Certificates, Identifiers & Profiles

RSS for tag

Discuss the technical details of security certificates, identifiers, and profiles used by the OS to ensure validity of apps and services on device.

Certificates, Identifiers & Profiles Documentation

Post

Replies

Boosts

Views

Activity

Newbie: Do I need to pay for signing?
Hi all, one newbie-question only, as I din't understand the basics yet: Do I need to be paying member of the dev programm to get an application for MacOS running on third pleoples Macs? As far as I understand, I need to run a "notarization" of the app. Forthat I need a certificate - and that is available to dev members. maybe to paying members only .. Thanks in advance for your hints. :)
5
0
538
Aug ’24
Certificate generation without key chain
I am trying to validate my app (first one I have done). It is asking me to create a certificate buying Key chain. However, my MAC OS 15 and my phone iOS 18 use the new passwords app not key chain. So how do I get one? This is eh error I get Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, value '' for key 'com.apple.developer.icloud-container-environment' in 'Payload/StopWatch.app/StopWatch' is not supported. This value should be a string value of 'Production' (ID: c50d0cec-b221-4621-bc72-fa3c5b07200e)
1
0
367
Aug ’24
Help/advice needed with profiles/certificates etc.
Hi everyone, I really hope someone here will be able to help me with this. Apologies if this is in the wrong section. Disclosure: I find it very difficult to learn and to take on new concepts and ideas I have been developing a game on the Mac using Gamemaker 2.3. I can run the game using a VM build (uses gamemakers own runtime to run interpreted code in a virtual machine) but I am having issues when I want to actually run a compiled version or create a test build. To eliminate anything in my game causing the issue I have created a basic test project which also has the same issue. I have copied the output log and will attach it here. Output log I have followed the gamemaker instructions to the best of my ability, and I have asked on th official forums and discord but I'm not getting any help at all other than "read the instructions". Only one kind soul who admitted to not being a Mac dev suggested that I possibly need to check my certificates but couldn't tell me what exactly I need and when faced with pages of text my brain just goes into meltdown. So here I am and I'm hoping some kind soul here will be able to help me in easy to understand language. Many thanks in advance.
1
0
420
Aug ’24
Private key management with automatic signing
I am currently attempting to set up iOS app building via CI (using GitHub Actions). I would like to use automatic signing via xcodebuild -allowProvisioningUpdates and an App Store Connect API key. However, this will only work properly on the first CI run, since a certificate will be created, but is not available for subsequent runs since it is on a new machine (failing with Your account already has an Apple Development signing certificate for this machine, but its private key is not installed in your keychain). Is there a way to do either of the following? Via the CLI, generate a new p12 certificate on-demand which I can cache and add to the keychain for future signing Make just the RSA private key available to xcode so that in the automated signing process, it can create a CSR with that key if needed and download the cer (which may already exist for that key) and generate the p12 on demand
1
1
449
Jul ’24
"This app cannot be installed because its integrity could not be verified"
Hi, We developed a app for iPhone and Apple Watch. The app has been tested and it worked well on iPhone SE and Apple Watch Series 6 running earlier OS. We recently upgraded the Apple Watches to Series 9 & watchOS 10.5, and the iOS on the same iPhone is upgraded to 17.4.1. The app can still be built on the iPhone but when I tried to install the app on the new Apple Watch, it won't work and shows "This app cannot be installed because its integrity could not be verified." To make sure it's not a OS issue, I also upgraded the watchOS on the old Apple Watch Series 6 to 10.5 and the app worked. I wonder what cause the app fail on the newer Apple Watch running the same watchOS. Thank you
1
0
661
Jul ’24
Private key is not installed in your keychain error
App.xcodeproj: error: Revoke certificate: Your account already has an Apple Development signing certificate for this machine, but its private key is not installed in your keychain. App.xcodeproj: error: No signing certificate "iOS Development" found: No "iOS Development" signing certificate matching team ID "T....." with a private key was found. From the above error during build, I do not know what I am supposed to do to fix this issue. The build was working few days back and today it is giving this error.
1
0
1.1k
Jul ’24
Signing third party app with Enterprise using iResign
I received an app from 3rd party and need to sign it with my cert, but after following the work flow I get errors in iResign. Create a Distribution Certificate Create an Apple Developer Application Identifier Create and Install a Push SSL Certificate Create App Distribution Certificate (1 for all Ramco Apps) Create an Apple Developer Provisioning Profile Sign the App with iResign Upload to Workspace One environment I get this error when I run iResign; /var/folders/qd/z7m3dzs52rddmlvcpm_ghyl00000gn/T/com.appulize.iresign/Payload/RamcoEFBiOS.app: replacing existing signature Warning: unable to build chain to self-signed root for signer "iPhone Distribution: PHI, INC." /var/folders/qd/z7m3dzs52rddmlvcpm_ghyl00000gn/T/com.appulize.iresign/Payload/RamcoEFBiOS.app: errSecInternalComponent /var/folders/qd/z7m3dzs52rddmlvcpm_ghyl00000gn/T/com.appulize.iresign/Payload/RamcoEFBiOS.app: invalid Info.plist (plist or signature have been modified) In architecture: arm64 I've tried to find answers on these forms but could not find anything to help me. If anyone has some insight on this please let me know.
1
0
645
Jul ’24
Unable to resolve CodeSign failure
Been using Xcode for a while with C++ set to sign locally (and objC before that). All worked ok. Looking to learn swift. Created a new, blank MacOS project, which starts compiling the template project (no code added yet by me) and fails with error "Command CodeSign failed with a nonzero exit code". It's set to automatically manage signing. I have valid development certificates. I've read lots of forum articles etc but unable to resolve. Error description "resource fork, Finder information, or similar detritus not allowed" but it's exclusively apple code at this stage so would not expect any non-compliant files to be involved. Any suggestions as currently I've fallen at the first hurdle on my Swift journey? Full codesign command line below: Signing Identity: "Apple Development: Steve Proctor (XXXXXXX)" /usr/bin/codesign --force --sign xxxxxx -o runtime --entitlements /Users/steve/Documents/dev/t1/Build/Intermediates.noindex/Previews/macos/t1/Intermediates.noindex/t1.build/Debug/t1.build/t1.app.xcent --timestamp\=none --generate-entitlement-der /Users/steve/Documents/dev/t1/Build/Intermediates.noindex/Previews/macos/t1/Products/Debug/t1.app /***/t1.app resource fork, Finder information, or similar detritus not allowed Command CodeSign failed with a nonzero exit code
4
0
672
Jul ’24
Xcode and Transporter inconsistent with provisioning profile
Xcode > Target > Signing & Capabilities Automaticaly manage signing Mac OS Signing Certificate: Development --> Provisioning Profile None Required General Identity App Category Productivity Transporter Asset validation failed (90242) --> "Cannot be used with TestFlight because the bundle at “LargeNumberCalculator.app” is missing a provisioning profile. Main bundles are expected to have provisioning profiles in order to be eligible for TestFlight." (90889). What is wrong: "Provisioning Profile None Required" vs "missing a provisioning profile" ?
2
0
735
Jul ’24
Attempted to install a Beta profile without the proper entitlement.
I'm trying to install from Xcode (15.4) to my physical device (iPhone SE 3rd gen, iOS 17.5.1) but I get the following error. My provisioning profile is from a 3rd party organization, but I have confirmed my device UUID is added to their account and that the profile does contain the beta-reports-active flag. I have also checked that this is added to the entitlements file. It works fine it I deploy and install via TestFlight, but for obvious reasons I would prefer not to have to do that for each and every build. Can anyone suggest how to resolve this, either with local config or by asking the account admin to modify the provisioning profiles? Unable to Install “[redacted]” Domain: IXUserPresentableErrorDomain Code: 14 Recovery Suggestion: Failed to install embedded profile for [redacted] : 0xe800801f (Attempted to install a Beta profile without the proper entitlement.) User Info: { DVTErrorCreationDateKey = "2024-07-03 12:47:34 +0000"; IDERunOperationFailingWorker = IDEInstallCoreDeviceWorker; } -- Unable to Install “[redacted]” Domain: IXUserPresentableErrorDomain Code: 14 Recovery Suggestion: Failed to install embedded profile for [redacted] : 0xe800801f (Attempted to install a Beta profile without the proper entitlement.) User Info: { IDERunOperationFailingWorker = IDEInstallCoreDeviceWorker; } -- Failed to install the app on the device. Domain: com.apple.dt.CoreDeviceError Code: 3002 User Info: { NSURL = "file:///Users/dan/Library/Developer/Xcode/DerivedData/iosApp-gxsprezneuyftnhbmfyfssbeojgd/Build/Products/Debug%20development-iphoneos/[redacted].app/"; } -- Unable to Install “[redacted]” Domain: IXUserPresentableErrorDomain Code: 14 Failure Reason: This app cannot be installed because its integrity could not be verified. Recovery Suggestion: Failed to install embedded profile for [redacted] : 0xe800801f (Attempted to install a Beta profile without the proper entitlement.) -- Failed to install embedded profile for [redacted] : 0xe800801f (Attempted to install a Beta profile without the proper entitlement.) Domain: MIInstallerErrorDomain Code: 13 User Info: { FunctionName = "-[MIInstallableBundle _installEmbeddedProfilesWithError:]"; LegacyErrorString = ApplicationVerificationFailed; LibMISErrorNumber = "-402620385"; SourceFileLine = 308; } -- Event Metadata: com.apple.dt.IDERunOperationWorkerFinished : { "device_isCoreDevice" = 1; "device_model" = "iPhone14,6"; "device_osBuild" = "17.5.1 (21F90)"; "device_platform" = "com.apple.platform.iphoneos"; "dvt_coredevice_version" = "355.28"; "dvt_mobiledevice_version" = "1643.100.60"; "launchSession_schemeCommand" = Run; "launchSession_state" = 1; "launchSession_targetArch" = arm64; "operation_duration_ms" = 3497; "operation_errorCode" = 14; "operation_errorDomain" = IXUserPresentableErrorDomain; "operation_errorWorker" = IDEInstallCoreDeviceWorker; "operation_name" = IDERunOperationWorkerGroup; "param_debugger_attachToExtensions" = 0; "param_debugger_attachToXPC" = 1; "param_debugger_type" = 3; "param_destination_isProxy" = 0; "param_destination_platform" = "com.apple.platform.iphoneos"; "param_diag_MainThreadChecker_stopOnIssue" = 0; "param_diag_MallocStackLogging_enableDuringAttach" = 0; "param_diag_MallocStackLogging_enableForXPC" = 1; "param_diag_allowLocationSimulation" = 1; "param_diag_checker_tpc_enable" = 1; "param_diag_gpu_frameCapture_enable" = 0; "param_diag_gpu_shaderValidation_enable" = 0; "param_diag_gpu_validation_enable" = 0; "param_diag_memoryGraphOnResourceException" = 0; "param_diag_queueDebugging_enable" = 1; "param_diag_runtimeProfile_generate" = 0; "param_diag_sanitizer_asan_enable" = 0; "param_diag_sanitizer_tsan_enable" = 0; "param_diag_sanitizer_tsan_stopOnIssue" = 0; "param_diag_sanitizer_ubsan_stopOnIssue" = 0; "param_diag_showNonLocalizedStrings" = 0; "param_diag_viewDebugging_enabled" = 1; "param_diag_viewDebugging_insertDylibOnLaunch" = 1; "param_install_style" = 0; "param_launcher_UID" = 2; "param_launcher_allowDeviceSensorReplayData" = 0; "param_launcher_kind" = 0; "param_launcher_style" = 99; "param_launcher_substyle" = 8192; "param_runnable_appExtensionHostRunMode" = 0; "param_runnable_productType" = "com.apple.product-type.application"; "param_structuredConsoleMode" = 1; "param_testing_launchedForTesting" = 0; "param_testing_suppressSimulatorApp" = 0; "param_testing_usingCLI" = 0; "sdk_canonicalName" = "iphoneos17.5"; "sdk_osVersion" = "17.5"; "sdk_variant" = iphoneos; } -- System Information macOS Version 14.3 (Build 23D56) Xcode 15.4 (22622) (Build 15F31d) Timestamp: 2024-07-03T13:47:34+01:00
1
0
4.6k
Jul ’24
Why can't use
0 * H ÷   0 1 0 ` H e 0 8 * H ÷   ) % Apple Confidential Profile. Do not distribute. Not to be used or disclosed without permission from Apple. Copyright © 2023, Apple Inc. All rights reserved. PayloadContent PayloadContent DefaultsData SeedGroup PublicBeta DefaultsDomainName .GlobalPreferences DefaultsData SeedProgram PublicSeed DefaultsDomainName com.apple.seeding DefaultsData SBIconVisibility DefaultsDomainName com.apple.appleseed.FeedbackAssistant DefaultsData MobileAssetAssetAudience 48407998-4446-46b0-9f57-f76b935dc223 MobileAssetSUAllowOSVersionChange MobileAssetSUAllowSameVersionFullReplacement MobileAssetServerURL-com.apple.MobileAsset.MobileSoftwareUpdate.UpdateBrain https://mesu.apple.com/assets/iOS17PublicSeed MobileAssetServerURL-com.apple.MobileAsset.SoftwareUpdate https://mesu.apple.com/assets/iOS17PublicSeed MobileAssetServerURL-com.apple.MobileAsset.SoftwareUpdateDocumentation https://mesu.apple.com/assets/iOS17PublicSeed DefaultsDomainName com.apple.MobileAsset PayloadIdentifier com.apple.applebetasoftware PayloadType com.apple.defaults.managed PayloadUUID 617630D8-C055-40A1-A4E8-AC30FD8A5ACE PayloadVersion 1 PayloadDescription Configures your iOS/iPadOS device for use with the Apple Beta Software Program. PayloadDisplayName iOS 17 & iPadOS 17 Beta Software Profile Beta Software Profile PayloadIdentifier com.apple.applebetasoftware PayloadOrganization Apple Inc. PayloadRebootSuggested PayloadType Configuration PayloadUUID 0C90EE68-9104-4D65-80A5-538784AAE2BE PayloadVersion 1 RemovalDate 2025-01-31T00:00:00Z TargetDeviceType 1   s0 0   ¹ûe J i0 H ÷ 0b1 0 U US1 0 U Apple Inc.1&0$ U Apple Certification Authority1 0 U Apple Root CA0 130524174337Z 280524174337Z0 1@0> U 7Apple Application Integration 2 Certification Authority1&0$ U Apple Certification Authority1 0 U Apple Inc.1 0 U US0 "0 H ÷ 0 ¸H¡glV åpÅFô¯…ã½:Þ¡çÙ¨6< b¥|  G³k ¬þØtæ 5°XOtØ£þí-î¤s%YÔ Ü&Ï ' T Ü ±à3 b ȹ¯6 ¤j § mÝÝ -Ì } Ì) £É ª¢ìÙ gi < ¿D($±Ä,5Ö± %ïP§ Û%ÆÃOo[ ¾ñ §Ôl^²9. ©ám ;®9q? ó¹ôW #O ^ ð X¾µÑìײ~Âeâñì<¦ünÛV³î ² KÉ¢ðñ1ö®Þ5là ^Pc ¶ºm\Àã & J Þ ©°Zoû k ìÝß2Þü.B¢ÊxZ× £ ¦0 £0 U ÷¾|! Û= {Ø:2 iß l 0 U ÿ 0 ÿ0 U # 0 +ÐiG v þôk .@¦÷GM ^0. U '0%0# !  http://crl.apple.com/root.crl0 U ÿ 0 * H ÷cd 0 * H ÷ Í ý¤]õñÀ I ݳ3 ­ Ð! ãÙÖÚ¯ " <YBñ- ¶?ÿôôî jxÁ.û;L ®eCËϨ ë=7 E/ J ¨ k â Ûïg¸ ñäØ qwÓó ௤ê( ¤?4ye6 T Aq× !ÜPUEÎ ¼÷ÜUгÊ(Q¬sQ ¬y n  7 a1/¡Ñºëá\7ÀØÑ çà RB¤ ö"| À?Á …ÕÂ'c°bV í%ôÌ ÜT ·yè …8@¹ íMbÔ+ö) ñg¡á r w ö  +Q Sòó óè¿¡ &Ïü 7»@0 S0 ;  À6 k 0 * H ÷ 0 1@0> U 7Apple Application Integration 2 Certification Authority1&0$ U Apple Certification Authority1 0 U Apple Inc.1 0 U US0 201214200231Z 231214200231Z0s1.0, U %AppleCare Profile Signing Certificate1 0 U Configuration Profiles1 0 U Apple Inc.1 0 U US0 "0 * H ÷ 0 Ú ûñ E0H( ì ¶A¤[ûB JVßúLWæýøÖf ö×ïÃWWÀ[kh ³oíR téAj ³ » Q¬w é ÷;$Þ #Àå °»¤ýg Bªb}ÏñAó,³! ÄûÑhsÏû ê ÒdËt©P +ñ üûSï fÄ eï2ÝV^"þïÑ8 {H ôF ¯ÉU w. ×N_ Ü H $&uwY``éL5 õ îÚzø OÝ ¿Ó r¡ëD;HÒ y åÈH'>øÊ ØòÖQnÜ ° +ùl· TÚ ç2 S¥ÿQ ¾*i'¥\ ?W°ßº"zoS5Sû¢ÔÑ"XÜ/ £ Ï0 Ë0 U ÿ 00 U # 0 ÷¾|! Û= {Ø:2 iß l 0@ + 40200 + 0 $http://ocsp.apple.com/ocsp04-aaica020 U 0 0 þ H ÷cd 0 ð0( + http://www.apple.com/appleca0 à + 0 ¶ ³Reliance on this certificate by any party assumes acceptance of the then applicable standard terms and conditions of use, certificate policy and certification practice statements.0 U % ÿ 0 H ÷cd 0 U 9S öÇGÔÆ?£l% ê$% º·0 U ÿ 0 * H ÷ Sß3çhÂ- 3=%à¬q dÙ ER ÷ ßù¾) ?nC ØÎò, ]¶OLE. |g#æ Qg% Ǽ ªë K · Êç S¥Oï p4 Ú¾ ²Õ ë( ÷¸Ìæs¾ ¦æ@ Äç0AFï t,Th ÏEi § |ààÞ Ú:K q÷Ûø·É õ y¬[$GÉ ø ­¤HÞÖ Ü w +÷p ¥A¥ ]z ] ï òé/ ûö tîPøSo¿­Ä|à IlÓV¾é * ä<ÈçÌÈ ïø¯f°3 Æ5 s¸ x¦cPb b ÉU ´V×&ñ¦ èv¹ |:¯"Ð hŲ1 =0 9 9S öÇGÔÆ?£l% ê$% º·0 H e 0 * H ÷ ûÄÄD úªÀg ¸« y6íÛÜ*ú ºÝ¤¢ ~/vÝæBx ąæ,þPß ò Âï…j¦·tu¾ðì×v 5ã¸pñ ìçó%¡Òª ±Q| ½ jÆË ü fK0 $ö4 }| `óq( ÈÄ· ®jÈÑ §?)ÍTÀ a ìø&¸7¡ï#¼£> Îer ¤ÑÍ ¨ \zHkN© <5 ýò¼F4ó »¨"\ Á Ô dêGivo&D օY\¸ì äAÏáî lã!1À ±_4ñ g4t Cá ² !~)Hî Æ$ ã¦Úø)>e ,èòSûtÖ·ú$,y
2
0
539
Jun ’24
pkg 签名
我创建了一个developer id instanller 证书,并且安装在自己电脑上,我使用productbuild --component xx.app /Applications --sign "Developer ID Installer: " --product xx.app/Contents/Info.plist ST.pkg签名并生成pkg,使用 spctl -a -v --type install ST.pkg 去验证签名的时候,出现rejected source=Unnotarized Developer ID,我不知道哪里有问题,将pkg安装到其他电脑也会出现pkg无法打开,apple无法检查是否包含恶意软件 提示信息,希望可以得到大家的帮助谢谢,
1
0
626
Jun ’24
Certificates, Identifiers & Profiles duplicatedcertificate
In my developper account, "Certificates, Identifiers & Profiles" show two "Developer ID Installer" certificates (Expiration Date 2027/05/13 and 2027/02/01) I did not found any way to delete, remove or revoke one. How can I fix it ? Xcode complaint "Command CodeSign failed with a nonzero exit code" Previouly I put right this error with the command: xattr -cr path_to_application but this no longer work.
2
0
683
Jun ’24
My ID has been changed.
I got into trouble setting up my X-Code team ID. My user ID suddenly changed. Please take a look at the first screenshot. This is the certificate I was originally using, and I got a new certificate because it's about to expire. The new certificate is the second screenshot. But you can check that the ID is different. The problem is that the Apple login function is not working properly because the ID is different (I'm using Unity to develop a game) Can you tell me why the user ID has changed and I can't change it to the original one?
1
0
629
Jun ’24
Adding different capabilities to a Distribution profile for visionOS and iOS app
I have an app that runs on both iOS and visionOS (native). Both app use the same project, just some files and code segments are different. We do not use automatic signing. Instead we use a Distribution profile. When creating a distribution profile and adding capabilities there are certain capabilities we are using on iOS that are not available on visionOS. Like the com.apple.developer.kernel.increased-memory-limit and the Extended Virtual Addressing Entitlement. My understanding is that we can only have one Distribution profile per app (may be wrong understanding). My question is how can we have two separate distribution profiles for iOS and visionOS, so iOS can have those extra capabilities that aren't available on visionOS? I tried to create two separate targets, one for iOS and one for visionOS, but that still gives me the same issue of having the distribution profile being the same and not being able to make it unique for iOS and visionOS. Is there a correct approach to setting up the Xcode project or the distribution profile? I'm new to visionOS development and distribution profiles, any guidance would be appreciated. Let me know if you have any questions or need more clarification.
0
0
573
Jun ’24