Set ahead, Apples thoughts are "Please upgrade to macOS Sierra, even if your computer cant."
They are a hardware company…
It gets stranger and stranger. I have a 13" MBP running Sierra that is able to codesign without any problems (using App Wrapper). So as an experiment, on the problematic 15" MBP (also running Sierra) I moved all of the Keychain files out of /user/Library/Keychains into a temporary folder and zipped it, then deleted all of the originals. I then copied the Keychain files from the good 13" MBP into the Keychains folder on the 15" MBP and rebooted the 15" MBP.
As expected, I lost some of my passwords, etc that weren’t on the 13", but THE DUPLICATE DEVELOPER IDs ARE STILL IN KEYCHAIN on the 15" MBP, as shown by Sam’s utility.
That means they’re not in /user/library/keychains, but Keychain Access doesn’t show them in System or anywhere else. Doing a filename search doesn’t find them anywhere.
So for now, I’ll continue to do my codesigning on the 13" MBP, copying files back and forth to the main 15" MBP as needed.
@John McKernon I think it’s the security API that’s at fault here, when I ask it for valid identities (which are certificate and key pairs) it appears to sometimes over exaggerate the duplicates. I have deleted the one duplicate that was showing up 3 times in my Keychain and so I can’t test this anymore, but I do wonder if I simply grab the certificate serial numbers from valid identities, then request a list of certificates, I’m hoping it will give me the valid amount.
I have a bunch of things to do today, so I might not get it done today, but I will soon and then if you could test again I would appreciate it.
As for Roger’s problem, I think I know what it is now. It’ appears than his private key is missing. Next I need to figure out if his key is truly missing from his computer, or if the link between the private key and the certificate is simply broken and how on earth I can fix this, if I can at all.
That was easy… Way too easy…
https://developer.apple.com/library/content/documentation/IDEs/Conceptual/AppDistributionGuide/Troubleshooting/Troubleshooting.html
Which problem are you referring to? I didn’t see anything in the troubleshooting guide that mentions duplicates when the duplicates can’t be seen.
Found it, the default email address was just support@ohanaware (no .com, etc…).
Sending a new version - oh, and the new version also only preloads support@ohanaware.
[quote=314204:@Tim Jones]Found it, the default email address was just support@ohanaware (no .com, etc…).
Sending a new version - oh, and the new version also only preloads support@ohanaware.[/quote]
Thanks Tim, I’ll get on and fix that. Sorry for not noticing.
Okay, so yesterday I went to submit an update to the App Store and after 20 minutes from sending the application off for review, I got an e-mail to say that my application was rejected and is invalid.
When I went into iTunesConnect, it told me that my application wasn’t signed with “3rd Party Mac Developer Application” and I needed to sign and submit a whole a new build with the “3rd Party Mac Developer Application” identity.
I doubled checked it and sure enough it was signed correctly; even the codesign terminal command was reporting “3rd Party Mac Developer Application”.
Checked in Keychain Access, everything is hunky dory. So It appears I’ve now been hit by one of Apple’s code signing weird issues.
Rather than mess around trying to figure out what, I decided to purge all my code signing identities and re-install. I’ll write up what I did in a minute, this appeared to fix it. Although Apple once again rejected the binary as the build number was identical to a build I had already submitted to them.
Oh @Tim Jones , according to your diagnostics, Apple only wants you to make iOS applications from now on. No more Mac apps okay? I’m just kidding. Hopefully doing a purge and re-install will sort you out also.
So I’ve written up on my experience last night, hopefully it will help someone out there.
http://ohanaware.com/support/index.php?article=purge_and_reinstall_codesigning_identities.html
Thank you, Sam!
To @Jason Parsley - Sam’s article link should be a pinned article in the MacOS section.
Who is it at Apple that obviously gets paid by the word to write THEIR docs? Sam’s answered in paragraphs what Apple doesn’t explain in encyclopedias!
@Sam Rowlands - in the “Reinstall the Identities” section, I believe that you meant " (which may be all of them)" versus " (which may be all of the time)"…
One more piece I’m trying to figure out. I actually got tired of the games and reinstall OS X 10.12 on top of my existing system. That cleaned up a lot, but I’m still faced with “No root cert found” when I evaluate my 3rd party app developer certs for codesigning.
Any thoughts there?
lol… I’ve fixed it, it might take a while the update is queued behind everything else and we’re having some serious upload problems today, I’ve even tried using cellular.
Try here: http://www.apple.com/certificateauthority/
From what I can tell, you need:
- “Apple Worldwide Developer Relations Certification Authority”
- “Developer ID Certification Authority”
- “Apple Root CA”
But you could also grab:
- “Apple Application Integration Certification Authority”
- “Apple Timestamp Certification Authority”
Okay - dug deeper and it appears that because I had previously installed a Sierra Beta Developer Release on this system, it’s upset with me because I’ve installed and reinstalled the standard 10.12.3 user version. Now I can’t even open my mail …
Looks like a full format and reinstall in my immediate future 
[quote=314371:@Tim Jones]Okay - dug deeper and it appears that because I had previously installed a Sierra Beta Developer Release on this system, it’s upset with me because I’ve installed and reinstalled the standard 10.12.3 user version. Now I can’t even open my mail …
Looks like a full format and reinstall in my immediate future :([/quote]
Oh goodness me…