Developer Relations Certificate Authority issues the certificates you use to sign your software for Apple devices, allowing our systems to confirm that your software is delivered to users as intended and hasn’t been modified.

Software signing certificates

The Apple Worldwide Developer Relations Intermediate Certificate has a version that’s set to expire on February 7, 2023 and a renewed version that’s set to expire on February 20, 2030. The renewed version is used to sign new software signing certificates issued after January 28, 2021. Remaining service certificates will be updated on January 27, 2022. See the Apple Push Notification Service SSL Certificates section for details.

Taking action

Members of the Apple Developer Program and Apple Developer Enterprise Program who develop for Apple platforms need to download the renewed certificate and follow the instructions below.

Members of the Apple Developer Enterprise Program need to install the renewed certificate on all machines that code sign with Enterprise iOS Distribution Certificates generated after September 1, 2020.

This update is also required for all software signing certificates generated after January 28, 2021, by developers with Personal accounts in Xcode and members of the iOS University Developer Program.

The new intermediate certificate is downloaded automatically by Xcode 11.4.1 or later and is available for download on the Certificate Authority page. Confirm that the correct intermediate certificate is installed by verifying that the expiration date is set to 2030.

Known issues

Xcode 11.4.0 or earlier may not be able to sign software using signing certificates issued by the renewed intermediate certificate. If you’re unable to upgrade to a supporting version of macOS or Xcode on your build machine, you can build and archive your app using an earlier Xcode client and sign it for distribution using the latest release. Alternatively, you can utilize the codesign tool to sign your software using the command line.

More details

Apple Pay Certificates

Apple Pay Payment Processing certificates are associated with a different intermediate certificate. No updates are required at this time. If you perform any certificate validation on Apple Pay Merchant Identity Certificates, you may need to update your logic to support the latest intermediate certificate.

Enterprise iOS Distribution Certificates

iOS Distribution Certificates generated as part of the Apple Developer Enterprise Program between February 7 and September 1, 2020, will expire on February 7, 2023. Rotate the certificate before expiration to ensure that your apps are installed and signed with an active certificate.

Certificate generation changes

If you’re on multiple developer program teams, you must use a new Certificate Signing Request (CSR) for each team to ensure that each certificate is associated with a different private key.

App Store Receipt Signing Certificate

The App Store Receipt Signing Certificate will be associated with a new intermediate certificate. If you perform manual validation outside of the Validating Receipts API, such as validation of the certificate chain, we recommend updating your code to match the validation with the recommendations outlined in Validating Receipts with the App Store.

Apple Push Notification Service SSL Certificates

In 2021, we announced that Apple Push Notification Service SSL Certificates, including the Pass Type ID Certificate, will be updated in 2022 and associated with a new intermediate certificate focused on the Apple Push Notification service (APNs). This change will go into effect on January 27, 2022. If you plan to send notification requests or passes with certificates issued after January 27, 2022, you’ll need to download the Worldwide Developer Relations G4 sub CA, which will be available on this date. You can confirm that the correct intermediate certificate is installed by verifying that the expiration date is set to 2030 and the Organization field is set to G4.

The intermediate certificate that expires on February 7, 2023, will continue to issue select Apple services certificates, including Apple Push Notification Service SSL Certificates and Apple Wallet Pass Signing Certificates prior to January 28. Keep both versions installed on your development systems and servers until you’ve completely migrated to the renewed intermediate certificate that’s focused on the Apple Push Notification service. See the complete list and timeline of certificate changes below.

As a reminder, you can also communicate with the Apple Push Notification service by using an APNs authentication token signing key, which never expires. Faster than certificate-based communication, token-based communication doesn’t require APNs to look up the certificate or other information related to your provider server. With token-based authentication, you can use one token to send notifications from multiple provider servers to the Apple Push Notification service and one token to distribute notifications for all of your apps.

Developer ID Signing Certificates

The Developer ID Intermediate Certificate will be updated on January 27, 2022. Learn about the update and options to support building and signing apps on Xcode 11.4 and earlier.

Certificate update overview

Impacted certificates Update Date
iOS Distribution (for Apple Developer Enterprise Program) 9/1/2020
Apple Development 1/28/2021
iOS App Development 1/28/2021
Mac Development 1/28/2021
Apple Distribution 1/28/2021
iOS Distribution 1/28/2021
Mac App Distribution 1/28/2021
Mac Installer Package 1/28/2021
MDM CSR 1/28/2021
Apple Pay Merchant Identity 1/28/2021
Apple Push Notification Service (Sandbox) 1/27/2022
Apple Push Notification Service SSL (Sandbox & Production) 1/27/2022
Pass Type ID 1/27/2022
VoIP Services 1/27/2022
WatchKit Services 1/27/2022
Website Push ID 1/27/2022

Not impacted:

Apple Pay Payment Processing