Can't submit Mac app via xcode4 - Invalid Signature

6
votes

I keep getting this error:

Invalid Signature - This error occurs when you have signed your app's installer incorrectly. There are two certs required for this process: the "3rd Party Mac Developer Application" cert and the "3rd Party Mac Developer Installer" cert. When signing your package, you need to ensure that you are using the Installer cert to sign your package. Ensure that you are specifying this cert when submitting your app via the Xcode Organizer or when running productbuild from the command line.

I've googled, and have followed instructions but to no avail.

I have:

Projects > targets > build > code signing > 3rd Party Mac Developer Application:

Then when I go to archive and it opens up Organizer I go to submit I select the '3rd Party Mac Installer' key. But it still fails :(

Do I need to do anything else? Like clean and then build first? (Build for what? Or just select build? - Although I've tried pretty much all of them first, and then archive).

If it's of relevance I am using MacRuby, and had to do this first to set it up for xcode deployment: http://redwoodapp.posterous.com/macruby-and-xcode-4-build-a-self-contained-ma

Any help appreciated - I'm tearing my hair out here :(

3
xcodemacosapp-storemacruby
You may do better asking this in the Apple developers forum.PengOne
Thanks - I will have to check it out.A4J

3 Answers

7
votes

I had the same problem lately. And this is a perfect chance to write down and share my own notes. :)

I am assuming you are using Xcode and Organizer (not application uploader)

Step 1: Check Keychain Access.app.

You have to have two certificates (That you download from mac dev center). Each of these has to be linked with a private key. In the picture, I have only one certificate "nacho4..." linked with a private key "nac...". So I should go to the mac dev center and download my certificates in order to continue. Download them and drag them into the "login".

I only have one certificate "nacho..." linked with a private key "nac...". Make sure you have two of these.

Step 2: Make sure you can build your app with the right configuration.

In my case, I setup three configurations. Debug: can debug + no signing (for development) Release: cannot debug + no signing (mainly for internal betas, etc) Distribution: cannot debug + signing (for app store distribution)

Go to project "build info">"build signing"> Make sure that you are signing you code with the correct sign identity. Something like: "3rd Party Mac Developer Application. My Company Inc." *If you can't see this then it means something wrong is with your certificates in Keychain Access.app. Check your certificate is linked with a private key enter image description here

Step 3 Make sure you are building the right configuration.

(Yeah, kind of obvious but it happened to me the last time. This is the reason you could be getting "Invalid signature") In the "Edit Scheme" panel , make sure you have the right configuration in the "Archive" section. In my case is "Distribution" (The default is "Release ")

enter image description here

Note that if you don't do this correctly you will get be able to submit your binary to Apple but minutes later you will get an "Invalid Signature". Because the certificates are fine but the app is not signed.

Step 4: Build you app and submit it

Xcode>Product>Archive enter image description here

The organizer will appear. Now just submit it.

I have found that validating the archive is useless because sometimes even the validation fails I am able to submit my app without errors. I read this from other threads too so not only me. So if you are sure this is the version you want to submit to Apple. just press the submit button.

You are asked your username and password. Then, you get another menu to select the application (With has only one option, at least in my case) and then select the signing identity I think. This is important! Make sure "3rd Party Mac Developer Installer" is selected and everything should work.

enter image description here

If you can't see "3rd Party Mac Developer Installer" option in the last menu then it means something is missing in your keychain. (The Installer certificate from the mac dev center)

Note that if you don't do this correctly you will be able to submit your binary but minutes later you will get an "Invalid signature" mail from iTunes Connect because the app probably could be well signed but the certificates Apple will se are incorrect.

I hope it helps.

5
votes

The other two answers are good checklists, but it didn't work for me.

My problem was that I had installed Xcode 3.2.6 on Lion (it doesn't work anyway, but that's another story). This corrupted the productutil app.

To fix it: install the BSD.pkg in the Packages folder of your Lion Installer.

Thanks to Jacob Gorban to share his solution on Apple Devs Forums.

1
votes

Think this is finally sorted - thanks to Daniel from the MacRuby mailing list. I actually ended up creating a ticket with Apple, but hopefully they won't charge me for it now it's been fixed without them.

You can view the solution here: http://astonj.com/uncategorized/invalid-signature-error-on-submitting-app-to-the-mac-app-store/