问题
Disclaimer, I am a Java developer not an Apple developer and therefore only use Apple specific tools very rarely.
I develop a Java application, and as part of my build from the command line I sign it with an Apple Developer Id certificate as follows
export CODESIGN_ALLOCATE="/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate"
/usr/bin/codesign --sign "Developer ID Application: P Taylor" --force --deep --verbose /Applications/SongKong.app
/usr/bin/codesign --verify --deep --verbose /Applications/SongKong.app
Unfortunately when I tried to build today there was an error because the certificate had expired a few days ago, it was originally created 5 years previously.
So I renewed an Apple Developer membership (which had also expired) and eventually found a way using KeyChain to create a CertificateSigningRequest.certSigningRequest file which I then uploaded to Apple and it generated a developerID_application.cer file. I opened this and it was added to KeyChain
I then rerun my build, but it failed because it now found two certificates
I then deleted the old expired one and reran, this time it seemed I had to give access to use the certificate by entering my KeyChain password. Unfortunately this does not seem to be the same as my main Mac password and hence I eventually had to ForceQuit and reboot.
In order to reset KeyChain password I followed steps online to
Open KeyChain Access
From the KeyChain Access menu, choose Preferences.
Click General, then click Reset My Default KeyChain.
I then reran my build but although the certificate seems to be there it reports 'no identity found'. I think because having created a new KeyChain I have removed my personal identity(is this Certificate Authority ?).
So now I only have a the Developer Id certificate but the not the other parts and don't know what to do.
Question 1:When I selected Reset My Default Keychain it said the old keychain was kept somewhere, so my first question is can i make that the default again and then possibly there is a way to actually reset the password or perhaps I will be able to guess it.
Question 2:If I cannot do Qu.1 what do I need to do to recreate the personal certificate part that I am now missing. Remember the whole point of this is simply that users can install my software on their Macs without getting warnings about untrusted developers.
回答1:
Well I resolved it, I followed these instructions in order to restore my previous keychain, basically
- In KeyChain Access select Delete Keychain "login", and ensure choose Delete References when prompted, not Delete References & Files.
- Open Finder, and go to Folder ~/Library/Keychains
- Rename login.keychain to login.keychain.old
- Rename login-renamed-1.keychain to login.keychain
- In KeyChain Access select Add Keychain and select the login.keychain file
- Restart KeyChain Access to see the correct results
But then I still had the problem that when i tried to sign I was prompted for KeyChain password and I didn't know it.....
However in KeyChain Access I went to Edit:Change settings for keychain "login" and entered what I thought was old password and new password, and it accepted the change even though when I used the password to sign it failed
I then ran sign and entered the new password when prompted and it was accepted.
I verified signature, uploaded build, downloaded, installed and ran to ensure there was no problem with the build and it was fine. So I hope this answer helps other non Apple developers struggling with their tools
来源:https://stackoverflow.com/questions/50928239/how-do-i-get-myself-out-of-apple-developer-id-certificate-mess