How do I get myself out of Apple Developer Id Certificate mess
Asked Answered
I

1

1

Disclaimer, I am a Java developer not an Apple developer and therefore only use Apple specific tools very rarely.

I develop a Java application, and as part of my build from the command line I sign it with an Apple Developer Id certificate as follows

export CODESIGN_ALLOCATE="/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate"

/usr/bin/codesign --sign "Developer ID Application: P Taylor" --force --deep --verbose /Applications/SongKong.app
/usr/bin/codesign --verify --deep  --verbose /Applications/SongKong.app

Unfortunately when I tried to build today there was an error because the certificate had expired a few days ago, it was originally created 5 years previously.

So I renewed an Apple Developer membership (which had also expired) and eventually found a way using KeyChain to create a CertificateSigningRequest.certSigningRequest file which I then uploaded to Apple and it generated a developerID_application.cer file. I opened this and it was added to KeyChain

I then rerun my build, but it failed because it now found two certificates

I then deleted the old expired one and reran, this time it seemed I had to give access to use the certificate by entering my KeyChain password. Unfortunately this does not seem to be the same as my main Mac password and hence I eventually had to ForceQuit and reboot.

In order to reset KeyChain password I followed steps online to

Open KeyChain Access
From the KeyChain Access menu, choose Preferences.
Click General, then click Reset My Default KeyChain.

I then reran my build but although the certificate seems to be there it reports 'no identity found'. I think because having created a new KeyChain I have removed my personal identity(is this Certificate Authority ?).

So now I only have a the Developer Id certificate but the not the other parts and don't know what to do.

Question 1:When I selected Reset My Default Keychain it said the old keychain was kept somewhere, so my first question is can i make that the default again and then possibly there is a way to actually reset the password or perhaps I will be able to guess it.

Question 2:If I cannot do Qu.1 what do I need to do to recreate the personal certificate part that I am now missing. Remember the whole point of this is simply that users can install my software on their Macs without getting warnings about untrusted developers.

Isacco answered 19/6, 2018 at 12:17 Comment(1)
Okay, looks likes this is answer to Qu1 - discussions.apple.com/thread/5212207, trouble can I change KeyChain password if I dont know it.Isacco
I
1

Well I resolved it, I followed these instructions in order to restore my previous keychain, basically

  • In KeyChain Access select Delete Keychain "login", and ensure choose Delete References when prompted, not Delete References & Files.
  • Open Finder, and go to Folder ~/Library/Keychains
  • Rename login.keychain to login.keychain.old
  • Rename login-renamed-1.keychain to login.keychain
  • In KeyChain Access select Add Keychain and select the login.keychain file
  • Restart KeyChain Access to see the correct results

But then I still had the problem that when i tried to sign I was prompted for KeyChain password and I didn't know it.....

However in KeyChain Access I went to Edit:Change settings for keychain "login" and entered what I thought was old password and new password, and it accepted the change even though when I used the password to sign it failed

I then ran sign and entered the new password when prompted and it was accepted.

I verified signature, uploaded build, downloaded, installed and ran to ensure there was no problem with the build and it was fine. So I hope this answer helps other non Apple developers struggling with their tools

Isacco answered 19/6, 2018 at 15:16 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.