Monday, February 1, 2021


Tags

App Rejected for Revoked Certificate

Submitting to the Apple App Store failed, revoked installer certificate.

Monday, February 1, 2021 - Sam Rowlands

Tryign to submit an update of Iconographer Mini was failing because of a revoked certificate, yet according to Keychain Access and App Wrapper, it was fine. Lets begin.

It is pretty common to have your application rejected, so much so that I simply expect it every single time I submit. Yesterday was a new one for me.

Certificate Revoked. The signing certificate "C=TW, O="Ohanaware Co., LTD", OU=QXAFMEPH6X, CN="3rd Party Mac Developer Installer: Ohanaware Co., LTD (QXAFMEPH6X)", UID=QXAFMEPH6X" with serial number 991687306867499161 used to sign iconographerMini_102_x86_64.pkg has been revoked. Learn more (https://help.apple.com/xcode/mac/current/#/dev154b28f09).
  1. Checked in App Wrapper, no problem.
  2. Checked in Keychain Access, found two certs with the same name.
  3. The cert with the matching serial number was fine according to Keychain Access and doesn't expire for at least two weeks.
  4. Deleted the older certificate, and tried again.
  5. Success.

Q: There are also two certs for the application signing, why is this only a problem for the installer package?

A: When signing the application, App Wrapper is able to tell the API to use a specific identity, so App Wrapper picks the latest valid identity. When signing installers, there is no such such capability. App Wrapper can tell it the name of the identity to use, but it chooses the identity and in this case, it picks the older unvalid identity.

If you don't have two installed copies of the certificate, visit https://developer.apple.com/account/resources/certificates/ to download the newer certificate.