Code Signing in Xcode - macos

I was going to turn on code signing for my mac app so I'm able to submit the app to the mac app store. But when I select the 3rd party mac application cert for code signing it says that there were no profiles matching.
And when I'm trying to build the app like that I'm getting the error:
Code Sign error: The identity '3rd Party Mac Developer Application'
doesn't match any valid certificate/private key pair in the default
keychain
And I can't figure out why. I've tried to revoke and reinstall my certificate but that doesn't seem to help.
Here's 2 screenshots. Of the code signing part in the build settings and one from keychain access.
Maybe your able to see what's wrong?
If you need any more info please let me know! :)

Go to Build Setting --> Code Signing Identity --> Select Don't Code Sign.
it will not show Build & Error. (This will work only when you don't want to sign in).

It seems you have a missing key. I'm not sure on the reason why it's missing, but creating a new certificate will likely work.
(For other users, this solution was discussed in chat, this answer was posted here as reference.)

Related

macOS installer certificate evaluation error in Keychain: Invalid Extended Key Usage

I generated a mac installer certificate for use with code signing and am getting an error that is preventing me from using certificate to sign installer
When evaluating certificate in keychain access, I got an error: Invalid Extended Key Usage.
Here is the sequence of errors when trying to evaluate an installer certificate for code signing.
I find this process works better when generating code signing keys with Xcode rather than through the Keychain access app directly. This will help you create your code signing certificate with the correct provisioning and signing parameters for the type of app you are developing. If you don't yet have a paid developer account with Apple, you can still create a self signed certificate for code signing to generate signed apps without uploading them to app store.
First you have to add your Apple ID to Accounts preferences in Xcode.
Start Xcode
Select Xcode > Preferences from the navigation bar.
At the top of the window select Accounts.
Click on the + on the lower left corner and select Add Apple ID...
A dialog will appear. Add your Apple ID and your password, then select Sign in. If you don't have an account you can create your Apple ID by selecting Create Apple ID.
Select your Apple ID and your team from the right side bar, then click on View Details....
A dialog will appear where you will see your code signing identities and the provisioning profiles.
For iOS development, under the signing identities locate the iOS Development and iOS Distribution profiles.
If you have not created them you will see a Create button next to
them.
Simply select it and Xcode will issue and download your code signing
identities for you with the correct developer certificate params for
iOS app development.
Note: If you already have Code Signing Identities issued to your developer account: you will see a Reset button next to them. You can issue new certificates with it, that Xcode will generate and download, however note that this will invalidate your previous certificate, so only do this if you've lost those files or if you know what you are doing!
In future, once you have it all working I also suggest clicking the option in Xcode to allow it to automatically manage code signing. This will automatically renew your certification whenever it expires, so there won't be extra steps to renew. This option should be available in the general project settings of your app, it can also be reached by selecting project > Targets > General > Signing
Hope that helps you, best of luck!
There are some possible reasons for certificate evaluation failure:
The certificate may be not for code signing (similar to this). In this case, you should obtain a new certificate that supports code signing.
The certificate may be for code signing but damaged (similar to this). In this case, you should delete this certificate and install it again.
Note that you can create a self-signed code signing certificate in keychain app for test purpose, following this and this tutorials. Make sure to enable it in "Get Info" > "Trust" set as "Always Trust".

Signing certificate is invalid

I am not able to automatically validate signing certificates with XCode 9. I have tried everything including cleaning my project using cmd+shift+k. and removing all ld signing certificates. I have a paid developer account and it is still not working.
Add the apple account to the xcode using preferences.
And this should help you.

Missing Developer ID Application signing identity for (null)

While trying to export a Developer ID Signed Mac application with Xcode I run into this error: "Missing Developer ID Application signing identity for (null)" How do I resolve this?
I struggled with this issue for a while so wanted to post what I found in case others run into a similar issue. I ran into the above issue after revoking my certificate while trying to export my build from a friend's machine. I found the best support by going step by step through this link:
https://developer.apple.com/library/content/documentation/IDEs/Conceptual/AppDistributionGuide/DistributingApplicationsOutside/DistributingApplicationsOutside.html
I would recommend following the steps in this link for anyone uploading a build to the Mac app store or exporting a Developer ID Signed Mac application.
There is a certificate called "Developer ID Certification Authority", this seems to be the one I was missing, and which caused the most trouble.
Another interesting thing to note is that the 10 digit letter/number ID for your Team/Distribution profile will be different than the ID for your developer profile. This should not throw you off, these two profiles work together.
Another good thing to know is that at the top of developer.apple.com there is a non-obvious drop down menu that lets you switch between iOS, tvOS, watchOS profiles and MacOS X profiles.
Another non-obvious UX issue when dealing with certificates is the system tab within Keychain Access. If you read that you should delete or change a property both within Login and within system, when they write system, they are referring to the system tab, which can be accessed within Key Chain access and can be seen at the bottom of this image:
This link is also helpful for certificate trouble shooting:
https://developer.apple.com/library/content/documentation/IDEs/Conceptual/AppDistributionGuide/Troubleshooting/Troubleshooting.html#//apple_ref/doc/uid/TP40012582-CH5-SW11
But mainly just go through the steps in the first link given for exporting a Mac App with Developer ID Signing.

Mac Codesign wants wrong key

I am trying to publish an iPhone app on my Mac. When building the application, it asks me:
"codesign wants to sign using key "Ryan Rasmussen" in your keychain."
I think that Ryan Rasmussen is my key for my computer.
I think it is supposed to use one of the keys that I installed from iTunes connect for those users.
So when I use Application loader to try to upload the app, it doesn't like the certificate.
How do I get codesign to use the correct certificate?
It sounds like your AppStore build is picking up a development certificate. Make sure that your Release target is set to iOS Distribution.
If that doesn't fix the problem, you can explicitly select the correct distribution certificate in the same setting.
If you don't see the distribution certificate in the Code signing identity dropdown menu, check that the certificate is available in Keychain Access.app. If it isn't there, you need to double click the certificate in the finder to import it.

Can't submit Mac app via xcode4 - Invalid Signature

I keep getting this error:
Invalid Signature - This error occurs when you have signed your app's installer incorrectly. There are two certs required for this process: the "3rd Party Mac Developer Application" cert and the "3rd Party Mac Developer Installer" cert. When signing your package, you need to ensure that you are using the Installer cert to sign your package. Ensure that you are specifying this cert when submitting your app via the Xcode Organizer or when running productbuild from the command line.
I've googled, and have followed instructions but to no avail.
I have:
Projects > targets > build > code signing > 3rd Party Mac Developer Application:
Then when I go to archive and it opens up Organizer I go to submit I select the '3rd Party Mac Installer' key. But it still fails :(
Do I need to do anything else? Like clean and then build first? (Build for what? Or just select build? - Although I've tried pretty much all of them first, and then archive).
If it's of relevance I am using MacRuby, and had to do this first to set it up for xcode deployment: http://redwoodapp.posterous.com/macruby-and-xcode-4-build-a-self-contained-ma
Any help appreciated - I'm tearing my hair out here :(
I had the same problem lately. And this is a perfect chance to write down and share my own notes. :)
I am assuming you are using Xcode and Organizer (not application uploader)
Step 1: Check Keychain Access.app.
You have to have two certificates (That you download from mac dev center). Each of these has to be linked with a private key.
In the picture, I have only one certificate "nacho4..." linked with a private key "nac...". So I should go to the mac dev center and download my certificates in order to continue. Download them and drag them into the "login".
Step 2: Make sure you can build your app with the right configuration.
In my case, I setup three configurations.
Debug: can debug + no signing (for development)
Release: cannot debug + no signing (mainly for internal betas, etc)
Distribution: cannot debug + signing (for app store distribution)
Go to project "build info">"build signing">
Make sure that you are signing you code with the correct sign identity. Something like: "3rd Party Mac Developer Application. My Company Inc."
*If you can't see this then it means something wrong is with your certificates in Keychain Access.app. Check your certificate is linked with a private key
Step 3 Make sure you are building the right configuration.
(Yeah, kind of obvious but it happened to me the last time. This is the reason you could be getting "Invalid signature") In the "Edit Scheme" panel , make sure you have the right configuration in the "Archive" section. In my case is "Distribution" (The default is "Release ")
Note that if you don't do this correctly you will get be able to submit your binary to Apple but minutes later you will get an "Invalid Signature". Because the certificates are fine but the app is not signed.
Step 4: Build you app and submit it
Xcode>Product>Archive
The organizer will appear. Now just submit it.
I have found that validating the archive is useless because sometimes even the validation fails I am able to submit my app without errors. I read this from other threads too so not only me. So if you are sure this is the version you want to submit to Apple. just press the submit button.
You are asked your username and password.
Then, you get another menu to select the application (With has only one option, at least in my case) and then select the signing identity I think.
This is important! Make sure "3rd Party Mac Developer Installer" is selected and everything should work.
If you can't see "3rd Party Mac Developer Installer" option in the last menu then it means something is missing in your keychain. (The Installer certificate from the mac dev center)
Note that if you don't do this correctly you will be able to submit your binary but minutes later you will get an "Invalid signature" mail from iTunes Connect because the app probably could be well signed but the certificates Apple will se are incorrect.
I hope it helps.
The other two answers are good checklists, but it didn't work for me.
My problem was that I had installed Xcode 3.2.6 on Lion (it doesn't work anyway, but that's another story). This corrupted the productutil app.
To fix it: install the BSD.pkg in the Packages folder of your Lion Installer.
Thanks to Jacob Gorban to share his solution on Apple Devs Forums.
Think this is finally sorted - thanks to Daniel from the MacRuby mailing list. I actually ended up creating a ticket with Apple, but hopefully they won't charge me for it now it's been fixed without them.
You can view the solution here: http://astonj.com/uncategorized/invalid-signature-error-on-submitting-app-to-the-mac-app-store/

Resources