WWDR Root certificate issue

glesage · February 16, 2016, 6:18pm

I think at this point we’re all aware of the painfull https://developer.apple.com/support/certificates/expiration/

Not sure if Circle-ci has tried to address this issue but I am currently having issues for the last 24 hours, narrowed it down to the old WWDRA cert still being on the server.

When I tried deleting and manually downloading the latest WWDR using a suggestion online:
security delete-certificate -c "Apple Worldwide Developer Relations Certification Authority" /Library/Keychains/System.keychain

I got security: "Apple Worldwide Developer Relations Certification Authority" is ambiguous, matches more than one certificate

Which shows its still there somehow…

----- EDIT -----

This fixes it: sudo security delete-certificate -Z 0950B6CD3D2F37EA246A1AAA20DFAADBD6FE1F75 /Library/Keychains/System.keychain
(credits o @adrienbrault https://github.com/travis-ci/travis-ci/issues/5633)

bear · February 17, 2016, 8:03pm

I brought this up with the team managing the OS X fleet and the certificate should have been removed in the OS X image that we deployed yesterday.

Please double check and let us know if this is not the case. Thanks for bringing it to our attention!

bear · February 17, 2016, 10:28pm

FYI - we also just noticed this:

glesage · February 18, 2016, 7:00pm

Thanks no problem!

It seems it is still happening currently though… I’ll try removing the deletion line again in a few days and see if it works

bear · February 19, 2016, 7:38pm

odd, please do let me know if you still see it!

glesage · February 26, 2016, 1:12am

Ok well maybe it’s something different… but I just tried removing the line that deletes the old cert sudo security delete-certificate -Z 0950B6CD3D2F37EA246A1AAA20DFAADBD6FE1F75 /Library/Keychains/System.keychain

and I got this error:

Looks like there are no local code signing identities found, you can run `security find-identity -v -p codesigning` to get this output. Check out this reply for more: https://stackoverflow.com/questions/35390072/this-certificate-has-an-invalid-issuer-apple-push-services

ngs · March 9, 2016, 12:59pm

I’m still seeing that /Users/distiller/Library/Keychains/default and /Library/Keychains/System.keychain are containing expired WWDR.

And removing 0950B6CD3D2F37EA246A1AAA20DFAADBD6FE1F75 worked for me.

glesage · March 12, 2016, 9:12pm

Indeed, they should be completely flushed from the system by circle-ci though, we shouldn’t have to delete it everytime we push a build… (:

atreat · December 16, 2016, 1:05am

I’m still seeing this, has it been resolved?

glesage · December 16, 2016, 2:51am

I don’t believe it has. It was still an issue for me recently as well

atreat · January 12, 2017, 7:08pm

I switched to use Xcode 7 and this went away. I believe its actually caused by Xcode 8’s automatic code signing functionality. If you disable that in your project you may have some luck

Topic		Replies	Views
Debugging Common iOS Code Signing Issues Support Solutions suggested	0	5005	March 3, 2021
SSL certificate: https://cocoapods-specs.circleci.com/ has expired Feedback & Bug Reports	3	926	October 8, 2021
After fastlane match can't find signing identity Integrations and Accounts	1	3502	June 18, 2018
Xcode 12.4 Release Announcements	8	5308	June 8, 2021
Make Fastlane match use circle.keychain Mobile fastlane , xcode , xcodebuild , match , keychain	4	6509	June 18, 2018

WWDR Root certificate issue

Related Topics