How do I obtain a current certificate from Palisade?Īll Palisade code is timestamped, meaning that a recognized certificate authority has validated that the code came from us at the time it was created. The certificate has expired or is not yet valid. When I click the View button, I get the message Looking at the Trusted Publishers information in the Excel Trust Center, I see that our certificate has expired. "The certificate has expired or is not yet valid."
This should have a 2038 expiring date, and thus you shouldn’t have to deal with this."The certificate has expired or is not yet valid."ģ.26. You can resolve this issue by regenerating the profile for your app. Please post your bug number, just for the record. As I mentioned previously, Developer ID apps should not expire. You should file a bug about this, attaching your current app. However, I think there are two things you can do independently: If you’d like me to dig into that aspect of things, please open a DTS tech support incident so that I can allocate the time necessary. However, I’ve not been tracking assiduously. My recollection is that this was an expedient measure, and that the plan was to change the OS to ignore profile expiry for Developer ID apps. This is what you can see with my profile.
There was a problem like this a year or two ago (I’m gonna be kinda vague here because I wasn’t supporting Mac code signing at the time) and the immediate fix was for us to push out the expiration date on profiles until 2038.
It’s interesting that your certificate and profile expire on the same second. Well this sounds like a bug to me as now apps signed with this certificate and provisioning profile are refusing to launch and just crash! Have you actually checked the expiry dates involved? If you do the following, what do you see? Yes, this is a Developer ID app and a Developer ID App Cert was used to generate the provisioning provile. A Developer ID-sign product should not expire.Īpple Developer Relations, Developer Technical Support, Core OS/Hardware let myEmail = "eskimo" + "1" + Quinn, There have been circumstances where that’s not happened, but such problems are bugs. % security cms -D -i MyTest.app/Contents/embedded.provisionprofileįinally, I want to be clear about one thing: While Developer ID certificates and provisioning profiles have an expiry date, the system is meant to ignore them. % openssl x509 -inform der -in codesign0 -noout -text Have you actually checked the expiry dates involved? If you do the following, what do you see? % codesign -d -extract-certificates MyTest.app
Presumably this is a Developer ID app, not a Mac App Store app, and thus by “distribution certificate” you mean your Developer ID Application certificate?ĭoes your app have a provisioning profile? There’s not a lot of concrete info to go on here.
If so, well this socks as this not only hurt developers that distribute their apps outside the MAS but users as well that rely on those apps and may find themselves unable to use the apps they need to get their work done until they figure out how to fix the problem or contact the developer for a solution. I don't know if this is a bug on Apple's end or this is now by design.
"You should've pushed an update with a new certificate already!" you might say? Well what happens if some of your users don't run you app very often and they miss the update? Well they´re stuck with an app that no longer launches and have to redownload the updated app entirely instead of getting it via in-app updates. However, and I'm not sure if this is a new restriction in macOS 10.15, but now my app will refuse to launch! You can imagine the support nightmare that will be. You'd just then create a new certificate next time you wanted to push an update. To my knowledge, this has been the case for years. Usually, apps that were signed while the certificate was still valid should be unaffected and keep running. So my app had its distribution certificate expired today.