Hi everyone!
We use to have an intel Mac machine where we generate the Developer ID Installer & Application certs for signing and notarization process. This process works sweet.
Now, we move from an intel to a m1 Mac machine, where we want to do the same process as before. I had try two different approaches, but ending up with the same result.
I export the cert with the private key from my intel to the m1 machine, but when I try to sign, I get: Invalid signature. (Not sure what this error means in this case as everything works on the intel machine. I am guessing the cipher for creating either the private key or the signature differs between the architecture)
I try to generate new certs for this m1 machine, but I get the following error: You already have a current Developer ID installer certificate or a pending certificate request. I try with the same account, but also with a different account. In both cases got the same error.
I create a ticket for apple, where they said to expect a reply between one and two business days, but no luck yet.
Certificates, Identifiers & Profiles
RSS for tagDiscuss the technical details of security certificates, identifiers, and profiles used by the OS to ensure validity of apps and services on device.
Post
Replies
Boosts
Views
Activity
An error occurred. Unable to import “Apple Development: Name ()”.
Error: -25294
Mac mini M1
macOS Sonoma Version 14.4.1
Hi,
I have been using a Developer ID Installer Certificate to sign my installer packages since a long time now.
Recently, the sign command started giving me error,
Error - Certificate is expired or not yet valid. Please check certificate validity.
The certificate itself is valid till 2025, so I am confused on the issue.
To get a clearer understanding, I created a new certificate by following instructions in the link,
https://developer.apple.com/help/account/create-certificates/create-developer-id-certificates
However, when I try to use this to sign my installer package, I get the following error,
Unable to build a valid certificate chain. Please make sure that all certificates are included in the certificate file.
I am using ZXPSignCmd to sign the installers.
Hoping for guidance to a quick resolution.
hi, just to know:
when i, download certificates and install by doble click
appear and error. when choos icloud...
here a pictureof theerror
any comment or. help will be apreciatesomuch.
.thanks
.
https://ibb.co/7rGbKr4
I've added my iPhone's correct UDID in the "Devices" section in Apple Developer account, and I created a Development Profile. I then downloaded it (as a .mobileprovision file) and am trying to add it to my connected iPhone via XCode. I'm getting this error message:
Failed to install one or more provisioning profiles on the device. Please ensure the provisioning profile is configured to this device. If not, please try to regenerate a new profile.
I have ensured the provisioning profile is configured to this device and have tried regenerating it. Same result. My iPhone has "Developer Mode" turned on. How do I troubleshoot this further?
Hello,
Can anybody help me with some info about the following situation?
We have an app that is published in the store and it is used by the users.
We want implement in the app the In App Provisioning flow and we are analyzing all the steps the we need to check.
One of the steps is the request for a special entitlement from apple.
Let's say that we've checked the following:
Request In App Provisioning entitlement
Receive the entitlement
Create a new provisioning profile with the received entitlement
Start the development of In App Provisioning flow in the app
At some point a bug is identified in production and we need the develop a hotfix that needs to be published before finishing the In App Provisioning feature.
Wil it be possible to publish a new version of the app that doesn't contain the In App Provisioning functionality even though we have received the entitlement from apple?
Should we create a new provisioning profile without the entitlement for this new release?
Please let me know if you need more info.
I have an app already uploaded to app store and its bundle id is service id not app id and i have an update with this app and when i tried to upload a new versions i found errors with bundle id registration and that is no Provisioning Profiles found for this bundle id so i tried to create new Provisioning Profiles with the service id that already connected with my app on app store connect and no luck to create Provisioning Profiles for service id and i cannot now upload a new updates
Hello,
after migrating one of our apps, APP, from the one developer account to another, we are experiencing an issue with provisioning profiles.
In the provisioning profile of APP (com.SOME.APP), we have a wrong value for the com.apple.developer.ubiquity-kvstore-identifier key used for iCloud KVS.
The value is OLDTEAMID.com.SOME.APP.EXTENSION while it should be just OLDTEAMID.com.SOME.APP.
The previous value must be instead present in the provisioning profiles for the EXTENSION (OLDTEAMID.com.SOME.APP.EXTENSION) for the com.apple.developer.ubiquity-kvstore-identifier key.
Please let me know if you know something about this issue. This is blocking us from releasing the application.
Thank you!
Hello,
We currently have an IOS Mobile app using the ad-hoc provisioning profile with a distribution certificate. We are wanting to renew the ad-hoc provisioning profile BEFORE it expires. How do i do this without causing the application to break AND prevent the user from having to re-trust the. Can i simply create a new ad-hoc provisioning profile associated with the old certificate, rebuild the app, and send the link to the user?
I made some changes to my MAUI app in VS 2022 on Windows 11. I had no trouble testing my app on a locally connected iPhone before, but now when I try to debug the same app (with changes), on the same iPhone, and the same Windows machine, with the same valid certificates in the VS Apple Accounts Details, I get this error:
iOS code signing key 'Apple Development: B... (...)' not found in keychain.
Why is it even referring to the keychain when I'm on a Windows machine using VS2022
valid certificates in the VS Apple Accounts Details
Also, I'm getting "MSB6006: 'codesign' exited with code 3." error when trying to test/debug on a remote mac machine.
Hello . Currently, only the ios version is on sale on the App Store. The application is offering an icloud-linked, auto-renewable subscription.
I want to sell to the app store connect with the same identifier, AppID at the same time.
I simply added visionos to the existing app project to provide the visionos version early, but the existing UI-related code and the location-related code are not compatible.
We used the same identifier with the same name, duplicated and optimized only what could be implemented, and created it without any problems on the actual device.
However, when I added the visionos platform to the App Store cennect and tried to upload it through the archive in the app for visionos that I created as an addition, there was an error in the identifier and provisioning, so the upload was blocked.
The result of looking up to solve the problem
App Group
-I found out about the function, but it was judged that a separate app was for an integrated service, so it was not suitable for me.
Add an APP to an existing app project via target and manually adjust the platform in Xcode -> Build Phases -> Compile Soures -> Archive upload success?( I haven't been able to implement this stage of information yet.)
I explained the current situation. Please give me some advice on how to implement it.visionos has a lot of constraints, so you need to take a lot of features off.
When I try to copy existing provision profile from our onprem mac mini to aws mac mini it is disappeared from the folder . /Users/ec2-user/MobileDevice/Provisioning Profiles/
Not sure whats going here .
Hi,
I created a developer id certification from my apple developer account a couple of year ago and downloaded it as .cer file into my Laptop. Now I want to use this certificate to sign my application, but unfortunately Xcode shows an error message like 'Missing Private Key" and I can also see that there is no private key under my developer id certificate(there is no grey arrow to expand to see private cer) in keychain access. Moreover my developer account is expired and I do not want to extend it yet so unfortunately no solutions with apple developer account will work like creating a new certification etc.
Do you have any other solutions like using Keychain Access or Xcode to link my private key again into my developer id certificate?
Note:
1-.cer file was created on my laptop by me, which I am using now. So I would expected that the related private key should already exist in my Keychain Access(if I did not delete it mistakenly.) but I do not know which private key is the relevant one, I have several of them.
2-I have also a CertificateSigningRequest.certSigningRequest file which was copied near my .cer file. Maybe it could be useful for a solution?
3-No! unfortunately I do not have any .p12 file.
4-I had already installed current AppleWWDRCAG3 file before I import my .cer file into my Keychain Access Tool.
5-Get Info shows that my cer file is still valid till sep 2025.
6- I have already restarted my Xcode and laptop.
7-I tried all solutions here:
https://stackoverflow.com/questions/12867878/missing-private-key-in-the-distribution-certificate-on-keychain
8-https://developer.apple.com/account/resources/ shows me no certificate with the reason that my membership expired
9-I removed and re-added my apple account into Xcode. the same error occurred.
XCODE:Version 15.3 (15E204a)
OSX:macOS Sonoma 14.2.1
Thanks a lot in advance.
If I develop my app with an SDK(binary) that other person developped and then the SDK certificate has expired,Can I submit my app to app store?
Or should I get a new SDK with updating certificate?
Hello,
I am setting up a build (Gitlab CICD) runner. I create a keychain and imported certificate and my signing key.
$ security find-identity -v
XXXXXX "Developer ID Application: XXXXXX, INC. (XXXXXX)" (CSSMERR_TP_NOT_TRUSTED)
1 valid identities found
$ security find-identity -p codesigning -v
XXXXXX "Developer ID Application: XXXXXX, INC. (XXXXXX)"
1 valid identities found
Codesign fails with
unable to build chain to self-signed root for signer "Developer ID Application: XXXXXX, INC. (XXXXXX)" errSecInternalComponent
On the local machine everything is fine.
I think the point is that the identity is both valid and CSSMERR_TP_NOT_TRUSTED.
What can I do about it?
Hello,
I'm have a new Macbook and setup my Enterprise account. Part of my job is to view the expiration dates on certificates for other users. This should be a simple process but when I click on the certificate, there's a button "view certificates" I should be able to click on and see the expiration date and basic details on that specific certificate.
The problem I have is that when I click on "view certificates", I get the error: "An error has occurred. Unable to display information about the selected item."
I've tried steps online but to no avail. How can I get this fixed? My two other coworkers are able to just click on that button and view the certificate details, except for me. I've attached the screenshot.
Thank you for your help
Regards
JJ
Electron-Builder Version: 24.12.0
Electron-Builder-notarize Version: 1.5.1
Node Version: v15.14.0
Electron Version: 11.3.0
Electron-updater version: ^4.3.5
Target: Mac Apple Store (mas)
Hello, I am trying to build and sign a new version of my electron app for the mac apple store (mas), but when I get to the final step of uploading the RenderTune.pkg file to the mac transporter app, I get a failed status with 22 errors all the same formatting like so:
Asset validation failed (90284)
Invalid Code Signing. The executable 'com.martinbarker.digifyunique.pkg/Payload/RenderTune.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/etc....dylib' must be signed with the certificate that is contained in the provisioning profile. (ID: abc-abc-abc-abc-abc)
In order to build and sign this RenderTune.pkg file, first I run the command npm run build-mas locally while on branch v1.1.5 ( code here )
Which runs the following command:
"build-mas": "electron-builder build --mac && sh signmasscript.sh",
So first it runs electron-builder build --mac and gives this output:
Martins-MacBook-Air:rendertune-v1.1.5-feb-24 martinbarker$ npm run build-mas
> rendertune@1.1.5 build-mas
> electron-builder build --mac && sh signmasscript.sh
• electron-builder version=24.12.0 os=20.6.0
• loaded configuration file=package.json ("build" field)
• writing effective config file=dist/builder-effective-config.yaml
• packaging platform=darwin arch=x64 electron=11.3.0 appOutDir=dist/mac
• signing file=dist/mac/RenderTune.app platform=darwin type=distribution identity=ACBACBACBACBACBACBACBACBACB provisioningProfile=none
• skipped macOS notarization reason=`notarize` options were not provided
• building target=DMG arch=x64 file=dist/RenderTune-mac.dmg
• building target=macOS zip arch=x64 file=dist/RenderTune-mac.zip
• building block map blockMapFile=dist/RenderTune-mac.dmg.blockmap
• building block map blockMapFile=dist/RenderTune-mac.zip.blockmap
Completes without issue. The next part is running the signmasscript.sh file, which does complete but gives these errors:
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
Failed to parse entitlements: AMFIUnserializeXML: syntax error near line 1
productbuild: Adding component at /Users/martinbarker/Documents/projects/rendertune-v1.1.5-feb-24/dist/mas/RenderTune.app
productbuild: Signing product with identity "3rd Party Mac Developer Installer: Martin Barker (LV6WXG529F)" from keychain /Users/martinbarker/Library/Keychains/login.keychain-db
productbuild: Adding certificate "Apple Worldwide Developer Relations Certification Authority"
productbuild: Adding certificate "Apple Root CA"
productbuild: Wrote product to /Users/martinbarker/Documents/projects/rendertune-v1.1.5-feb-24/RenderTune.pkg
productbuild: Supported OS versions: [10.10.0, )
The final output RenderTune.pkg file gives 22 error messages saying `` when I try to deliver it via the mac os transport app.
Asset validation failed (90284)
Invalid Code Signing. The executable must be signed with the certificate that is contained in the provisioning profile
Is my app even being signed correctly? Or is there just one file that I need to fix? Please help me out !
I am having trouble with my Team/Bundle Identifier and the iOS box right under it in Signing & Capabilities. I went and tried to add my device to the apple developer website but it was already logged in. If anyone can help me that would be most appreciated.
Hi , In one of our application we are having issues of bundle Id mismatch in the distribution profile. Say there are two applications X and Y.
Issue Description : On the developer portal inside the distribution profile the App Id shown is correct I.e of X but when we download the distribution profile and open it in the textedit we can see that the bundle id is of another application i.e of Y .
Due to which are are unable to submit or upload the application.
Note: Both of them have contact notes as additional permission.
I've installed the same developer certificate onto three different Macs.
When viewed in the keychain (or in Xcode) on one Mac it says its revoked, on another it says its not trusted, but on a third there's no issue reported.
How could there be a difference between the three Macs?
(Both Macs have the date/time set to be the same).
Can 3rd party software, VPNs etc. interfere in this at all?