Hi! We are trying to request the SensorKit entitlement (com.apple.developer.sensorkit.reader.allow) for a research app we’re working on. When we go to Apple Developer → Certificates, Identifiers & Profiles → Identifiers, we see the SensorKit capability listed under "Capability Requests", but: There’s no form or button to submit the request, unlike with other capabilities. We tested this using an Account Holder role, and also tried requesting other capabilities — which do show the form correctly, so this seems to be an issue specific to SensorKit. We’d appreciate any guidance on: Whether this is a known issue with the SensorKit request flow. If there’s an alternative way to request this capability while the form is unavailable. Thanks in advance!

I am trying to set up code signing for my macOS/Tauri app and I’m running into a problem with my Developer ID Application certificate in Keychain Access. Steps I followed: Generated a CSR on my Mac using Keychain Access → Certificate Assistant → Request a Certificate From a Certificate Authority. Uploaded the CSR to the Apple Developer portal. Downloaded the resulting .cer file and installed it in my login Keychain. The certificate appears under All Items, but it does not show under My Certificates, and there is no private key attached. What I expected: The certificate should pair with the private key created during CSR generation and show under My Certificates, allowing me to export a .p12 file. What I’ve tried so far: Verified that the WWDR Intermediate Certificate is installed. Ensured I’m on the same Mac and same login Keychain where I created the CSR. Revoked and regenerated the certificate multiple times. Tried importing into both login and system Keychains. Problem: The certificate never links with the private key and therefore cannot be used for signing. Has anyone experienced this issue or knows why the certificate would fail to pair with the private key in Keychain Access? Any workaround or fix would be greatly appreciated.

Hi, I am experiencing an issue where Xcode displays a "Provisioning profile doesn't support the capability" error for the User Assigned Device Name capability, despite it being approved by Apple and visible in our provisioning profile on the Developer Portal. Background We have completed and submitted the required capability request form to Apple for the User Assigned Device Name capability and received approval. The capability appears correctly in our provisioning profile on the Apple Developer Portal and shows among the enabled capabilities alongside other standard capabilities like In-App Purchase and Push Notifications. Issue However, Xcode consistently displays the error message when trying to enable the User Assigned Device Name capability in our project settings, preventing successful builds with this functionality. Troubleshooting Steps Attempted We have tried multiple troubleshooting steps including: Regenerating provisioning profiles Performing clean builds Clearing DerivedData Manually installing profiles Adding the com.apple.developer.device-information.user-assigned-device-name entitlement manually to our entitlements file Toggling automatic signing on and off Environment Details Xcode Version: 16.4 (16F6) iOS Deployment Target: iOS 13 Profile Type: Distribution provisioning profile Capability: User Assigned Device Name Despite the capability being approved by Apple and visible in our provisioning profile, Xcode does not recognize it. This appears to be a synchronization issue between the Apple Developer Portal and Xcode's capability validation system. Has anyone encountered similar issues with recently approved capabilities, specifically the User Assigned Device Name capability? Could you please provide guidance on how to resolve this capability recognition issue? Any suggestions for resolving this discrepancy between the Developer Portal and Xcode would be greatly appreciated.

New to working with xcode and building apps. I started last weekend, and deploying to my usb connected iPhone 16 was working great all week. Yesterday, I upgraded to a paid developer account to start using TestFlight, and I could no longer deploy to my phone. Failed to install embedded profile for com.spred.spred-alpha : 0xe800801a (This provisioning profile does not have a valid signature (or it has a valid, but untrusted signature).) i using automatic provisioning - not a custom provisioning profile. i have tried: deleting all the certificates in keychain for my developer account and recreating them, and also doing the same in the developer portal. logging out and logging back in with my developer id in xcode deleting the app bundle directory and all other associated files in the Xcode/DerivedData directory reinstalling Xcode cleaning my build directory and trying again. changing the bundle identifier to a new name. (It always matches the portal app name) Among other things. It just won’t work. I can run the app inn a simulator, but not get it deployed to my phone. what else can I do? The only things I can think of are that somehow Xcode is still stuck using the free account somehow, or that the free account cert originally used expired after 7 days, and now I’m in some stuck state.

I am able to sign my application when logged in to the machine, however when build is running in CI (Jenkins), I get this: "Warning: unable to build chain to self-signed root for signer.." We just renewed or certificates, so I am not sure about previous procedure, but it used to work without temporary keychain and stuff, I believe. What should be the recommended way to sign an application on CI? What keychain should we use? system? temporary? other method? Thanks, Itay

I am a complete novice and I find that I cannot restore or delete the “Apple Development” certificate (I only use it for signing). From what I understand, you need to be in a program to manage certificates, but I have no intention of distributing any applications and, from my point of view, it makes no sense to pay. Am I wrong or am I doing something wrong? Notes: This happened after I installed Tahoe on a new installation. I was able to restore it using a copy of the keychains folder I had from Sequoia. Xcode (Apple Accounts - Manage Certificates) now shows me two certificates, indicating that one is not in the keychain and cannot be deleted.

I have two certificates in my Accounts>Manage Certificates section. One is active, the other is greyed out with a status of "Not in Keychain". I only have ONE certificate in the developer account online. Timeline: Had an issue with fastlane codesigning and was trying to resolve that. In that attempt I deleted my related Certificates from my keychain Xcode showed them as disabled (greyed out) and not in Keychain. Look up how to resolve, need to revoke certificates in Developer account online. I go and revoke those certificates. Nothing changes I create new certificate and try to add it to xcode>account>certificate managment>"Apple Development". Get an error saying I can't add a new can't do that because a certificate is already pending. I waited a day because I assumed like somethings with apple, updates are not immediate. I come back the next day and am able to add a new certificate. However, the previous one that is greyed out and reads "Not in Keychain" under Status, is still there. How do I remove that "Not in Keychain" certificate? I emailed developer support and they directed me here.

Hi, hoping someone can help here. I recently updated my Mac to macOS 15 (Tahoe) and am using Xcode 15+ (possibly 16). I’m working on a Flutter app and testing on a real iPhone device. Here's the situation: I’m using the free Apple Developer account. My signing certificate and provisioning profile both show as valid and active in Keychain and says "signing..." in Xcode. When I build and run the app from Xcode, it works completely fine on a simulator. But when I try to run the same project from VS Code using flutter run, whether on an simulator phone or my personal iphone, I get a code signing error, specifically: Failed to codesign Flutter.framework with identity... I believe the app is set to use the correct Team ID because it says my name and (team) (my team ID isBDKUKWVRBY), and I can see my certificate in Keychain under "My Certificates". What I’ve already tried: flutter clean pod install / pod update Manually selecting my team in Xcode Signing settings Restarting my machine and VS Code Confirming the same project builds on other machines Verified provisioning profile is assigned to the project in Xcode deleting and recreating a certificate I have even had AI inside VS code take a shot at it and that couldn't fix either My question: Why would VS Code / Flutter not be able to use the same certificate and signing setup that works in Xcode? Is this an issue with Flutter tooling on macOS 15, or do I need to reconfigure signing differently now? Any suggestions or fixes would be greatly appreciated!

I’m running into an issue where the com.apple.developer.storekit entitlement is not being included in provisioning profiles, even though my App ID is properly configured for In-App Purchase. Entitlements file: explicitly includes <key>com.apple.developer.storekit</key> <true/> Capability: In-App Purchase is enabled in the Apple Developer Portal and shows as “Enabled.” What I’ve tried: Automatic signing in Xcode → profiles generated, but missing com.apple.developer.storekit Manual signing → deleted and recreated provisioning profiles multiple times; entitlement still missing. Waited several hours for possible propagation. Verified that my in-app purchase products are set up correctly. Error message: Provisioning profile "iOS Team Provisioning Profile: zu.inniu" doesn't include the com.apple.developer.storekit entitlement Question: Has anyone else encountered this? Is there a step I might be missing to get StoreKit entitlements included in provisioning profiles, or could this be a backend issue that needs escalation through Apple DTS? This is blocking me from building my app for physical devices, so any guidance would be greatly appreciated. Thanks in advance!

I have certificates in my xcode>settings>account>manage certificates that I cannot get rid of. I know that they are linked to certificates in developer.apple.com but I've removed them from there and they persist in xcode. I have one that says "Not in Keychain", which is true. I deleted all the keychains related to these accounts in an attempt to fix something. I also have ones that say things like "Missing Private key" Our setup is that we have one main account "Company Inc." which I am setup to be an Admin in. I created a certificate under my credentials and added it to my keychain and showed up properly in xcode but I still have the other ones. HOW DO I REMOVE THEM :sob:

I'm trying to sign a .app package coming from Py2app. Unfortunately I keep running into the same two issues: The binary is not signed with a valid Developer ID certificate. and The signature does not include a secure timestamp. I tried everything, from recreating the signatures, with different arguments, different keys and certificates, but it keeps complaining with these two errors on a long list of files. For reference I added the python script I use for signing the files. code_singing.py

Dear Apple Developer Support, I am experiencing a critical issue with Developer ID certificates issued for Turkish (C=TR) developer accounts that prevents code signing on macOS. Issue Summary All Turkish Developer ID certificates issued on October 4, 2025, contain an Apple proprietary extension (OID 1.2.840.113635.100.6.1.13) marked as "critical" that both OpenSSL and codesign cannot handle. Technical Details Team ID: 4B529G53AG Certificate Country: TR (Turkey) Issue Date: October 4, 2025 macOS Version: 15.6.1 (24G90) Problematic Extension OID: 1.2.840.113635.100.6.1.13 (marked as critical) Evidence I have verified this issue across THREE different Turkish Developer ID certificates: Serial: 21F90A51423BA96F74F23629AD48C4B1 Serial: 461CBAF05C9EDE6E Serial: 184B6C2222DB76A376C248EC1E5A9575 All three certificates contain the same critical extension. Error Messages OpenSSL: error 34 at 0 depth lookup: unhandled critical extension Codesign: unable to build chain to self-signed root for signer errSecInternalComponent Comparison with Working Certificate My previous Developer ID certificate from Singapore (before revocation) worked perfectly and did NOT contain this critical extension. This confirms the issue is specific to Turkish certificates. Impact Cannot sign applications for distribution, which blocks: DMG signing for distribution Notarization process App distribution to users Questions What is the purpose of OID 1.2.840.113635.100.6.1.13? Why is it marked as critical only for Turkish certificates? Is this related to Turkish regulatory requirements? Can you issue a certificate without this critical extension? Is there a macOS update planned to support this extension? Request Please either: Issue a Developer ID certificate without the critical extension OID 1.2.840.113635.100.6.1.13 Provide a workaround for signing with current Turkish certificates Update the codesign tool to handle this extension This appears to be a systematic issue affecting all Turkish developers as of October 2025. Thank you for your urgent attention to this matter. Best regards,

Hello everyone, I'm facing a critical, blocking issue where my developer account (Team ID: K655PX7A46) is unable to generate a valid provisioning profile with the App Attest entitlement. I have confirmed this is a server-side issue and am hoping to get visibility from an Apple engineer who can investigate. The Problem: When I generate a provisioning profile for an App ID with the "App Attest" capability enabled, the resulting profile is defective. It is missing the required com.apple.developer.app-attest.environment key in its entitlements dictionary, causing Xcode to fail the build. What I Have Proven: The issue is not a misconfiguration. The App Attest capability is correctly enabled and saved on the App ID configuration page. The issue is not isolated to one App ID. I created a brand new App ID from scratch, enabled the capability during creation, and the server still generates a defective profile with the same missing entitlement. I have definitive proof by inspecting the downloaded .mobileprovision file. The contents confirm the required key is missing. Steps to Reproduce on My Account: Create a new App ID on the Developer Portal. Enable the "App Attest" capability and save. Generate a new "iOS App Development" provisioning profile for this App ID. Download the profile and inspect its contents via security cms -D -i [profile]. Observe that the com.apple.developer.app-attest.environment key is missing. The Evidence (Contents of the Defective Profile): Here is the output from inspecting the profile for a brand new App ID (com.technology519.linksi.app2). As you can see, the correct entitlement is missing, and an incorrect devicecheck entitlement is present instead. This is a critical bug in the provisioning profile generation service for my account that is blocking all development. I have already filed a support ticket (Case #102721408444) but have so far only received generic, unhelpful responses. Can an Apple engineer please investigate this server-side issue with my account? Thank you.

Hello, my iOS apps are exiting right after launch on a few of our iOS devices. I tried a couple of my apps that are deployed to our fleet and they do the same thing. If I run the app(s) in the Simulator it works fine and if I run the app(s) on the offending devices it works fine as well. Once I stop the run in Xcode the app on the device will not launch. I'm thinking something is missing like a certificate etc. Just not sure. Any ideas on how to troubleshoot this? I would really like to get this fixed.

I'm unable to sign the an example application using xcode and "automatically manage signing". The error I'm getting is: CodeSign [...] (in target 'foobar' from project 'foobar') Signing Identity: "Apple Development: [xxxx] " /usr/bin/codesign --force --sign 4ABB258102FF656E9F597546A49274C28D2B8B3E -o runtime --timestamp\=none --generate-entitlement-der [filename] 4ABB258102FF656E9F597546A49274C28D2B8B3E: no identity found Command CodeSign failed with a nonzero exit code However, I am able to see a certificate and a private identity on my keychain: % security find-certificate -aZ | grep -i 4ABB258102FF656E9F597546A49274C28D2B8B3E SHA-1 hash: 4ABB258102FF656E9F597546A49274C28D2B8B3E and % security find-key -s | grep -q 'Apple Development' && echo YES YES what is puzzling is that security does not find an identity: % security find-identity -p codesigning Policy: Code Signing Matching identities 0 identities found Valid identities only 0 valid identities found but XCode claims that everything is working fine. Anybody knows what might I be missing? I tried logging out, requesting new certificates, rebooting, moving them to another keychain, and asking to developer friends.

Hi everyone, We're trying to prepare a DriverKit App for a client test, and we've run into an unavoidable signing conflict that seems to be caused by the Xcode Archive process itself. Background & Environment: Environment: macOS 15.6.1, Xcode 16.4 Our project consists of a main App Target and a DEXT Target. Both the Debug and Release configurations for both targets are set to Xcode's default: Automatically manage signing. Our developer account holds a valid, active Developer ID Application (With Kext) certificate, which we use for signing our legacy KEXT. The Action That Triggers Failure: From this clean state, we execute Product -> Archive. The Archive process fails during the signing validation phase and presents the following three errors, completely halting the process: There is a problem with the request entity - You already have a current Developer ID Application Managed (With Kext) certificate... No profiles for 'com.company.Acxxx.driver' were found... No profiles for 'com.company.Acxxx.app' were found... This error seems to indicate that the Xcode Archive process: Ignores the project's Release configuration (even the default 'Auto' setting). Attempts to automatically create a new, standard Developer ID certificate for us. This action conflicts with the existing (With Kext) certificate in our account, causing the entire Archive process to fail. The "Failed Experiment" to Resolve This: To work around this automation conflict, we tried the solution: configuring a fully manual signing process for the Release configuration to explicitly tell Xcode to use our existing KEXT certificate. Our Steps: We disabled automatic signing for both the App and DEXT targets for the Release configuration and manually assigned the Developer ID Provisioning Profiles created for our Developer ID (With Kext) certificate. The New Problem: After doing this, the Signing Certificate field for the DEXT Target's Signing & Capabilities interface now shows None, accompanied by the misleading warning about needing a DriverKit development profile. The Outcome: This None issue now prevents us from even starting the Archive process, as the project fails to build due to the incorrect signing configuration. We've tried every debugging step — including rebuilding profiles, validating the keychain, and clearing caches — but nothing resolves this None issue. Our Dilemma: State A (Fully Automatic Signing): The Archive process fails due to the KEXT certificate conflict. State B (Manual Release Signing): The project fails to build due to the Signing Certificate: None issue, preventing us from initiating an Archive. For a development team holding a KEXT Developer ID certificate, how should an Xcode project be configured when migrating to DriverKit, so that the Archive process: Does not trigger the flawed automation logic that attempts to create a new certificate? And, does not fall into the Signing Certificate: None configuration trap? Related Forum Threads We've Studied: https://developer.apple.com/forums/thread/781932 https://developer.apple.com/forums/thread/751490 https://developer.apple.com/forums/thread/767152 https://developer.apple.com/forums/thread/721563 Best Reagrds, Charles

Hi everyone, I am trying to generate an .ipa file for my .NET MAUI (net9.0-ios) application, but every attempt fails with the same codesigning error. I have tried multiple approaches, including building from Windows paired to macOS, and directly building through the macOS terminal, but nothing is working. Below are the exact steps I followed: Steps I Performed 1.>Generated the Apple Development certificate using Keychain Access on macOS. 2.>Added that certificate into my developer account and created the corresponding provisioning profile. 3.>Created an App ID, attached the App ID to the provisioning profile, and downloaded it. 4.>Added the provisioning profile into Xcode. Verified that the certificate is correctly visible in Keychain Access (private key available). Attempted to build/publish the MAUI app to generate the .ipa file. Issue Whenever I run the publish command or build via Windows/macOS, codesigning fails with the following error: /usr/bin/codesign exited with code 1: Frameworks/libSkiaSharp.framework: replacing existing signature Warning: unable to build chain to self-signed root for signer "Apple Development: Created via API (8388XAA3RT)" Frameworks/libSkiaSharp.framework: errSecInternalComponent Failed to codesign 'PCS_EmpApp.app/Frameworks/libSkiaSharp.framework': Warning: unable to build chain to self-signed root for signer "Apple Development: Created via API (8388XAA3RT)" PCS_EmpApp.app: errSecInternalComponent Build failed with 4 error(s) and 509 warning(s) Environment .NET: 9.0 MAUI: latest tools Xcode: 26.0.1 macOS: 26.0.1 Building for ios-arm64 (device) What I suspect It looks like the signer certificate might not be trusted, or the certificate chain cannot connect to an Apple root CA. But the certificate was created using the Developer website and appears valid. Need Help With Why is codesign unable to build the certificate chain? Do I need a different type of certificate? (App Store / Distribution vs Development?) How can I successfully generate the .ipa file? Any guidance will be greatly appreciated. Thank you!

I can create an ipa file with vs using the wildcard bundle identifier but this is rejected by apple when I upload with the Transporter app saying invalid identifier and no distribution profile/certificate. When I create a new distribution profile with the correct XC identifier and distribution certificate and try to archive with visual studio publish says the bundle id is not a match for the distribution profile with iOS? This is a net 10 net maui project and my first build attempt

I'm starting a new project in Xcode, but the Team ID in the "Signing and Capabilities" section for iOS is different from the one on the website. Is this a problem? Why does Xcode automatically send a different ID when signing?

How should certificates and notarization be configured for a desktop application developed with Electron so that it can be used properly? The software is distributed via website download.