You can now easily request access to managed capabilities for your App IDs directly from the new Capability Requests tab in Certificates, Identifiers & Profiles > Identifiers. With this update, view available capabilities in one convenient location, check the status of your requested capabilities, and see any notes from Apple related to your requests. Learn more about capability requests.

I would like to code sign an app or installer with an RSA 4096-bit code signing certificate. I created a CSR using RSA4096bit and ECC in Mac Keychain Access, but I was unable to use that CSR to create a code signing certificate on the Apple Developer site. How do I issue an RSA4096-bit or ECC code signing certificate?

we are currently using an APNs Authentication Key to send notifications and have not generated any Development or Production APNs certificates. Could you please confirm whether using the APNs Authentication Key alone is sufficient under the updated requirements? Alternatively, do we need to generate Development and Production APNs certificates that support SHA-2 for compliance with the changes?

The product archive package's signature is invalid. Ensure that it is signed with your "3rd Party Mac Developer Installer" certificate. (90237) I'm receiving this error, despite the fact that I'm using this certificate when creating the pkg (with electron-forge) My configuration is shown below - note the 3rd Party Mac Developer Installer identity when using new MakerPKG. const config: ForgeConfig = { packagerConfig: { asar: true, name: 'Deep Focus', icon: 'resources/icon.icns', osxSign: { identity: 'Apple Distribution: Timeo Williams (3Y4F3KTSJA)', type: 'distribution', provisioningProfile: '/Users/timeo/Desktop/Deep Focus/deepWork/distribution.provisionprofile', preAutoEntitlements: false, // eslint-disable-next-line @typescript-eslint/explicit-function-return-type optionsForFile() { return { entitlements: 'build/entitlements.mas.plist' } } }, extendInfo: 'build/info.plist', osxUniversal: { mergeASARs: true }, appCategoryType: 'public.app-category.productivity', appBundleId: 'com.electron.deepfocus', extraResource: [ 'resources/.env', 'resources/icon.icns', ] }, rebuildConfig: {}, makers: [ new MakerSquirrel({}), new MakerZIP({}), new MakerRpm({}), new MakerDeb({}), new MakerDMG({ appPath: './out/Deep Focus-darwin-arm64/Deep Focus.app', name: 'Deep Focus', icon: './resources/icon.icns', format: 'ULFO', overwrite: true, contents: (opts) => [ { x: 130, y: 220, type: 'file', path: opts.appPath }, { x: 410, y: 220, type: 'link', path: '/Applications' } ] }), new MakerPKG({ name: 'Deep Focus', identity: '3rd Party Mac Developer Installer: Timeo Williams (3Y4F3KTSJA)' }) ], plugins: [ new VitePlugin({ build: [ { entry: 'src/main.ts', config: 'vite.main.config.ts', target: 'main' }, { entry: 'src/preload.ts', config: 'vite.preload.config.ts', target: 'preload' } ], renderer: [ { name: 'main_window', config: 'vite.renderer.config.mts' // Path to Vite config for renderer process } ] }), new FusesPlugin({ version: FuseVersion.V1, [FuseV1Options.RunAsNode]: false, [FuseV1Options.EnableCookieEncryption]: true, [FuseV1Options.EnableNodeOptionsEnvironmentVariable]: false, [FuseV1Options.EnableNodeCliInspectArguments]: false, [FuseV1Options.EnableEmbeddedAsarIntegrityValidation]: true, [FuseV1Options.OnlyLoadAppFromAsar]: true }) ] } Yet, I'm getting the error from Transporter that it's invalid?

From my developer account, when I generate CSR and submit for certificate generation private key not available and loaded into keychain

I just made a TikTok account accidentally using my Apple ID I’m trying to delete the account and the only way to delete it is to put this code in I don’t know where to look for the code and apparently it was sent to my private relay.appleid.com.

I get these errors. I think I've checked everything possible. "entitlements file, Identifiers etc." but I couldn't find a solution. I tried manual signing as well. Same result. The profiles I added also become invalid after a while. Everything seems normal in my developer account.

I am writing to follow up on my request for Family Control permission, which I submitted through the appropriate form over a week ago. Unfortunately, I have not yet received any response or access to the requested permissions. Could you kindly provide an update on the status of my request? If any further information or action is needed from my end, please let me know.

Hi, I am trying to make my app build on GitHub Action CI pipeline. App builds fine on xcode on my mac. For CI I am using command line xcode. I am getting following error: No profiles for 'com.snslocation.electricians-now' were found: Xcode couldn't find any iOS App Development provisioning profiles matching 'com.snslocation.electricians-now'. Automatic signing is disabled and unable to generate a profile. To enable automatic signing, pass -allowProvisioningUpdates to xcodebuild. (in target 'myapp' from project 'myapp') You can see full log of the build here: https://github.com/nbulatovi/ElectriciansNow/actions/runs/12603115423/job/35127512689 The provisioning profile is present, and verified in the previous steps in the pipeline, however xcode refuses to find it. If I add -allowProvisioningUpdates error stays. I tried manually mapping app id to profile name. Is there a way to get any debug log from xcode profile search, to see why is it not picking up the correct profile? Or can you maybe help in some other way? xcode version is 15.4, iOS SDK 17.5

Even if I recreate everything and register it, it does not register in xcode as shown below. No matter how many times I regenerate the certificate and profile, the same thing happens.

I'm building an app that uses the Screen Time API and DeviceActivityMonitoring Framework. It works when I run the simulator build on iPhone 16 but when I try to launch it on my own iPhone, I get these errors. Provisioning profile "iOS Team Provisioning Profile: Kanso- Digital-Wellness.Kanso-v2" doesn't include the com.apple.developer.device-activity.monitoring entitlement. KansoMonitorExtension 1 issue x Provisioning profile "iOS Team Provisioning Profile: Kanso-Digital-Wellness.Kanso-v2.KansoMonitorExtension" doesn't include the com.apple.developer.device-activity.monitoring en... Read something online that said a reboot would fix this, but I tried and no luck. Any ideas? I'm not very technical, so would pay someone to fix this for me :)

I am attempting to sign a *.pkg for distribution but I get "Could not find appropriate signing identity for 'Developer ID Application: CompanyName'. I'm calling this command to sign: productsign --sign 'Developer ID Application: CompanyName' "unsigned.pkg" "signed.pkg" I've downloaded the WWDR Intermediates, when I go through Keychain Access > Certificate Assistant > Evaluate on the cert and select "Code Signing" I get "Evaluation Status: Success" and "Certificate Status: Good". Additionally my certificate shows up as valid in my keychain. I'm at a loss for what is going on.

I'm trying to download a profile for a developer download for an app, but I get this error and can't install the profile. I've already registered the device and UDID and added it to the profile. Please let me know what I need to do.

Im trying to compile a free app from GitHub for personal use but i cant sign it since everytime im getting the same error "0 identities found". I have added my Apple ID to Xcode accounts, but in manage certificates, it shows "status not in keychain". On keychain access > login, it doesn’t show any Apple dev certificate obviously, and when I run security find-identity in terminal, I get a 0 identities found, 0 valid identities found. I don’t know where to begin, every tutorial I find requires downloading a certificate from Apples Dev website but my account is a free developer, not paid. A few months ago I was able to compile this same app so I know I don’t need a paid dev account. Any help appreciated.

I am trying to make a driver release, but failing (I think) because the manually generated distribution profiles are for the MacOS platform only, rather than MacOS and iOS together. As far as I can tell, everything is correct in the manual profiles apart from the platform. The necessary entitlements appear to be correct. In contrast, Xcode generated profiles list both MacOS and iOS as the platform and work fine for development and to generate a release archive. But Archives 'Distribute Content' gives only 'Custom' as a distribution mechanism, and no option for notarization. So, the question is: is this a problem with my developer account (and if so, what is the appropriate channel to fix it!), or is this something subtle in the project configuration?

Hello, first of all thanks for reading my post. I am having a trouble about Signing & Capabilities part on Xcode during few days. Hope someone knows how to deal with this. I created a Apple Development certificate with CSR on my MacOS through KeyChain but the Team ID(VC78G4S77J) on this certificate is different with my real Team ID(FYF9AT8ZA8) logged in. I don't even know where this 'VC78G4S77J' came from. Also I created the identifier, bundle ID, device and profile but they were all created with 'FYF9AT8ZA8'. So here is the problem. On Xcode Signing & Capabilities section, I selected Team and put Bundle Identifier connected with 'FYF9AT8ZA8' but Signing Certificate is shown as 'Apple Development: My ID (VC78G4S77J). Therefore when I build iOS simulator on Xcode or VScode, there is error 'No signing certificate "iOS Development" found: No "iOS Development" signing certificate matching team ID "FYF9AT8ZA8" with a private key was found.' If I try turn off 'Automatically manage signing' and select provisioning profile I created, Xcode said my profile does not include VC78G4S77J certificate, because my profile has FYF9AT8ZA8 certificate. Importing profile file is not helpful also. I think, first delete the all VC78G4S77J certificate in KeyChain and recreate FYF9AT8ZA8 certificate through KeyChain/CSR, however again VC78G4S77J certicate was created when I created on 'developer.apple.com'. I truly have no idea where did VC78G4S77J come from. Please let me solve this issue.. Warm regards.

Title: Apple's Outdated and Restrictive Certificate Signing Process: A Barrier to Innovation Introduction In the dynamic field of mobile app development, the agility and freedom offered to developers can significantly dictate the pace of innovation and user satisfaction. Apple's certificate signing process, a legacy from an earlier era of computing, starkly contrasts with more modern approaches, particularly Android's Keystore system. This article delves into the cumbersome nature of Apple's approach, arguing that its outdated and proprietary methods hinder the development process and stifle innovation. The Burdensome Nature of Apple's Certificate Signing Proprietary Restrictions: Apple's certificate signing is not just a process; it's a gatekeeper. By forcing developers to go through its own system to obtain certificates, Apple maintains a tight grip on what gets published and updated. This closed ecosystem approach reflects a dated philosophy in an age where flexibility and openness are key drivers of technological advancement. Complex and Time-Consuming: The process to acquire and maintain a valid certificate for app signing is notoriously intricate and bureaucratic. Developers must navigate a maze of procedures including certificate requests, renewals, and provisioning profiles. Each step is a potential roadblock, delaying urgent updates and bug fixes, which can be crucial for user retention and satisfaction. Lack of Autonomy: Apple's centralized control means every application must be signed under the stringent watch of its guidelines. This lack of autonomy not only slows down the release cycle but also curbs developers' creative processes, as they must often compromise on innovative features to meet Apple's strict approval standards. Comparing Android’s Keystore System Developer-Friendly: In stark contrast, Android’s Keystore system empowers developers by allowing them to manage their cryptographic keys independently. This system supports a more intuitive setup where keys can be generated and stored within the Android environment, bypassing the need for any external approval. Speed and Flexibility: Android developers can use the same key across multiple applications and decide their expiration terms, which can be set to never expire. This flexibility facilitates a quicker development process, enabling developers to push updates and new features with minimal delay. The Impact on the Developer Ecosystem Innovation Stifling: Apple's outdated certificate signing process does not just affect the technical side of app development but also impacts the broader ecosystem. It places unnecessary hurdles in front of developers, particularly small developers who may lack the resources to frequently manage certificate renewals and navigate Apple’s rigorous approval process. Market Response: The market has shown a preference for platforms that offer more freedom and less bureaucratic interference. Android's growing market share in many regions can be partially attributed to its more developer-friendly environment, which directly contrasts with Apple's tightly controlled ecosystem. Conclusion Apple’s certificate signing method, while ensuring a secure environment, is an archaic relic in today’s fast-paced tech world. It binds developers with outdated, proprietary chains that hinder rapid development and innovation. As the technological landscape evolves towards more open and flexible systems, Apple’s restrictive practices could potentially alienate developers and erode its competitive edge. For Apple to maintain its relevance and appeal among the developer community, a significant overhaul of its certificate signing process is not just beneficial—it's necessary.

I am developing and distributing an XCFramework, and I want to ensure that it remains valid for as long as possible. I have some questions regarding certificate expiration and revocation: I understand that if an XCFramework is signed with a timestamp, it remains valid even after the signing certificate expires. However, if the signing certificate is revoked, the XCFramework immediately becomes unusable. As far as I know, Apple allows a maximum of two active distribution certificates at the same time. I assume that once a certificate expires, it will eventually need to be revoked in order to issue a third certificate. Is this correct? If an expired certificate is later revoked, will the XCFrameworks signed with that certificate also become invalid, even though they were timestamped? I want to ensure that released XCFrameworks remain valid for as long as possible. What is the best approach to achieve this? If anyone has insights or official documentation references on how to manage signing certificates for long-term XCFramework validity, I would appreciate your guidance. Thank you!

i was complete my program, and export a mac app already it work ok in my macmini, but if i want send it to app store, that i have no way now i still do not know how to make this app perfect like, when i use pyinstaller to build this app, is there any info or elements need make with? i can sign my app now, even i use codesign -dvvv my.app to check the sign, it is also ok, there no any feedback said it anything wrong. so, any master know fix app sign or any infoplist please tech me... help

Hi Developer Community, I'm encountering persistent code signing failures on macOS Sonoma 15.3 with a valid Developer ID Application certificate. The error occurs consistently across multiple certificate regenerations and various troubleshooting approaches. Environment macOS Version: Sonoma 15.3 Developer Account Type: Developer ID Certificate Type: Developer ID Application Certificate Details: Developer ID Application certificate valid until 2027 Using SHA-256 with RSA Encryption Certificate shows as valid in Keychain Access with associated private key Error Message Warning: unable to build chain to self-signed root for signer "Developer ID Application: [my certificate]" [filename]: errSecInternalComponent Steps to Reproduce Install certificate chain in order: Apple Root CA (System keychain) Apple WWDR CA (System keychain) Developer ID CA (System keychain) Developer ID Application certificate (Login keychain) Verify certificate installation: security find-identity -v -p codesigning Result shows valid identity. Attempt code signing with any binary: codesign -s "Developer ID Application: [my certificate]" -f --timestamp --options runtime [filename] Results in errSecInternalComponent error Troubleshooting Already Attempted Regenerated Developer ID Application certificate multiple times from Developer Portal Completely removed and reinstalled entire certificate chain Verified trust settings on all certificates (set to "Always Trust" for code signing) Tried multiple codesign command variations including --no-strict flag Verified keychain integrity Installed latest Apple CA certificates from apple.com/certificateauthority Verified certificate chain is properly recognized by security verify-cert Additional Information All certificates show as valid in Keychain Access Private key is properly associated with Developer ID Application certificate Trust settings are correctly configured for all certificates in the chain Problem persists after clean certificate installations Error occurs with any binary I try to sign Has anyone else encountered this issue on Sonoma 15.3? Any suggestions for resolving this system-level certificate trust chain issue would be greatly appreciated. Thanks in advance!

Hi everyone, I am doing my app playground, when I change the development team or try to clear it, this bug happend? So I wonder do I have to remove it when I submit my work or just leave it there. Signing for "myapp" requires a development team. Select a development team in the Signing & Capabilities editor.