Apple Developer Certificates

From Lazarus wiki
Jump to navigationJump to search
macOSlogo.png

This article applies to macOS only.

See also: Multiplatform Programming Guide

Apple iOS new.svg

This article applies to iOS only.

See also: Multiplatform Programming Guide

Overview

This article deals with the various certificates available to someone who has signed up and paid for the Apple Developer Program and describes which certificate to use for what. Given the number and names of the various certificates it can be somewhat daunting to figure out which certificate is used for what.

Finally, there is a description of the consequences of expired and revoked certificates.

Warning-icon.png

Warning: It is not possible to use certificates from third-party providers like Comodo and DigiCert because they will not pass Gatekeeper which requires an Apple developer issued certificate. Also note that you cannot sign Windows applications with the Apple developer certificate (this time you do need a third-party Comodo, DigiCert etc certificate).

Xcode 11

Xcode 11 supports the new Apple Development and Apple Distribution certificate types. These certificates support building, running, and distributing apps on any Apple platform. Preexisting iOS and macOS development and distribution certificates continue to work, however, new certificates you create in Xcode 11 use the new types. Previous versions of Xcode don’t support these certificates.

Apple Development Certificate

This certificate is used to sign development versions of your iOS, macOS, tvOS, and watchOS applications. For use in Xcode 11 or later.

Apple Distribution Certificate

This certificate is used to sign your applications for submission to the App Store for distribution. For use with Xcode 11 or later.

macOS app distribution via the Mac App Store

Mac Development Certificate

This certificate is used to sign development versions of your Mac applications for testing and debugging. It enables certain app services during development and testing.

Mac App Distribution Certificate

This certificate is used to code sign your application and configure a Distribution Provisioning Profile for submission to the Mac App Store.

Mac Installer Distribution Certificate

This certificate is used to sign your application's Installer Package for submission to the Mac App Store.

macOS app distribution outside the Mac App Store

The certificate types for distribution of macOS applications outside the Apple Mac App Store:

Developer ID Application Certificate

This certificate is used to code sign your application for distribution outside of the Mac App Store. Note that kernel extensions require a special certificate and that they are now deprecated anyway.

Developer ID Installer Certificate

This certificate is used to sign your application's Installer Package (if any) for distribution outside of the Mac App Store.

Expired or revoked certificates

Mac App Distribution Certificate and Mac Installer Distribution Certificate (Mac App Store)

If your Apple Developer Program membership is valid, your existing apps on the Mac App Store will not be affected. However, you will no longer be able to upload new apps or updates signed with the expired or revoked certificate to the Mac App Store.

Developer ID Application Certificate (Mac apps)

If your certificate expires, users can still download, install, and run versions of your Mac applications that were signed with this certificate. However, you will need a new certificate to sign updates and new applications. If your certificate is revoked, users will no longer be able to install applications that have been signed with this certificate. If your Mac application utilizes a Developer ID provisioning profile to take advantage of advanced capabilities such as CloudKit and push notifications, you must ensure your Developer ID provisioning profile is valid in order for installed versions of your application to run.

Developer ID Installer Certificate (Mac apps)

If your certificate expires, users can no longer launch installer packages for your Mac applications that were signed with this certificate. Previously installed apps will continue to run however new installations will not be possible until you have re-signed your installer package with a valid Developer ID Installer certificate. If your certificate is revoked, users will no longer be able to install applications that have been signed with this certificate.

See also

External links