Hi there, Currently having some issues debugging on a physical device. I am running a flutter app, and have a provisioning profile provided by our client company that is not expired and has worked up until recently just fine with physical devices. Running the app on a simulator works okay as well. However, all of the sudden the app will not run on a physical device. The build succeeds fine, but then I receive the error "Unable to install runner: A valid provisioning profile for this executable was not found". I have opened devices and simulators and tried to install the provisioning profile on the device, but get the error "Failed to install one or more provisioning profiles on the device: Please ensure the provisioning profile is configured for this device. If not, please try to generate a new profile." I don't know why this error appears, because I have used this exact profile on this device many times before. I'm hesitant to contact the client to receive a new provisioning profile because it is not easy to do, and again this one has worked fine until now. Does anyone have any ideas? Thanks!

I tried several things but I can't get it how to make an certificate

Receiving this error when clicking on an email link with the subject "iOS Distribution Certificate Expires in 30 Days" Error is "Unable to find a team with the given Team ID 'xxxxxx to which you belong."

i sign app as always, but next step, i can not use cloud managed certificate, don't know why, anyone who can help me but i create a new project with same bundle id, it worked fine only my old project cannot

I want to understand the right way to manage the signing of my apps when the development is done by a 3er party company. I'm working in a company, we are not mobile developers, so we use 3er party agancies to develop the apps we need. Even if we are not a development company, we want to upload all the apps i our store. And we don't want to give full access to the 3er party companies. I believe that the best option is give a limited development certificate to one develope of the 3er party companies to make the archive, generate a IPA file and send it to us. Then, whit the IPA file, we are going to re-sign the file with our "production certificates" It this the right aproach? Could be done by any 3er party companies? Can I limitate even more the access to 3er party companies developers? Thanks!

pkgutil --check-signature *** output: Status: signed by a certificate that has since expired Certificate Chain: 1. xxxxx Expires: 2024-06-01 22:33:34 +0000

If you’ve ever met this problem before “New Apple Developer Team not showing up in Xcode” So yesterday while preparing our app Cafia Inc. to be released on the iOS platform, one of our developer encountered the above problem, lots of research were made and questions asked but none proffered a solution to the problem. We got confused and frustrated, why is this not working?!? What did we miss? We’ve ticked the certificate box thing, made him an admin,but it still didn’t work. That’s when our CEO Alo Michael decided to try one last thing and boom 💥 the problem was fixed, so we decided to share it with the world just in case. This was what we did, find your way to apple developer console as a holder then go to Certificate, IDs & Profiles, then tap on Certificates, tap on the teammate who’s having this issue’s profile, they should download the certificate to their MacBook like this. Download your certificate to your Mac, then double click the .cer file to install in Keychain Access. Make sure to save a backup copy of your private and public keys somewhere secure. And that was how we fixed it.. Please share to anyone who might need this.

I updated my keychain certificate. At that time I forgot to always trust and build. When I did so, I was prompted repeatedly to enter my username and password in a dialog. There were so many that I rejected them all in the process. Then I went to the keychain, changed the certificate to always trust, and built again. But I got an error and was told to change the trust setting back to default. So I did as I was told and built again. Then I was asked to enter my username and password again and again, so this time I entered them all correctly. However, it still did not work. After building Xcode, I found a Repair button in the provisioning file settings, so I pressed it and built again. After entering the dialog, I got Build Sccess, but it could not start and I got an issue dialog. How do I get it to build on a real machine? Details Could not launch “Runner” Domain: IDEDebugSessionErrorDomain Code: 3 Failure Reason: failed to get the task for process 14356 User Info: { DVTErrorCreationDateKey = "2023-06-06 06:48:35 +0000"; DVTRadarComponentKey = 855031; IDERunOperationFailingWorker = DBGLLDBLauncher; RawUnderlyingErrorMessage = "failed to get the task for process 14356"; } -- Analytics Event: com.apple.dt.IDERunOperationWorkerFinished : { "device_model" = "iPhone10,3"; "device_osBuild" = "15.4.1 (19E258)"; "device_platform" = "com.apple.platform.iphoneos"; "launchSession_schemeCommand" = Run; "launchSession_state" = 1; "launchSession_targetArch" = arm64; "operation_duration_ms" = 22537; "operation_errorCode" = 3; "operation_errorDomain" = IDEDebugSessionErrorDomain; "operation_errorWorker" = DBGLLDBLauncher; "operation_name" = IDEiPhoneRunOperationWorkerGroup; "param_consoleMode" = 0; "param_debugger_attachToExtensions" = 0; "param_debugger_attachToXPC" = 1; "param_debugger_type" = 5; "param_destination_isProxy" = 0; "param_destination_platform" = "com.apple.platform.iphoneos"; "param_diag_MainThreadChecker_stopOnIssue" = 0; "param_diag_MallocStackLogging_enableDuringAttach" = 0; "param_diag_MallocStackLogging_enableForXPC" = 1; "param_diag_allowLocationSimulation" = 1; "param_diag_checker_tpc_enable" = 1; "param_diag_gpu_frameCapture_enable" = 0; "param_diag_gpu_shaderValidation_enable" = 0; "param_diag_gpu_validation_enable" = 0; "param_diag_memoryGraphOnResourceException" = 0; "param_diag_queueDebugging_enable" = 1; "param_diag_runtimeProfile_generate" = 0; "param_diag_sanitizer_asan_enable" = 0; "param_diag_sanitizer_tsan_enable" = 0; "param_diag_sanitizer_tsan_stopOnIssue" = 0; "param_diag_sanitizer_ubsan_stopOnIssue" = 0; "param_diag_showNonLocalizedStrings" = 0; "param_diag_viewDebugging_enabled" = 1; "param_diag_viewDebugging_insertDylibOnLaunch" = 1; "param_install_style" = 0; "param_launcher_UID" = 2; "param_launcher_allowDeviceSensorReplayData" = 0; "param_launcher_kind" = 0; "param_launcher_style" = 0; "param_launcher_substyle" = 0; "param_runnable_appExtensionHostRunMode" = 0; "param_runnable_productType" = "com.apple.product-type.application"; "param_runnable_type" = 2; "param_testing_launchedForTesting" = 0; "param_testing_suppressSimulatorApp" = 0; "param_testing_usingCLI" = 0; "sdk_canonicalName" = "iphoneos16.2"; "sdk_osVersion" = "16.2"; "sdk_variant" = iphoneos; } -- System Information macOS Version 12.6.3 (Build 21G419) Xcode 14.2 (21534) (Build 14C18) Timestamp: 2023-06-06T15:48:35+09:00

After updating the os to iOS17 beta, not able to install the enterprise app through ipa, it throws error Error installing '//Downloads/-Internal-Appstore-23.6.5-1.ipa', ERROR: Error Domain=com.apple.dt.CoreDeviceError Code=3002 "Failed to install the app on the device." UserInfo={NSUnderlyingError=0x600019bcc750 {Error Domain=com.apple.dt.CoreDeviceError Code=3000 "The item at -Internal-Appstore-23.6.5-1.ipa is not a valid bundle." UserInfo={NSURL=file:////Downloads/-Internal-Appstore-23.6.5-1.ipa, NSLocalizedDescription=The item at -Internal-Appstore-23.6.5-1.ipa is not a valid bundle., NSLocalizedFailureReason=Failed to read the bundle.}}, NSLocalizedDescription=Failed to install the app on the device., NSURL=file:///Downloads/-Internal-Appstore-23.6.5-1.ipa} Kindly update on this. Do any code side changes have to be done for this to fix these issue?

I have an app that was built on my first mac, i got a new one and moved the code and everthing to this new mac. I exported the private key and certificate from the old mac to the new one. Tried everthing on the internet about signing an app, but it just doesn't work. Now i'm stuck in a loop on xcode. I get the message "Revoke Certificate", when i click it, xcode create a new one, but it's already expired(despites it saying that will expire in 2024), if i try to manage certificates and create from there, nothing happens. If i delete the expired certificate from keychain, the revokate certificate message comes back. Any tips?

Hi! I am working with App Store Connect API for the first time, from NodeJS (if that matters, but I also tried with curl). I was able to authenticate and send GET requests with no problem, but when trying to send POST request I always get "METHOD_NOT_ALLOWED" error. Is anyone able to send post request? specifically to "https://api.appstoreconnect.apple.com/v1/certificates", but I also tried the Profiles endpoint, and I got the same problem. The docs claim its possible, but this error makes me feel something is not updated over there. Any help will be very much appreciated! Some extra information: JWT Playload: { iss:"KEY ISSUER", iat:Math.floor(Date.now() / 1000), exp:Math.floor(Date.now() / 1000) + (60 * 10), aud:'appstoreconnect-v1', scope:[ 'POST /v1/certificates' ] } JWT Options { algorithm:'ES256', header:{ alg:'ES256', kid:"KEY ID", typ:'JWT' } } Request Body(Before Stringify): { data:{ type:'certificates', attributes:{ certificateType:'IOS_DISTRIBUTION', csrContent:"PEM CERT" } } }

I'm trying to build a signed app-image with jpackage in MacOS so I can notarize the application after that and then distribute without warnings. I already imported the Dev ID Installer and Application certificates to a temp keychain, only to use on my script inside macos, here is the code: security create-keychain -p $MACOS_KEYCHAIN_PASSWORD $MACOS_KEYCHAIN security set-keychain-settings -lut 21600 $MACOS_KEYCHAIN security unlock-keychain -p $MACOS_KEYCHAIN_PASSWORD $MACOS_KEYCHAIN security import devIDApplication.p12 -k $MACOS_KEYCHAIN -f pkcs12 -A -T /usr/bin/codesign -T /usr/bin/security -P $MACOS_CERTIFICATE_PASSWORD security import devIDInstaller.p12 -k $MACOS_KEYCHAIN -f pkcs12 -A -T /usr/bin/codesign -T /usr/bin/security -P $MACOS_CERTIFICATE_PASSWORD security set-key-partition-list -S apple-tool:,apple: -k $MACOS_KEYCHAIN_PASSWORD $MACOS_KEYCHAIN The two certificates were imported, the output is: 1 identity imported. 1 identity imported. But then, when I use jpackage (open-jdk17.0.2 from jdk.net) I receive this error: [18:05:09.091] jdk.jpackage.internal.ConfigException: Signature explicitly requested but no signing certificate found at jdk.jpackage/jdk.jpackage.internal.MacAppBundler.doValidate(MacAppBundler.java:136) at jdk.jpackage/jdk.jpackage.internal.AppImageBundler.validate(AppImageBundler.java:70) at jdk.jpackage/jdk.jpackage.internal.Arguments.generateBundle(Arguments.java:675) at jdk.jpackage/jdk.jpackage.internal.Arguments.processArguments(Arguments.java:550) at jdk.jpackage/jdk.jpackage.main.Main.execute(Main.java:91) at jdk.jpackage/jdk.jpackage.main.Main.main(Main.java:52) [18:05:09.092] jdk.jpackage.internal.PackagerException: Bundler Mac Application Image skipped because of a configuration problem: Signature explicitly requested but no signing certificate found Advice to fix: Specify a valid mac-signing-key-user-name and mac-signing-keychain at jdk.jpackage/jdk.jpackage.internal.Arguments.generateBundle(Arguments.java:688) at jdk.jpackage/jdk.jpackage.internal.Arguments.processArguments(Arguments.java:550) at jdk.jpackage/jdk.jpackage.main.Main.execute(Main.java:91) at jdk.jpackage/jdk.jpackage.main.Main.main(Main.java:52) Caused by: jdk.jpackage.internal.ConfigException: Signature explicitly requested but no signing certificate found at jdk.jpackage/jdk.jpackage.internal.MacAppBundler.doValidate(MacAppBundler.java:136) at jdk.jpackage/jdk.jpackage.internal.AppImageBundler.validate(AppImageBundler.java:70) at jdk.jpackage/jdk.jpackage.internal.Arguments.generateBundle(Arguments.java:675) ... 3 more [18:05:09.091] No certificate found matching [Developer ID Application: Company - EPP (USERCODE)] using keychain [signing_temp.keychain] I'm really stuck on this, can anyone help me? The jpackage script I'm using: jpackage --type app-image --input "$INPUT/target/" --dest "$INPUT/target/output" --name "$NAME" \ --main-jar package.jar --main-class org.test.launcher.Launcher --add-modules "$JDK_MODULES" \ --resource-dir "$RES" --copyright "$COPYRIGHT" --app-version "$VERSION" --description "$DESC" --vendor "$VENDOR" \ --verbose \ --mac-sign \ --mac-signing-keychain "$MACOS_KEYCHAIN" \ --mac-signing-key-user-name "$MACOS_CERT_IDENTITY" \ --mac-package-identifier "$IDENTIFIER" \ --mac-entitlements "$RES/uri-launcher.entitlements" \ "${customOptions[@]}" "${commonOptions[@]}"

Recently I’ve been playing around with Xcode Cloud, with a focus on learning more about its cloud siging feature. One question that came up is how to distinguish a cloud signing certificate from a standard one. In Certificates, Identifiers, and Profiles this is easy: Cloud signing certificates have a Managed suffix. But what about in a built binary? After a bit of digging, I discovered that a cloud signing certificate has a special OID that identifies it as such. Consider: % codesign -d --extract-certificates CloudSigningTest.app … % mv codesign0 codesign0.cer % dumpasn1 -a -p codesign0.cer SEQUENCE { SEQUENCE { … [3] { SEQUENCE { … SEQUENCE { OBJECT IDENTIFIER '1 2 840 113635 100 6 1 32' OCTET STRING, encapsulates { NULL } } } } } … } This is actually documented on the Apple PKI page, in Certification Practice Statement > Developer ID > 2.2 Community and Applicability, which says: Cloud Managed certificates include an additional non- critical custom extension OID 1.2.840.113635.100.6.1.32 to indicate they are Cloud managed. So, there you go! And yes, I realise that it’s possible that the only person who’ll ever need to reference this post is Future Quinn™, but I’m OK with that (-: If you have questions or comments, start a new thread here on DevForums and tag it with Signing Certificates so that I see it. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hello, I have a flutter project where my team is pushing changes for an ios app. We have tested locally with no issue and unit tested it. About a week ago we received the following error when we distribute the app. App Store Connect access for “******” is required. Add an account in the Accounts preference pane. Please try again, and if issue persists file a bug report at "https://feedbackassistant.apple.com." Our signing has not changed, nor has our permissions in the app. I have reached out to support several times and they literally said they aren't tech savvy and I should go here. With links too the code signing docs even though already had it booked marked. I get it, app markets are a pain on any platform. Do I have to resign again cause apple updated something? I am definitely not a fan of apple's code signing process. I would rather just automate this if there is a better solution. We tried CodeMagic but keep running into issues with that as well.

Hello! I am having trouble with a Developer ID Application certificate that I have clearly added to the Keychain with Keychain Access not being recognized by codesign or DMG Canvas. Here is the command that DMG Canvas uses to see if there are any certificates for signing: $ /usr/bin/security find-identity -p codesigning Policy: Code Signing Matching identities 0 identities found Valid identities only 0 valid identities found This shows that no certificates are found but there definitely are some. I installed this cert to both the System and login keychains, I tried to the Local Items keychain but this failed with an error I will display below. This image (names redacted) clearly shows the certs are there, valid, and not expired (behind the error) and also shows the error popup for when I try to add the cert to the Local Items keychain: Essentially I am asking why does Keychain Access say that I have the certificates but nothing can find it in order to sign applications. Thank you!