How to remove "Developer ID Application" certificate?

Developer ID signing identities are precious. Anyone with access to one can ship code as you. Given that, you should treat them with care:

• You should not create them unnecessarily. Most folks only need to create one (well, one each for Developer ID Application and one Developer ID Installer). For a large organisation it might make sense to create a few, one for sub-units within the organisation.

• You should carefully manage access to them. Remember, if one leaks then folks will be able to start shipping code as you.

If you’re trying to create a new Developer ID signing identity because your previous one was compromised, follow the instructions in the Compromised Certificates section of this support article.

If you’re trying to create a new Developer ID signing identity because you’ve misplaced your previous ones, I encourage you to look harder. If you can find the previous ones, it’ll save you a whole bunch of hassle.

If your absolutely sure that you previous Developer ID signing identities are completely lost, you should talk to Developer Programs Support. Go to the main Contact Us page and follow the path Development and Technical > Certificates, Identifiers and Provisioning Profiles.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"

Oh, one extra point…

Because Developer ID signing identities are so precious, the developer web site will only let the Account Holder create them. See Developer Account Help > Create certificates > Create Developer ID certificates.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Due to turnover and a few unreliable contractors, we need to revoke (at least) two Developer ID Certificates. Can I get confirmation that we are to follow the steps listed out on the Revoking Priveledges page:

You can’t revoke Developer ID or Pass Type ID certificates using your developer account. Instead, send a request to Apple at product-security@apple.com to revoke these types of certificates.

Just want to make sure that the email sent over will actually accomplish what we need (details on the two certificates were given), as the canned response from that email address contains the below:

Certificate Revocation

_Please contact Apple Developer Support to request assistance with certificate revocation or issuance at https://developer.apple.com/support/._

Oh, another extra point…

Because your Developer ID signing identities are hard to replace, I recommend that you back them up independently of the keychain:

1. Launch Keychain Access.

2. At the top, select My Certificates.

3. On the left, select the keychain use for Developer ID signing identities. For most folks this is the login keychain.

4. For each Developer ID signing identity shown…

5. Select the identity.

6. Choose File > Export Items.

7. In the file dialog, select Personal Information Exchange (.p12) in the File Format popup.

8. Enter a name, navigate to your preferred location, and click Save.

9. You may be prompted to enter the keychain password. If so, do that.

10. You will be prompted to enter a password to protect the identity. Use a strong password.

11. The end result in a .p12 file holding your Developer ID signing identity. Save that file and its associated password in a secure location.

If you lose access to your Developer ID signing identity you can import this .p12 file to get it back.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hey Eskimo, there is no option for .p12 Export for neither the Developer ID Application Cert nor the Public or Private Key, when created using a certificate signing request. Is an Export in .pem file fine or a problem for XCode later on?

there is no option for .p12 Export

That suggests you’re trying to export a certificate rather than a digital identity. For the latter, make sure that you have (the very confusingly-named) My Certificates selected at the top. See step 2 of my instructions.

Is an Export in .pem file fine

No. That’s just going to export the certificate, whereas you need to export a digital identity, that is, the certificate and the private key associated with the public key embedded in the certificate.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"