I have created certificate to enable Push Services in my app, but every time I try to add certificate in my Keychain, after adding certificate it shows me following error:
This certificate has an invalid issuer
I have created certificate to enable Push Services in my app, but every time I try to add certificate in my Keychain, after adding certificate it shows me following error:
This certificate has an invalid issuer
I think I've figured this one out. I imported the new WWDR Certificate that expires in 2023, but I was still getting problems building and my developer certificates were still showing the invalid issuer error.
After deleting the expired certificate from the login and System keychains, I was able to build for Distribution again.
Confirm "Certificates" category is selected.
Remove expired Apple Worldwide Developer Relations Certificate Authority certificates from "login" tab and "System" tab.
Here's Apple's answer.
Thanks for bringing this to the attention of the community and apologies for the issues you’ve been having. This issue stems from having a copy of the expired WWDR Intermediate certificate in both your System and Login keychains. To resolve the issue, you should first download and install the new WWDR intermediate certificate (by double-clicking on the file). Next, in the Keychain Access application, select the System keychain. Make sure to select “Show Expired Certificates” in the View menu and then delete the expired version of the Apple Worldwide Developer Relations Certificate Authority Intermediate certificate (expired on February 14, 2016). Your certificates should now appear as valid in Keychain Access and be available to Xcode for submissions to the App Store.
This is not actually a development issue. It happens due to expiration of the Apple Worldwide Developer Relations Intermediate Certificate issued by Apple Worldwide Developer Relations Certificate Authority. WWDRCA issues the certificate to sign your software for Apple devices, allowing our systems to confirm that your software is delivered to users as intended and has not been modified.
To resolve this issue, you have to follow the below steps:
Here you find that "Apple Worldwide Developer Relations Certificate Authority" is marked as expired. So delete it. Also check under Login Tab and delete expired WWDRCA.
Download new WWDR Intermediate Certificate from here(The renewed Apple Worldwide Developer Relations Certification Intermediate Certificate will expire on February 7, 2023).
Install it by double clicking on it.
If you still face any issue with your iOS apps, Mac apps, Safari extensions, Apple Wallet and Safari push notifications, then please follow this link of expiration.
The Apple Worldwide Developer Relations Certification Intermediate Certificate expires soon and we've issued a renewed certificate that must be included when signing all new Apple Wallet Passes, push packages for Safari Push Notifications, and Safari Extensions starting February 14, 2016.
While most developers and users will not be affected by the certificate change, we recommend that all developers download and install the renewed certificate on their development systems and servers as a best practice. All apps will remain available on the App Store for iOS, Mac, and Apple TV.
Here is how we fixed this.
Step 1: Open Keychain access, delete "Apple world wide Developer relations certification authority" (which expires on 14th Feb 2016) from both "Login" and "System" sections. If you can't find it, use “Show Expired Certificates” in the View menu.
Step 2: Download this and add it to Keychain access -> Certificates (which expires on 8th Feb 2023).
Step 3: Everything should be back to normal and working now.
Reference: Apple Worldwide Developer Relations Intermediate Certificate Expiration
In Apple's Developer's portal, add a new certificate, and when asked "What type of certificate do you need?" choose "WorldWide developer relations certificate". Generate the new certificate, download and install. The moment you do that, you will no longer see the message you have described.
Edit:
The certificate can be downloaded from the following page:
https://www.apple.com/certificateauthority/
You can choose one of the following two certificates:
"WWDR Certificate (Expiring 02/07/23)"
or
"WWDR Certificate (Expiring 02/14/16)"
Follow the below steps:
If you don't find your WWDR certificate in Login or System tab, then select category "All items" on the left side. Most probably you will get to see an expired WWDR certificate here, and you can remove it. An expired certificate is always shown with a red asterisk.
If you are facing the "This certificate has an invalid issuer" error for all your certificates then do the following steps.
Steps:
Reference:
As described in the Apple Worldwide Developer Relations Intermediate Certificate Expiration:
The previous Apple Worldwide Developer Relations Certification Intermediate Certificate expired on February 14, 2016 and the renewed certificate must now be used when signing Apple Wallet Passes, push packages for Safari Push Notifications, Safari Extensions, and submissions to the App Store, Mac App Store, and App Store for Apple TV.
All developers should download and install the renewed certificate on their development systems and servers. All apps will remain available on the App Store for iOS, Mac, and Apple TV.
The new valid certificate will look like the following:
It will display (this certificate is valid) with a green mark.
So, go to your Key Chain Access. Just delete the old certificate and replace it with the new one (renewed certificate) as Apple described in the document. Mainly the problem is only with the Apple push notification service and extensions as described in the Apple document.
You can also check the listing of certificates in https://www.apple.com/certificateauthority/
Certificate Revocation List:
Now this updated certificate will expire on 2023-02-08.
If you could not see the old certificate then go to the System Keychains and from edit menu and select the option Show Expired Certificates.
Now you can see the following certificate that you have to delete:
in 2021:
If you got here from the Fastlane then this snippet might fix your CI deployments. Execute it before the signing.
apple_intermediate_certificate_path = "/tmp/AppleWWDRCAG3.cer"
`curl https://www.apple.com/certificateauthority/AppleWWDRCAG3.cer --output #{apple_intermediate_certificate_path}`
other_action.import_certificate(
certificate_path: apple_intermediate_certificate_path,
keychain_name: YOUR_KEYCHAIN_NAME,
keychain_password: YOUR_KEYCHAIN_PASSWORD
)