• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: How to Install Apple Development Certificates (CAs)?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How to Install Apple Development Certificates (CAs)?

  • Subject: Re: How to Install Apple Development Certificates (CAs)?
  • From: Jeffrey Walton <email@hidden>
  • Date: Tue, 14 May 2013 09:51:56 -0400
The problem appears to be the Apple Worldwide Developer Relations
Certification Authority. It requires more than Basic Constraints and
Code Signing.

Considering Apple's CPS on WWDR
(http://www.apple.com/certificateauthority/Apple_WWDR_CPS) provides no
warranty and claims its not fit for any use (see Section 2.4), it
might be a good idea to fix whatever's broken here. There's no reason
to allow the development certificate to be used for SSL/TLS, iChat,
S/MIME, IPSec, etc.

Radar 13856278; OpenRadar http://openradar.appspot.com/radar?id=3011403

Jeff

On Thu, May 9, 2013 at 9:18 PM, Jeffrey Walton <email@hidden> wrote:
> Hi All,
>
> This has been bothering me for some time, and I want to try and track
> it down.....
>
> With a developer account, there are a number of CAs required for code
> signing. Its looks like 4, 5, or 6 are required from
> http://www.apple.com/certificateauthority/. I have four installed:
>
>   * Apple Code Signing Certification Authority
>       - exp FEB 2015
>   * Apple Root CA
>       - exp FEB 2035
>   * Apple Timestamp Certification Authority
>       - exp APR 2027
>   * Apple Worldwide Developer Relations Certification Authority
>       - exp FEB 2016
>   * Developer ID Certification Authority
>       - exp FEB 2027
>
> The above CAs are installed in the System Keychain *and* enforce X.509
> basic constraints. In addition, I've set all (except Timestamp) to
> allow "Code Signing"; and Timestamp to allow "Time Stamping". The
> developer certificates are in my keychain.
>
> When I run under the emulator, everything is OK. When I run on a
> device, I receive the following error:
>
> .../DerivedData/XXX-YYY/Build/Products/Debug-iphoneos/XXX.app:
> CSSMERR_TP_NOT_TRUSTED
> Command /usr/bin/codesign failed with exit code 1
>
> If I allow the CAs to enjoy "Use System Defaults" (I'm assuming this
> means "do whatever you want and however you like"), then code signing
> works.
>
> Would anyone know how I can determine which certificate is not trusted?
>
> Or perhaps something else?
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >How to Install Apple Development Certificates (CAs)? (From: Jeffrey Walton <email@hidden>)

  • Prev by Date: Re: Xcode showing Products in red
  • Next by Date: App slowed down going from Xcode 3.2.6 to 4.2
  • Previous by thread: How to Install Apple Development Certificates (CAs)?
  • Next by thread: instruments stall
  • Index(es):
    • Date
    • Thread