Support Center

Certificates

Do I need to be a member to request signing certificates?

Yes, Apple Developer Program membership is required to request, download, and use signing certificates issued by Apple. You must also be the Team Agent or an admin of your development team to request distribution certificates used for submitting apps to the App Store or Mac App Store. For more information on how to use signing certificates, review the App Distribution Guide.

How do I request and install certificates?

In most cases, Xcode is the preferred method to request and install digital certificates for iOS and OS X. However, to request certificates for the Apple Push Notification service, Passbook, Mobile Device Management (MDM), and Safari extensions, you will need to request and download them from your developer account in Member Center.

What happens if my certificate expires or has been revoked?

  • Apple Push Notification Service Certificate

    You can no longer send push notifications to your app.
  • Pass Type ID Certificate (Passbook)

    If your certificate expires, passes that are already installed on users' devices will continue to function normally. However, you will no longer be able to sign new passes or send updates to existing passes. If your certificate has been revoked, your passes will no longer function properly.
  • iOS Distribution Certificate (App Store)

    If your iOS Developer Program membership is valid, your existing apps on the App Store will not be affected. However, you will no longer be able to submit new apps or updates to the App Store.
  • iOS Distribution Certificate (In-house, Internal Use Apps)

    Users will no longer be able to run apps that have been signed with this certificate. You must distribute a new version of your app that is signed with a new certificate.
  • Mac App Distribution Certificate and Mac Installer Distribution Certificate (Mac App Store)

    If your Mac Developer Program membership is valid, your existing apps on the Mac App Store will not be affected. However, you will no longer be able to submit new apps or updates to the Mac App Store.
  • Developer ID Application Certificate and Developer ID Installer Certificate (Mac Applications)

    If your certificate expires, users can still download, install, and run versions of your Mac applications that were signed with this certificate. However, you will need a new certificate to sign updates and new applications. If your certificate has been revoked, users will no longer be able to install applications that have been signed with this certificate.

Note: Apple can revoke digital certificates at any time at its sole discretion. For more information, read the Apple Developer Program license agreements in Member Center.

I received an error message saying, "Xcode could not find a valid private-key/certificate pair for this profile in your keychain." What should I do?

This error message indicates that your Mac's Keychain is missing either the public or private key for the certificate you are using to sign your app.

This often happens when you are trying to sign and build your app from a different Mac than the one you originally used to request your code signing certificate. It can also happen if your certificate has expired or has been revoked. Ensure that your app's provisioning profile contains a valid code signing certificate, and that your Mac's Keychain contains that certificate, the private key originally used to generate that certificate, and the WWDR Intermediate Certificate.

For instructions on how to resolve this error, review the Code Signing support page.

What happens to my Developer ID–signed applications if my Mac Developer Program membership expires?

If your membership expires, users can still download, install, and run your Developer ID–signed applications. However, once your Developer ID certificate expires, you must be a Mac Developer Program member to get new Developer ID certificates to sign updates and new applications.

What should I do if my Pass Type ID certificate has been compromised?

If you suspect that your Pass Type ID certificate and private key have been compromised and would like to request revocation of the certificate, please send an email to product-security@apple.com with details about the certificate. You can continue to develop and distribute passes by requesting an additional Pass Type ID certificate from your account in Member Center.

What should I do if my Developer ID certificate has been compromised?

If you suspect that your Developer ID certificate and private key have been compromised and would like to request revocation of the certificate, please send an email to product-security@apple.com with details about the certificate. You can continue to develop and distribute applications by requesting an additional Developer ID certificate from your account in Member Center.

Still Need Help?

Contact Us