Will I need to create a new Developer Id Application signature?
Or is the existing one will still be valid after WWDR intermediate certificate expiration? (14 Feb) I'm using it for mac osx applications.
You do not need to create any new Developer ID, Development Certificate , Production certificate after expiration of WWDR Intermediate Certificate.
Do I need to regenerate any of my certificates?
No. Your existing
certificates will work with both the expiring and the renewed
intermediate certificate.
If you still face any issue with your iOS Apps , Mac Apps, Safari Extension, Apple Wallet and Safari Push Notifications, then please follow this link of WWDR Intermediate Certificate expiration.
Related
I'm distributing my macOS app outside the App Store and so far I've never code-signed it. My app targets advanced users who know how to configure macOS to allow the app to run.
With the arrival of the Apple M1 computers, however, things have changed as code-signing seems to be mandatory now for native Apple Silicon apps. That's why I'd like to ask: Is it sufficient to sign my app using a self-signed certificate when distributing it outside the App Store? Will it be possible for users who download an app that was signed using a self-signed certificate to run that app?
I'd expect that Gatekeeper will probably block such an app first because it was signed using a self-signed certificate but will users be able to override Gatekeeper's veto in the security settings (as it was previously the case with non-signed apps)?
Or do all apps built for Apple Silicon have to be signed with an official Apple certificate? I'd like to avoid that because last time I checked this was $99 per year.
You can codesign with ad-hoc feature. codesign -s - -f /path/to/filename. This doesn't need certificate.
I've tried creating the certificate and provisioning profile over and over again, but I cannot get it to build on iOS through Phonegap Build. I get this error every time:
Error - Certificate doesn't match profile: The default keychain doesn't have an identity matching
I've done this many times in the past, but for whatever reason I can't get it to work now.
The provisioning profile contains the certificate and I can generate the .p12 file just fine.
My mac will only allow me to upgrade OS up to 10.13.6 and xcode up to 10.1. Is there any issue with keychain using older versions of these?
How do I solve this issue?
I figured it out.
After updating OS and xcode I scrubbed keychain, created new certificate signing requests, revoked all the old certificates in apple developer and then created a new certificate and profile.
Our enterprise app was distributed through Fabric Crashlytics Beta but after a year the app won't open from the device. When you tap the icon it will just close. It can't be download also.
The distribution certificate was not expired nor revoked.
And releasing a build with a new generated certificate fixed the issue but the cause is still unknown.
The certificate is valid for 3 years, but the provisioning profile you used to build the app with is valid for 1 year at most. You can push a new provisioning profile to the devices without having to re-build the app, but without a non-expired provisioning profile that is valid for the app's bundle ID and the certificate used to sign it, the app will refuse to run.
Long story short, if you are doing enterprise distributions, you will need to push out a provisioning profile (either through mobile device management [MDM] or by building the app again with a new provisioning profile [the profile is bundled with the ipa when you package the app]) at least once a year. Then once every 3 years, you will need to get a new certificate, generate a new profile for that certificate, and build and deploy a new binary that has been signed with the new cert.
I have created an electron app. Now I want to sign code for both windows and mac platform. But I have only go daday pfx certificate.I successfully signed code using pfx certificate from go daday in windows platform. So,Can I sign an electron app on macos platform using go daday certificate?
You can sign a macOS app with a GoDaddy code-signing certificate, but it probably won't do what you want. Here's what Apple's developer documentation says (with my emphasis added):
Note: Apple uses the industry-standard form and format of code signing
certificates. Therefore, if your company already has a third-party
signing identity that you use to sign code on other systems, you can
use it with the macOS codesign command. Similarly, if your company is
a certificate issuing authority, contact your IT department to find
out how to get a signing certificate issued by your company. However,
while these valid certificates allow you to sign your code, you can
only distribute through the App Store or through the Developer ID
program when you sign with a certificate issued by Apple.
So, the question is: how is your application going to be distributed to users' computers?
If it's sold through Apple's App Store, you need to become an Apple Developer, get a Mac App Distribution certificate from Apple, and sign the app with that before submitting it to Apple.
If it's distributed outside Apple's App Store (e.g. via web download), then you also need to become an Apple developer, get a Developer ID certificate, and use that to sign it. If you don't sign it with the right kind of certificate, Gatekeeper will prevent users from opening the app unless they go through a special procedure to trust the app.
Either way, you need to join the Apple Developer program, and use an Apple-issued code signing certificate to sign the macOS version of your app.
My "Mac App Distribution" certificate will expire in a couple of weeks. When this happens, will my applications cease to function properly?
This has been asked a lot, except in my situation, my applications are not distributed through the Mac App Store.
Users can still download, install, and run versions of your Mac apps that were signed with your certificate before it expired. However, you’ll need new Developer ID certs to sign updates and create new apps.
Developer ID signatures carry cryptographic timestamps by default.
Signatures with cryptographic timestamps are validated against the
signing time, and signatures made with expired (at signing time)
certificates are invalid.
OS X Code Signing In Depth
Replacing Expired Certificates