Hello,
I have created multiple Developer ID Application and Developer ID Installer certificates across different Apple OS versions without keeping the Certificate Signing Requests (CSR).
As I’m not very experienced with Apple’s system, I made this mistake and now I am unable to create new certificates because I have reached the maximum number of certificates allowed.
I develop software based on Electron and have been building and signing my applications with electron-builder, integrating the app signing needed to submit the app to the Apple Store via Transporter.
Here is the relevant portion of my package.json build config:
"mac": {
"appId": "com.nome_app.ext",
"type": "distribution",
"target": [
"mas"
],
"artifactName": "name_app.${ext}",
"category": "public.app-category.utilities",
"provisioningProfile": "build/prov_prof_mac_name_app.provisionprofile"
},
"mas": {
"appId": "com.name_app.ravia",
"hardenedRuntime": false,
"type": "distribution",
"gatekeeperAssess": true,
"artifactName": "name_app.${ext}",
"category": "public.app-category.utilities",
"entitlements": "build/entitlements.mas.plist",
"extendInfo": {
"NSMicrophoneUsageDescription": "This app requires microphone access.",
"NSCameraUsageDescription": "This app requires webcam access."
},
"entitlementsInherit": "build/entitlements.mas.inherit.plist"
}
}
Currently, I have recreated the Mac Developer Application and Mac Developer Installer certificates, but without valid Developer ID Installer and Developer ID Application certificates, I always get this error during build: `skipped macOS application code signing reason=cannot find valid "Developer ID Application" identity or custom non-Apple code signing certificate, it could cause some undefined behaviour, e.g. macOS localized description not visible, see https://electron.build/code-signing allIdentities=
- 718241A413826C6A97E2062EAEC155BEF5330CCA "iPhone Distribution: RAVIA SOFTWARE DI VILLANOVA DOMENICO ANTONIO (T9UD6J5HXZ)" (CSSMERR_TP_NOT_TRUSTED)
- 60B360CCE27FE915799FAE7C8E6A16962F2DE9B0 "3rd Party Mac Developer Installer: RAVIA SOFTWARE DI VILLANOVA DOMENICO ANTONIO (T9UD6J5HXZ)" (CSSMERR_TP_NOT_TRUSTED)
- 4518A8CE3BAC4F27B09D654DA14F52FBE15A0A85 "3rd Party Mac Developer Application: RAVIA SOFTWARE DI VILLANOVA DOMENICO ANTONIO (T9UD6J5HXZ)" (CSSMERR_TP_NOT_TRUSTED)
- ... (additional identities with CSSMERR_TP_NOT_TRUSTED)
Valid identities only:
- 718241A413826C6A97E2062EAEC155BEF5330CCA "iPhone Distribution: RAVIA SOFTWARE DI VILLANOVA DOMENICO ANTONIO (T9UD6J5HXZ)" (CSSMERR_TP_NOT_TRUSTED)
... • signing file=dist/mas/Studio Medico Specialistico.app platform=mas type=distribution identityName=3rd Party Mac Developer Application: RAVIA SOFTWARE DI VILLANOVA DOMENICO ANTONIO (T9UD6J5HXZ) identityHash=4518A8CE3BAC4F27B09D654DA14F52FBE15A0A85 provisioningProfile=build/prov_prof_mac_studiomedicospecialistico.provisionprofile • Command failed multiple times: codesign --sign "3rd Party Mac Developer Application: RAVIA SOFTWARE DI VILLANOVA DOMENICO ANTONIO (T9UD6J5HXZ)" --force --timestamp --entitlements build/entitlements.mas.inherit.plist /path/to/app/Contents/Frameworks/Electron Framework.framework/Versions/A/Resources/af.lproj/locale.pak
Warning: unable to build chain to self-signed root for signer "3rd Party Mac Developer Application: RAVIA SOFTWARE DI VILLANOVA DOMENICO ANTONIO (T9UD6J5HXZ)" Error: errSecInternalComponent
From my understanding, the system cannot find a valid Developer ID Application identity for signing. The existing certificates all show the CSSMERR_TP_NOT_TRUSTED error and the signing command fails with errSecInternalComponent.
**I have confirmed that the certificates are installed in my keychain, but they may be missing private keys or not fully trusted.
Is there a possibility to reset my Apple Developer account’s Developer ID Application and Developer ID Installer certificates, so I can start fresh and generate new valid certificates?
Could you please advise on how to proceed or if there is any way to clear the current certificate limit?**
Thank you very much for your help.
Developer ID signing identities are precious. You have to manage them carefully because, as you’ve discovered, there’s a limit to how many you can create. I have a bunch of hints and tips about this in The Care and Feeding of Developer ID.
Is there a possibility to reset my Apple Developer account’s Developer ID Application and Developer ID Installer certificates, so I can start fresh and generate new valid certificates?
There’s no standard process for doing that. My advice is that you try really hard to recover your existing Developer ID signing identities. The above-mentioned post has lots of advice on how to approach that.
The existing certificates all show the CSSMERR_TP_NOT_TRUSTED error and the signing command fails with errSecInternalComponent.
This is a different issue, one that I discuss in Resolving errSecInternalComponent errors during code signing and the related Fixing an untrusted code signing certificate. If you’re getting to this point it’s likely that you will be able to recover your Developer ID signing identities, which is good news.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"