I have certificates in my xcode>settings>account>manage certificates that I cannot get rid of. I know that they are linked to certificates in developer.apple.com but I've removed them from there and they persist in xcode. I have one that says "Not in Keychain", which is true. I deleted all the keychains related to these accounts in an attempt to fix something. I also have ones that say things like "Missing Private key" Our setup is that we have one main account "Company Inc." which I am setup to be an Admin in. I created a certificate under my credentials and added it to my keychain and showed up properly in xcode but I still have the other ones. HOW DO I REMOVE THEM :sob:

I'm trying to sign a .app package coming from Py2app. Unfortunately I keep running into the same two issues: The binary is not signed with a valid Developer ID certificate. and The signature does not include a secure timestamp. I tried everything, from recreating the signatures, with different arguments, different keys and certificates, but it keeps complaining with these two errors on a long list of files. For reference I added the python script I use for signing the files. code_singing.py

Dear Apple Developer Support, I am experiencing a critical issue with Developer ID certificates issued for Turkish (C=TR) developer accounts that prevents code signing on macOS. Issue Summary All Turkish Developer ID certificates issued on October 4, 2025, contain an Apple proprietary extension (OID 1.2.840.113635.100.6.1.13) marked as "critical" that both OpenSSL and codesign cannot handle. Technical Details Team ID: 4B529G53AG Certificate Country: TR (Turkey) Issue Date: October 4, 2025 macOS Version: 15.6.1 (24G90) Problematic Extension OID: 1.2.840.113635.100.6.1.13 (marked as critical) Evidence I have verified this issue across THREE different Turkish Developer ID certificates: Serial: 21F90A51423BA96F74F23629AD48C4B1 Serial: 461CBAF05C9EDE6E Serial: 184B6C2222DB76A376C248EC1E5A9575 All three certificates contain the same critical extension. Error Messages OpenSSL: error 34 at 0 depth lookup: unhandled critical extension Codesign: unable to build chain to self-signed root for signer errSecInternalComponent Comparison with Working Certificate My previous Developer ID certificate from Singapore (before revocation) worked perfectly and did NOT contain this critical extension. This confirms the issue is specific to Turkish certificates. Impact Cannot sign applications for distribution, which blocks: DMG signing for distribution Notarization process App distribution to users Questions What is the purpose of OID 1.2.840.113635.100.6.1.13? Why is it marked as critical only for Turkish certificates? Is this related to Turkish regulatory requirements? Can you issue a certificate without this critical extension? Is there a macOS update planned to support this extension? Request Please either: Issue a Developer ID certificate without the critical extension OID 1.2.840.113635.100.6.1.13 Provide a workaround for signing with current Turkish certificates Update the codesign tool to handle this extension This appears to be a systematic issue affecting all Turkish developers as of October 2025. Thank you for your urgent attention to this matter. Best regards,

Hello everyone, I'm facing a critical, blocking issue where my developer account (Team ID: K655PX7A46) is unable to generate a valid provisioning profile with the App Attest entitlement. I have confirmed this is a server-side issue and am hoping to get visibility from an Apple engineer who can investigate. The Problem: When I generate a provisioning profile for an App ID with the "App Attest" capability enabled, the resulting profile is defective. It is missing the required com.apple.developer.app-attest.environment key in its entitlements dictionary, causing Xcode to fail the build. What I Have Proven: The issue is not a misconfiguration. The App Attest capability is correctly enabled and saved on the App ID configuration page. The issue is not isolated to one App ID. I created a brand new App ID from scratch, enabled the capability during creation, and the server still generates a defective profile with the same missing entitlement. I have definitive proof by inspecting the downloaded .mobileprovision file. The contents confirm the required key is missing. Steps to Reproduce on My Account: Create a new App ID on the Developer Portal. Enable the "App Attest" capability and save. Generate a new "iOS App Development" provisioning profile for this App ID. Download the profile and inspect its contents via security cms -D -i [profile]. Observe that the com.apple.developer.app-attest.environment key is missing. The Evidence (Contents of the Defective Profile): Here is the output from inspecting the profile for a brand new App ID (com.technology519.linksi.app2). As you can see, the correct entitlement is missing, and an incorrect devicecheck entitlement is present instead. This is a critical bug in the provisioning profile generation service for my account that is blocking all development. I have already filed a support ticket (Case #102721408444) but have so far only received generic, unhelpful responses. Can an Apple engineer please investigate this server-side issue with my account? Thank you.

Hello, my iOS apps are exiting right after launch on a few of our iOS devices. I tried a couple of my apps that are deployed to our fleet and they do the same thing. If I run the app(s) in the Simulator it works fine and if I run the app(s) on the offending devices it works fine as well. Once I stop the run in Xcode the app on the device will not launch. I'm thinking something is missing like a certificate etc. Just not sure. Any ideas on how to troubleshoot this? I would really like to get this fixed.

I'm unable to sign the an example application using xcode and "automatically manage signing". The error I'm getting is: CodeSign [...] (in target 'foobar' from project 'foobar') Signing Identity: "Apple Development: [xxxx] " /usr/bin/codesign --force --sign 4ABB258102FF656E9F597546A49274C28D2B8B3E -o runtime --timestamp\=none --generate-entitlement-der [filename] 4ABB258102FF656E9F597546A49274C28D2B8B3E: no identity found Command CodeSign failed with a nonzero exit code However, I am able to see a certificate and a private identity on my keychain: % security find-certificate -aZ | grep -i 4ABB258102FF656E9F597546A49274C28D2B8B3E SHA-1 hash: 4ABB258102FF656E9F597546A49274C28D2B8B3E and % security find-key -s | grep -q 'Apple Development' && echo YES YES what is puzzling is that security does not find an identity: % security find-identity -p codesigning Policy: Code Signing Matching identities 0 identities found Valid identities only 0 valid identities found but XCode claims that everything is working fine. Anybody knows what might I be missing? I tried logging out, requesting new certificates, rebooting, moving them to another keychain, and asking to developer friends.

Hi everyone, We're trying to prepare a DriverKit App for a client test, and we've run into an unavoidable signing conflict that seems to be caused by the Xcode Archive process itself. Background & Environment: Environment: macOS 15.6.1, Xcode 16.4 Our project consists of a main App Target and a DEXT Target. Both the Debug and Release configurations for both targets are set to Xcode's default: Automatically manage signing. Our developer account holds a valid, active Developer ID Application (With Kext) certificate, which we use for signing our legacy KEXT. The Action That Triggers Failure: From this clean state, we execute Product -> Archive. The Archive process fails during the signing validation phase and presents the following three errors, completely halting the process: There is a problem with the request entity - You already have a current Developer ID Application Managed (With Kext) certificate... No profiles for 'com.company.Acxxx.driver' were found... No profiles for 'com.company.Acxxx.app' were found... This error seems to indicate that the Xcode Archive process: Ignores the project's Release configuration (even the default 'Auto' setting). Attempts to automatically create a new, standard Developer ID certificate for us. This action conflicts with the existing (With Kext) certificate in our account, causing the entire Archive process to fail. The "Failed Experiment" to Resolve This: To work around this automation conflict, we tried the solution: configuring a fully manual signing process for the Release configuration to explicitly tell Xcode to use our existing KEXT certificate. Our Steps: We disabled automatic signing for both the App and DEXT targets for the Release configuration and manually assigned the Developer ID Provisioning Profiles created for our Developer ID (With Kext) certificate. The New Problem: After doing this, the Signing Certificate field for the DEXT Target's Signing & Capabilities interface now shows None, accompanied by the misleading warning about needing a DriverKit development profile. The Outcome: This None issue now prevents us from even starting the Archive process, as the project fails to build due to the incorrect signing configuration. We've tried every debugging step — including rebuilding profiles, validating the keychain, and clearing caches — but nothing resolves this None issue. Our Dilemma: State A (Fully Automatic Signing): The Archive process fails due to the KEXT certificate conflict. State B (Manual Release Signing): The project fails to build due to the Signing Certificate: None issue, preventing us from initiating an Archive. For a development team holding a KEXT Developer ID certificate, how should an Xcode project be configured when migrating to DriverKit, so that the Archive process: Does not trigger the flawed automation logic that attempts to create a new certificate? And, does not fall into the Signing Certificate: None configuration trap? Related Forum Threads We've Studied: https://developer.apple.com/forums/thread/781932 https://developer.apple.com/forums/thread/751490 https://developer.apple.com/forums/thread/767152 https://developer.apple.com/forums/thread/721563 Best Reagrds, Charles

Hi everyone, I am trying to generate an .ipa file for my .NET MAUI (net9.0-ios) application, but every attempt fails with the same codesigning error. I have tried multiple approaches, including building from Windows paired to macOS, and directly building through the macOS terminal, but nothing is working. Below are the exact steps I followed: Steps I Performed 1.>Generated the Apple Development certificate using Keychain Access on macOS. 2.>Added that certificate into my developer account and created the corresponding provisioning profile. 3.>Created an App ID, attached the App ID to the provisioning profile, and downloaded it. 4.>Added the provisioning profile into Xcode. Verified that the certificate is correctly visible in Keychain Access (private key available). Attempted to build/publish the MAUI app to generate the .ipa file. Issue Whenever I run the publish command or build via Windows/macOS, codesigning fails with the following error: /usr/bin/codesign exited with code 1: Frameworks/libSkiaSharp.framework: replacing existing signature Warning: unable to build chain to self-signed root for signer "Apple Development: Created via API (8388XAA3RT)" Frameworks/libSkiaSharp.framework: errSecInternalComponent Failed to codesign 'PCS_EmpApp.app/Frameworks/libSkiaSharp.framework': Warning: unable to build chain to self-signed root for signer "Apple Development: Created via API (8388XAA3RT)" PCS_EmpApp.app: errSecInternalComponent Build failed with 4 error(s) and 509 warning(s) Environment .NET: 9.0 MAUI: latest tools Xcode: 26.0.1 macOS: 26.0.1 Building for ios-arm64 (device) What I suspect It looks like the signer certificate might not be trusted, or the certificate chain cannot connect to an Apple root CA. But the certificate was created using the Developer website and appears valid. Need Help With Why is codesign unable to build the certificate chain? Do I need a different type of certificate? (App Store / Distribution vs Development?) How can I successfully generate the .ipa file? Any guidance will be greatly appreciated. Thank you!

I can create an ipa file with vs using the wildcard bundle identifier but this is rejected by apple when I upload with the Transporter app saying invalid identifier and no distribution profile/certificate. When I create a new distribution profile with the correct XC identifier and distribution certificate and try to archive with visual studio publish says the bundle id is not a match for the distribution profile with iOS? This is a net 10 net maui project and my first build attempt

I'm starting a new project in Xcode, but the Team ID in the "Signing and Capabilities" section for iOS is different from the one on the website. Is this a problem? Why does Xcode automatically send a different ID when signing?

How should certificates and notarization be configured for a desktop application developed with Electron so that it can be used properly? The software is distributed via website download.

Hi everyone, I’m developing an Electron application on macOS and I’m trying to register and activate a macOS System Extension, but I’m running into startup and entitlement issues. 🔧 What I’m trying to build • An Electron app packaged with electron-builder • Signed with Developer ID Application • Notarized using @electron/notarize • A macOS System Extension is already built and signed • The System Extension provides a virtual camera • I wrote a Swift helper that: • Registers / activates the virtual camera • Calls OSSystemExtensionManager • This Swift code is compiled into a .node native addon • The .node module is loaded and called from Electron (Node.js) to trigger system extension registration ❗ The problem When I add the following entitlement: com.apple.developer.system-extension.install the application fails to launch at all on macOS. Without this entitlement: • The app launches normally • But system extension activation fails with: Error Domain=OSSystemExtensionErrorDomain Code=2 Missing entitlement com.apple.developer.system-extension.install With this entitlement: • The app does not launch • No UI is shown • macOS blocks execution silently 🤔 My questions 1. Is it valid for an Electron app’s main executable to have com.apple.developer.system-extension.install? 2. Does Apple require a separate helper / launcher app to install system extensions instead of the Electron main app? 3. Are there any Electron-specific limitations when working with macOS System Extensions? 4. Is there a known working example of Electron + macOS System Extension? 5. Do I need a specific provisioning profile or App ID capability beyond Developer ID + notarization?

The entire 'Certificates, IDs & Profiles' section is missing from developer.apple.com portal for one of the accounts I am a developer for. The Team is also missing from the dropdowns in Xcode in Code Signing. The organization account membership is paid through July 2026, and I do not see that the Account Holder needs to sign any agreements. I am a user on other accounts, and none of them have this issue. Does anyone know what's going on?

Environment: MacBook Air Apple M2 (macOS Tahoe 26.1) Xcode 26.0 (17A324) Automatic signing enabled Feedback ID: FB21537761 Issue: I'm developing a multiplatform app and encountered an automatic signing failure immediately after adding the Keychain capability. Xcode displays the following error: Automatic signing failed Xcode failed to provision this target. Please file a bug report at https://feedbackassistant.apple.com and include the Update Signing report from the Report navigator. Provisioning profile "Mac Team Provisioning Profile: com.xxx. xxx" doesn't include the currently selected device "FIRF‘s MacBook Air" (identifier 00008112-000904CA3441xxxx). What I've Investigated/Tried: Checked the developer account devices and found that the device with identifier 00008112-000904CA3441xxxx is incorrectly labeled as an “iPod” (it is actually my MacBook Air). Attempted to manually enroll the Mac again, but it still appears as an iPod in the device list. Tried creating a provisioning profile manually, but no devices are available for selection in the device list when generating the profile. Question: Has anyone encountered a similar issue where a Mac is misidentified as an iPod in the developer portal, leading to provisioning failures? Any suggestions on how to resolve this or work around the device recognition problem? Thank you in advance for your help.

When attempting to access the (Certificates Identifiers & Profiles) page, I receive the message "Unable to find a team with the given Team ID to which you belong". Even while set as a developer or as an admin I still receive the same message above.

I am a developer with the following roles: Apple Developer Team = admin Using expo & EAS to build & sign = developer We are running a new project so credentials need to be sync'd up. With EAS i can either upload a p12 or use the automatic app signing credentials. I have successfully run this in other projects including another where I am the account owner/holder. For this new project, however, I am not the owner. When I try to "register bundle identifier" it results in: Error: Apple 403 detected - Access forbidden. This request is forbidden for security reasons - You currently don't have access to this membership resource. > eas credentials ✔ Select platform › iOS ✔ Which build profile do you want to configure? › preview ✔ Using build profile: preview If you provide your Apple account credentials we will be able to generate all necessary build credentials and fully validate them. This is optional, but without Apple account access you will need to provide all the missing values manually and we can only run minimal validation on them. ✔ Do you want to log in to your Apple account? … yes › Log in to your Apple Developer account to continue ✔ Apple ID: … myemail@gmail.com › Restoring session /Users/me/.app-store/auth/myemail@gmail.com/cookie ✔ Select a Team › My Project Team - Company/Organization (XXXXX) › Provider My Project Team LLC (XXXXX) ✔ Logged in Local session iOS Credentials Project @team/my-app Bundle Identifier com.teambundle.dev No credentials set up yet! ✔ What do you want to do? › Build Credentials: Manage everything needed to build your project iOS Credentials Project @team/my-app Bundle Identifier com.teambundle.dev No credentials set up yet! ✔ What do you want to do? › All: Set up all the required credentials to build your project ✖ Failed to register bundle identifier com.teambundle.dev Error: Apple 403 detected - Access forbidden. This request is forbidden for security reasons - You currently don't have access to this membership resource. Contact your team's Account Holder, MY MANAGER, or an Admin. Cryptic error? [Learn ](https://github.com/expo/fyi/blob/main/cryptic-error-eas.md) Why am I getting a 403?

We have a command line script that runs xcodebuild to make an archive, then runs xcodebuild again to export the archive to make an ipa, and then runs "altool --validate-app" to check that everything will be fine for a subsequent upload to the app store. This has been working fine for a few years but recently stopped working and we cannot figure out why. The validation fails with this error: ERROR: [altool.105912F20] Validation failed (409) Invalid Provisioning Profile. The provisioning profile included in the com. bundle [Payload/.app] is invalid. [Missing code-signing certificate]. A distribution provisioning profile should be used when uploading apps to App Store Connect. (ID: ) The project is configured with 'Automatically manage signing' unchecked, and the profile was created on developer.apple.com/account/resources/profiles and the matching profile magically appears in the "Provisioning Profile" drop down in Xcode. The profile was created with two certificates checked, but examining the embedded.mobileprovision profile that ends up in the compiled ipa payload it appears to contain 19 certificates (probably all of them for this org?). Is there a way to find out which certificate is missing exactly? And once identified is it a case of adding it to the profile used during compilation to fix this? Ancillary question: why does the embedded.mobileprovision file contain so many certificates, and how does xcodebuild decide which ones it includes there?

Hello! I need help with the following issue. I can't create a provisioning profile. The following error message appears: The following devices are either already present and have not been modified, or they contain invalid identifiers. I'm a beginner and have been struggling with this issue for a month and a half. Any help would be appreciated.

i am creating a app on "appmysite" while it runs its build test an error message pops up saying build failed. "it seems your app build has encountered an issue. the certificate used to generate the uploaded provisioning profile does not match the uploaded certificate." I understand why its saying it because the uploaded certificate had to be uploaded as ".p12". The certificate in the provisioning profile is made of ".cert". I am using a apple mac book and a xenovo windows computer. Im simply trying to figure out how to put the ".p12" certificate into the provisioning profile? whenever i go to my developer account and try to create a new provisioning account with the new ".p12" certificate. The only options that pop up for me to select are only the certificates that are in ".cert" form. I've tried exporting through "key access" and they show up in my files but no way to transfer to my developer account to combine it with a provisioning account. Any help is greatly appreciated, this is literally the only thing keeping my app from being ready for submission to review. ive been stuck on this for 3 days.

My provisioning profile isn't installing when I double-click it on my MacBook. Also no profile on this path ~/Library/MobileDevice/Provisioning Profiles. just empty folder