6

When I run my app into my iPhone I get this Warning:

unable to build chain to self-signed root for signer "".

My application Installed in iphone but it closed suddenly.

mfaani
  • 33,269
  • 19
  • 164
  • 293
Elam parithi
  • 98
  • 1
  • 2
  • 10
  • 1
    https://forums.developer.apple.com/thread/86161 `I solved my problem by: - Removing all account information from Xcode and quitting Xcode. - Open Keychain Access and delete all my certificates, as well as all Apple root and intermediate certificates. - Manually resintall all Apple root and intermediate certificates. - Relaunch Xcode and open Preferences > Accounts. Sign in to dev account, and select Download Manual Profiles.` – user5226582 Nov 15 '17 at 12:38
  • https://forums.developer.apple.com/thread/86161 this may help – Forte Zhu Nov 15 '17 at 12:40
  • my problem solved. I reset my keychain access certificates. – Elam parithi Nov 16 '17 at 06:18
  • Go into Xcode and delete your account from Preferences Go to ~/Library/MobileDevice/Provisioning Profiles in finder and delete the files within Go into keychain and delete any personal certificates mentioning Mac Developer, iOS Developer, etc Add your account back into Xcode and choose to revoke the existing certificate You'll have to re-generate any provisioning profiles since the previous ones were tied to the now revoked certificate and are now invalid And also, don't manually trust the developer certificates... that breaks code signing completely since codesign won't trust it. – Zeus Apr 19 '18 at 11:13
  • 4
    TODO: Don't manually trust the developer certificates... that breaks code signing completely since codesign won't trust it. I use this solve problem~ – Zeus Apr 19 '18 at 11:14

15 Answers15

17

In my case,

1- Open Keychain Access

2- Select login, and click Certificates

3- Double click Apple Worldwide Developer Relations Certificate Authority

4- Open trust section, and set to "Use System Defaults" from "Always Trust"

5- Clean build folder and run

Mahmut Şahin
  • 570
  • 6
  • 13
  • 2
    Thanks only this one fixed my problem too ! – dreamend Mar 24 '20 at 15:01
  • Basically if any of the root or intermediate certificates have a **+** next to them then it means that they have been set to "Always Trust" and that's probably exactly the one you need to set to "Use System Defaults" – mfaani Jun 01 '20 at 20:08
  • 1
    Thank you so much, is works for me, looking for a solution took me 3 days – Karim Jun 21 '21 at 14:36
12

I too had the same error unable to build chain to self-signed root for signer...

My mistake was that I had changed the trust setting of my distribution / developer cert to always trust. When I changed it back to Use system Default it all worked.

Sailendra
  • 1,318
  • 14
  • 29
matphi
  • 173
  • 3
  • 8
11

I saw other answers and attempted to delete my intermediate keychains and root certificate. But Apple doesn't allow to remove Root certs unless you're in recovery mode and I didn't want to try that. Likely you don't have to delete anything either as this solution works without it.

I just thought I'd add an image to clarify things. I ran into this issue when I was poking around in my Keychain and accidentally changed the default settings.

Identifying the bad certificate:

  1. From you Keychains select Login
  2. From Category select Certificates
  3. Find any Apple Certificate that has the blue + like
  4. Double click on the certificate. You'll see it look like this

enter image description here

  1. Expand the Trust. You'd see something like this:

enter image description here

  1. If it's messed up then the "When using this certificate" is set to "Always Trust" along with the blue

Fixing the bad certificate:

  1. Just set it to "Use System Defaults" and close it.
  2. You'll get a pop up. Type in your password to update settings.
  3. Close KeyChain. Go back to your project, clean and run. Problem should have gone away.
  4. If that didn't work then go back to Keychain and just double check and see if there are any other Apple certificates that are set to Always Trust and repeat the process.

Explanation

I'm not 100% sure, but I think when you set an Apple certificate to "Always Trust", it can cause app signing problems because it allows the certificate to bypass the standard chain of trust.

In the context of app signing, a chain of trust refers to a series of interconnected certificates that form a secure path from the app's signature to a trusted root certificate.

IIUC only root certificates can be set to 'Always Trust'. But even then it's better to let the system resolve it for you i.e. for all certificate types, you just want it to be set to "Use System Defaults"

root vs intermediate ceritficate

Keychain will tell you which ones are Root certificates.

types-of-certificates

mfaani
  • 33,269
  • 19
  • 164
  • 293
  • Thank you SO much. I tried literally everything but this was the only thing that worked. After setting my certificate from Always Trust to Default, it then showed up as a trusted certificate and worked flawlessly. – Arbel Oct 05 '21 at 15:58
  • Thinking about this more now, I think ALL certs (Apple certs + your own development/distribution) should be set to 'Use System Defaults', but I could be wrong – mfaani Feb 02 '23 at 22:18
10

I had the same problem and basically did like posted in the comment:

  • Remove my account at Xcode / Preferences at the top right.
  • open keychain. At the left "my certificates": Delete the Mac or iPhone etc Developer certificate.
  • just starting Xcode again and creating a new account like one did when starting Xcode for the first time.
Cœur
  • 37,241
  • 25
  • 195
  • 267
Andy
  • 185
  • 1
  • 13
  • This worked great for me, one other note: don't forget to Clean your build after you do this and before you attempt the rebuild. – Topher Fangio Mar 22 '18 at 15:15
6
  1. Change your trust settings of your developer certificate in keychain access to system default
  2. Delete all certificates in your local keychain
  3. Quit and relaunch xcode
  4. Clean
  5. Run program on device
  6. When it asks, enter your keychain password and click always trust

The issue could be having your certificate set to always trust, that's the issue I had. If you're getting this warning that stops you from running apps on your device, this should fix everything.

Stephen Swetonic
  • 69
  • 1
  • 4
6

After days of trying to find a consistent way, here is the solution:

Xcode 12.4

It seems like a hack but it works!

  1. Go to Xcode Preferences menu (command+,) and then Accounts tab

  2. click on the gear icon on the bottom left and Export Apple ID and Code Signing Assets... Settings

  3. Set a password for the export

⚠️ You are going to delete all passwords and profiles! Don't forget your password! Writing down your password is highly recommended.

⛔️ This file will contain all your accounts and profiles. Make sure to keep it very secure.

  1. Delete all accounts.

  2. Build and face the new error.

  3. Import them back using your password.

It's working again.

Mojtaba Hosseini
  • 95,414
  • 31
  • 268
  • 278
4

After struggling one day with many answer on forum. I came up with solution works for me. below are steps for fix:

  1. Download below certificate from apple PKI official site https://www.apple.com/certificateauthority/
Root Certificate
  Apple Inc. Root
  Apple Root CA - G3 Root

Intermediate Certificate
   Worldwide Developer Relations - G1 (Expiring 02/07/2023 21:48:47 UTC)
   Worldwide Developer Relations - G3 (Expiring 02/20/2030 00:00:00 UTC)
  1. Download all Certificate and profiles, extension profile specific to your app for development and distribution.
  2. Go to Xcode Preferences menu (command+,) and then Accounts tab. Delete all account
  3. Quit Xcode
  4. Open Key chain and go to login section of Certificate tab
  5. Remove all root and intermediate certificates, Developer ID Certification Authority from key chain.
  6. Remove all your app specific certificate
  7. Open finder, go to location (shift+cmd + g) ~/Library/MobileDevice/Provisioning\ Profiles and remove all certificate
  1. Relaunch Keychain and go to login section of Certificate tab
  2. Drag drop root certificates to keychain (root certificate will be trusted automatically do not make it manually )
  3. Drag drop intermediate certificates to keychain
  4. Drag drop app specific certificate (.p12) to keychain
  1. Open finder, go to location (shift+cmd + g) ~/Library/MobileDevice/Provisioning\ Profiles and add you app specific profiles. Optionally you can login with apple account in Xcode setting and download manually for each profile.
  2. Open Xcode and clean derive data (Shift+ Alt+ cmd+ k), and build it with any device.

This issue happens due to apple has introduced new root certificate and intermediate certificate. Read more detail from https://developer.apple.com/support/wwdr-intermediate-certificate/

kaushal
  • 1,553
  • 18
  • 25
3

Xcode 12.4

xcode -> preferences -> accounts -> select the account -> manage certificate -> click on the + icon on the bottom left of the popup window -> ios development

THen you will see a new certificate created. Now you can run your app.

Alessandro Ornano
  • 34,887
  • 11
  • 106
  • 133
2

Download the renewed cert here: https://developer.apple.com/support/expiration/

user15779669
  • 21
  • 1
  • Welcome to SO. Its always good practice to write relevant details with the answer. Please read https://stackoverflow.com/help/how-to-answer – Muhammad Tariq Apr 28 '21 at 04:05
2

For me, just performing Product > Clean Build Folder in Xcode was enough to fix the issue.

Raphael Pinel
  • 2,352
  • 24
  • 26
  • 1
    After loads of messing around with the certificates, this was the only thing that fixed my issue. – Nick Sep 12 '22 at 12:35
1

I'm adding the solution that fixed it for me, and is already on that thread

The key issue here is the root certificate

Export and delete from login/certificate the certifictes named "Apple Worldwide Developer Relations Certification Authority" in your Keychain.

Do the same from system/certificate.

Import in system/certificate only ONE "Apple Worldwide Developer Relations Certification Authority". I imported the one that has the expiration date set to 2030 (not 2023).

You can also download the latest from: https://www.apple.com/certificateauthority/AppleWWDRCAG3.cer

That's all. But again, make sure it is in your Keychain's SYSTEM and you ONLY have ONE root certificate in your Keychain's SYSTEM area, AND NONE in LOGIN area.

Softlion
  • 12,281
  • 11
  • 58
  • 88
0

You are using Distribution certificate instead of Development Certificate if you are able to install app in debug mode but it closes automatically once installation completed.

Dattatray Deokar
  • 1,923
  • 2
  • 21
  • 31
0

One of the way to resolve IOS Codesigning issue is follow following Document.

iOS Code Signing Troubleshooting

And Run the following command to know the excact issue

spctl -a -t exec -vv <app-path>

One More Tip

After changing anything in system always clean & build your project to know if solution got applied successfully or not.

Sahil Doshi
  • 1,073
  • 10
  • 23
0

It is also important to note that the physical device you are trying to deploy to must be listed in the allowed devices list for that provisioning profile -> you can see this here in the tooltip that pops up from your cert information -> you want to make sure that your device is listed in the "Devices" section.

You can add / remove devices when you create the provisioning profile on the apple developer portal website.

Cert popup

Jason Perfetto
  • 1,413
  • 1
  • 8
  • 11
0

For me the problem was caused by the presence of two Fastlane Match certificates, one of them being invalid:

enter image description here

For some reason codesign was picking up the invalid one. Once I deleted that certificate, things got back to normal.

Cristik
  • 30,989
  • 25
  • 91
  • 127