Home Guides Interfaces Troubleshooting

Code Signing Issues

App Sandbox is enabled, please make sure this is intentional

The App Sandbox security protocol is not required outside of the  App Store. If this application has a App Store counter part, it is worth leaving it enabled, otherwise save some stress and hassle, by turning it off.

Hardened Runtime security protocol is disabled, please confirm

This application will not be Notarized as Hardened Runtime is a requirement. If disabling Hardened Runtime resolves some issues, please use the Hardened Runtime options on the "Capabilities" Page to disable parts of the Hardened Runtime protocol, until the correct combination is found for the application to function correctly.

Use Entitlements is disabled, please make sure this is intentional

Some applications will need entitlements to work correctly after being signed with Hardened Runtime, some do not. Make sure the application is fully tested without Entitlements before shipping.

App Sandbox is disabled, please confirm.

Generally the App Sandbox is required for  App Store applications, older apps may be grandfathered in, but new applications and application updates are most likely to get rejected for not using the App Sandbox security.

Code Sign error: CSSMERR_TP_NOT_TRUSTED

  1. Launch Keychain Access
  2. In the Category section, select My Certificates
  3. Double-click the certificate
  4. Use the certificate name to find the certificate belonging to your team. For example, an Apple Distribution certificate begins with “Apple Distribution.”
  5. In the certificate window, display the Trust section by clicking the corresponding disclosure triangle
  6. For the option “When using this certificate,” select Use System Defaults
  7. Close the certificate window.
  8. Try again

code object is not signed at all

This is normally related to a component within the application that isn't being signed correctly. The Error message normally indicates which file it is.

If it indicates a "Resources" folder as the problem, either delete it if possible, or combine the components into the enclosing bundle's Resources folder.