Problems with submitting app to Mac App Store...

Good day everyone,

This has been causing me pain for 4 days now. It has to do with signing the app. I have followed every instruction I could find on Apple’s website, these forums and many others, and no result. I just hope that it triggers someone’s memory of a similar problem occurring to them before. :slight_smile:

I’m using Xcode 4.1 on Lion 10.7.2 btw, fresh new install. The problem occurs when I do the Archive step. It creates the Archive just fine, shows up in the Archives Organizer. But when I want to either validate or submit, it stops when it gets to the signature validation and gives this error:

I have been searching the web for 3 days about this error, and although many people did found solutions, they either don’t apply to my case because it was already Ok in my settings or did not make any difference.

BUT, if I hit the share button, make a package and validate the installation with terminal, all is perfect. It installs in the Apps folder, Starts and works just fine.

I guess my question is why does it say the app isn’t signed with the correct certificate if it is correctly applied in both the project settings and the target settings?

Actually, under Code Signing > Code Signing Identity, the “3rd Mac Developer Application: ” is selected. Then why does it talk about Installer when the only one I can select is Application?!?

I really hope someone has a solution… Maybe I could call ADC support? It MUST be a “first time using the app store submit process” mistake, can’t believe they made this so complicated that no one can use it.

Thank you in advance for any help!

Model: MacBookPro8,2
Browser: Safari 534.51.22
Operating System: Mac OS X (10.7)

yeah it’s a PITA, and super confusing as to what’s wrong. I had a hell of a time validating my app. I’m not at my main machine but here’s what I remember:

  1. You need 2 certificates, 1 for App signing and 1 for installing. Even though in the Cert builder website it seems like you do the “same action” a second time, you need 2 certs. At first I skipped the 2nd cert because I thought the dialog had popped up erroneously again; but truly it was correct but the wording is almost exactly the same when making both. First you get the Signing and then the Installing cert.
  2. In your Keychain Access Utility, when you select Category > My Certificates (I believe) that you need to see both certificates listed AND they must show a little key icon underneath them (indented) also. If not, then you have not installed the certs right. You can’t just copy them from one computer to another (or even 1 startup drive to another). I tried that and the cert was invalid, you need to use the online utility to make them new.
    So, I had at first mis-installed mine, and though the certificate icon showed up, the key underneath did not. I had to remake both my certs and install fresh. Don’t worry about remaking them- it’s OK. For your published app they will be stripped out and replaced by Apple certificates anyways. You can remake them in the middle of a project and as long as you use both new ones together it should be OK.
  3. You’re right on setting your build setting to use “code signing…” and “3rd Mac Developer Application: ”. If your certs are good then this is really all you need to do. Again, my certs were bad so I thought this step had some magic applied to it, but really that’s the only thing you need to set.
  4. When uploading/verifying the package, at that point you see a dialog that asks for the app’s ID and then also which cert ID to use to sign the package to upload. Now you should use “3rd Mac Developer INSTALLER: ” or something like that. If you don’t have a developer installer cert loaded properly, you can’t pick anything here and that’s the error. You must pick “3rd Mac Developer INSTALLER: ”.
    Installing it on your own system is not, I believe, the same as doing an upload to Apple. So you might have signed the app and built it, and it may install OK using the command line tool, but the installer cert isn’t applied until you actually upload it or use Application Loader.

Hope this helps, let me know if this did help or not or what else you’ve checked.

Thanks for your reply!

I followed your instructions carefully, and honestly they resemble mine. I just realized that by starting from scratch there is a solid link between the certificates created in the Dev Certificate Utility and the provisioning profile. You have to recreate a new provisioning profile every time you create new certificates.

But I have to say I was not successful, again.

Now I’m just wondering a few points:

  1. Apple says to install the provisioning profile in the System Preferences by double-clicking on it. But every provisioning profile I have created have failed to install, except when I create a development profile, not a distribution profile. Would this be causing a problem if I can’t get it installed in the Sys Prefs? It gives an unknown error, and I have been discarding this so far, thinking it wasn’t really important since it does install in Xcode just fine.

  2. I tried another solution provided on the stack overflow website, which said I could sign the app with the codesign utility in terminal, but it gives an error : “3rd Party Mac Developer Installer: : this identity cannot be used for signing code”. Could this be the problem?

  3. In order to be in concordance with the app store rules I activated the entitlements and app sandboxing. In the project info > code signing > code signing entitlements there is nothing setup there, but in the same spot under targets the entitlements file is setup correctly.

  4. I do have the little key under the certificate in the keychain utility. My question is does the title beside the little key icon need to be matching something somewhere? Do they need to match between both certificates?

  5. If I call Apple for support, is this kind of problem covered in the 2 accidents they offer for every subscription?

Thank you for your time, I’m sure this is a stupid and easy fix, but as usual it takes way too much energy and time… :slight_smile:

Model: MacBookPro8,2
Browser: Safari 534.51.22
Operating System: Mac OS X (10.7)

I did not do anything with provisioning profiles at all. I am the only person on my Apple ID. I did not enter my computer’s serial number or anything like that. I only have certificates and App IDs (I just checked). I thought provisioning was only for iPhone apps (?). I don’t think they are necessary for Mac App development, or maybe it’s to include iCloud or receipts etc?

  1. I assume you also have the WWDR entitlement thing and Apple 3rd Party Developer cert. I didn’t do any provisioning things.
  2. I don’t like messing with terminal unless I have to, especially with stuff like this that should be GUI. The GUI methods will work. Plus, read what you wrote there carefully: you can’t use the application signing certificate to try to sign the installer. I think there are ways to build apps via terminal and then after the bundle is made then you use terminal to also do the code signing as a separate step, and then in that case you would also use the application cert, not the installer cert.
  3. You don’t need sandboxing until March now. If your app is making calls to the Finder, do shell script, or any 3rd party app then it’s gonna fail with SB enabled. Even including “choose folder” or “choose file” could be tricky. I say turn off entitlements and sandbox. But I think they are not really relevant to your problem at this point.
  4. Not sure about the key’s icon name. If you can build the app using “3rd party mac developer:name” then it should be OK I think.
  5. I don’t know. In my opinion, calling will be a waste of a call. I’m not sure how detailed they will get with you to set things up. If you do call, DO NOT tell them you are working on an Applescript project, just because they might raise their arms and claim they can’t help with ASOC projects. In my opinion, you’ll get it worked out. I did, even though it took me 3 evening’s work.

I still bet there may be an issue with your certs. So, my experience was that I built an app on Lion/XC4 and it worked pretty smooth! Then I was building a different app on Snow Leopard because I needed to keep a private version compatible with old Leopard, so I was using XC3. I tried to copy the certs from Lion to Snow, and that messed it all up. Took me 3 days to figure out to make all new certs in Snow, for that startup disk (as well as the key icon thing). Now I have it working under Snow fine.
Maybe I can give more detail over the weekend from my dev computer.

Alright, here’s an update. @SuperMacGuy: followed all your instructions to the letter in your latest post, I removed sandboxing, and still doesn’t work. Same error.

One thing: you talk about “WWDR entitlement thing”, what is this exactly? Nothing to do with Sandboxing i assume. I don’t really remember seeing this anywhere. Is it something that’s created automatically or on the ADC website?

I’m starting from scratch, removing all certificates that could have anything to do with developer or my app. I saw a few duplicates, some of them were no longer valid. Could be the source of my problems.

Thanks for your support, it is really appreciated… was beginning to think I was all alone! :slight_smile:

Model: MacBookPro8,2
Browser: Safari 534.51.22
Operating System: Mac OS X (10.7)

Sorry I totally forgot about checking this forum over the weekend.
The WWDR “entitlement thing” is… well there is a 3rd certificate that you need to get, aside from the 2 that are specific to you. In the certificate maker part of the iTunes Connect site, there is a button/link to download this from there.
OK I checked and it’s called “WWDR Intermediate Certificate”.

No problem. I’ve been struggling with this for so long now, I don’t mind a few more days. :slight_smile: Thanks for your help again!

Ok, that one I have, “WWDR Intermediate Certificate”. I even noticed that it needs to be installed before I create and install the other 2 certificates.

I have deleted everything and started from scratch, and still, the same error.

In the guide Apple provides, they say that the code signing has to be set only for the project and not the target, but for some weird reason, I can’t set the correct signing unless I have a provisioning profile installed and I can’t set it to don’t code sign in the target, there is always something invisible selected, like it can’t not be set. This is very contradictory.

And like I said, I have to install provisioning profiles in Xcode, it won’t even let me compile the archive without one and won’t let me select a code sign option with my name in it, only a generic one that doesn’t work.

I am getting to the end of my options here, and I am quite simply thinking of abandoning putting an app on the app store and closing my dev account. The only thing left for me to do is to call Apple for support, as I am entitled to 2 incidents. It is sooo complex to setup! It should be simpler, Apple-style, not Windows-style… :frowning:

Model: MacBookPro8,2
Browser: Safari 534.51.22
Operating System: Mac OS X (10.7)

I have submitted a TSI to apple support, because like I said, there is not much options left for me right now.

Crossing my virtual fingers… :slight_smile:

Oh you know what, now that you mention it, I think I did have to (for my XC3 project) set code signing to be on for the target’s build info, not the project. In XC4 that might be different, I forget since I don’t use that yet (really).

Yeah, well I have tried every code signing combinations possible, and there is no change. So i’m not sure it would be a problem, but who knows…

Still waiting for Apple, no response yet, besides the automated acknowledgement one. Sigh… :expressionless:

Model: MacBookPro8,2
Browser: Safari 534.51.22
Operating System: Mac OS X (10.7)

Alright, took a few days, but finally worked. I had some email exchanged with someone from the ADC tech support, and turns out my problem was Xcode 3 on Lion. Somehow, there is important command-line tools that are installed with Xcode 4 that don’t get installed if v.3 was installed before. This is why Xcode 3 on Lion is not supported… :roll eyes:

The only solution is to reinstall the entire OS from scratch, which I was not ready to do just now because I did it 3 weeks ago and it took me a week for it to be setup the way I like. Fortunately, I have a small mac mini that runs Lion, I installed Xcode 4.2.1 on it, and submitted the app just fine. It is currently waiting to be reviewed.

If anyone is interested, here are the steps that worked for me. I took some notes for myself, just to be sure I do not ever go through this pain again. Here you go:

  1. Make sure the “WWDR Intermediate Certificate” is present before creating other certificates. You can obtain it by going to the ADC website > Mac Dev Center > Certificate Utility > Overview, then click on “WWDR Intermediate Certificate”. This one is required to certify the certificates you are going to create in #2 to #6.

  2. In your Application > Utilities > Keychain Access create a certificate request by going to Keychain access > Certificate Assistant > Request a certificate from a certificate authority. Enter your email and your name, save to disk. Remember that the certificates must be created with the computer onto which they will be installed and from which you will submit your app from Xcode.

  3. Go to ADC website, log in and go to Developer Certificate Utility then click on “create certificates”.

  4. Click on “Distribution” and make sure both check boxes are ticked. Click continue, locate the cert request file you saved in #2, click continue, wait a bit then click continue and download the cert.

  5. Click continue and locate again the same cert request made in #2 and create the second cert, download and click continue.

  6. Load both certificates in keychain access by double-clicking on them, when asked choose “session”. They must have a disclosure triangle that when disclosed show the name you specified in #2. They also must appear in the “My certificates” section. If these 2 conditions are met then you are ok.

  7. Create a new app ID under app ID on the ADC website, using the same “” as set up in your project in Xcode.

  8. On the ADC website create a new provisioning profile, click distribution, give it a name, then select your app created in the apps id section in #7.

  9. Download the provisioning profile and go in Xcode > Xcode organizer and drag your profile in the window. Apple says to double click it to install it in your sys prefs, but for some reason it doesn’t work unless it is a development profile, and this one is a distribution profile… Ignore this step. No idea why, but even if we don’t need it (according to ADC tech support), I could not go forward until I had one installed. Try it without, and see if it works or not.

  10. In your Xcode project settings under compiler use “Appe LVM” and make sure the debug info for the release build setting (the one you’ll use to upload the app) is set to “DWAR with dsym file”. Also, make sure the “Save as Execute-Only” in the OSACompile section is set to “Yes”, otherwise your code will be readable by anyone.

  11. You need to go to the iTunes connect website, then “Manage Applications” section and then click on “Add new app”. Enter all the information required (the SKU number is a number you create yourself, as long as it is unique and never used again, you’re fine). After you’re done make sure that the status is changed for “waiting for upload” by clicking on the app in the “Manage applications” page and clicking on the “upload app” button. IMPORTANT: the name you will choose for your “App Name” will remain unique for this app. If you decide to delete this app in iTunes Connect and try to use it again, you won’t be able to use the same name ever. Perhaps the folks at Apple can help, not sure.

  12. Then go back to your Xcode project, make sure that under the project’s settings, under Code Signing Identity (for both the project and your target) that the “3rd party Mac Developer Application: ” is selected. IMPORTANT: if you do not see your name after the colon, i.e. you only see “3rd party Mac Developer Application”, then you have done something wrong. In my case, without the Distribution Provisioning Profile mentioned in #9, it never worked. Having one installed solved the problem.

  13. Make sure you clean all the builds by selecting the menu Project > Clean. Then select Product > Archive. You can make sure that this Archive build follows the right build settings by clicking on your app name in the pop-up that appears beside the play and stop button, then select “Edit Schemes”, then go to Archive, and set your build settings there. Make sure “Reveal Archive in Organizer” is selected.

  14. The Organizer should open, otherwise open it by going to Window > Organizer. Your app should appear in the list, and you have 3 options: Validate, Share and Submit. Use Share to save your app as a package and install it using terminal and this command : <sudo installer -store -pkg path-to-package -target /> (Without the <>, and replacing the path-to-package with the actual path to your .pkg file.). There need to be no other version installed anywhere else in your system, otherwise it won’t install it in /Applications but rather try to update the other ones.

  15. If you click Validate, then enter your ADC login info, and then make sure you select the “3rd party Mac Developer Installer: ”. This time it is the Installer certificate that is required, not the Application one. Again, if you do not see your name after the colon, then something is wrong. Otherwise, if it says your app is valid, then you can click on submit and upload it for review. It might take a while, even if your app is small.

That’s it! May you be spared of the pain I received during my troubles and enjoy a painless submit process! :slight_smile:

Model: MacBookPro8,2
Browser: Safari 534.51.22
Operating System: Mac OS X (10.7)