I have an Apple Developer account as an independent developer and I also recently became the agent and developer of an Apple Developer account for a company that is independent of my activities as an independent developer. In creating certificates for the company account in Xcode, the distribution certificate was created with the company name whereas the development certificate was created in my name. This is a problem in Xojo because if I select my name as the team in the IDE it signs it for my individual account and if I select the company name it says I need a development certificate because the development certificate is not in the company name. I have been unable to create a development certificate in the company name either through Xcode or the Apple Developer website. I sent a support request to Apple about the problem but haven’t heard back yet. I am unable to build the company app for the app store in Xojo thus far. Has anyone else run into this problem?
How about using a VM for signing or a different computer? Yeah, I’d imagine that this is annoying but a workaround is better than nothing.
You could try creating one of the development certificates with an extra space between your first and last names or something like that.
from man codesign
I think you can provide the SHA-1 hex hash of the certificate you want to use? Perhaps you could also simply remove from the keychain the one you don’t want to use…
SIGNING IDENTITIES
To be used for code signing, a digital identity must be stored in a keychain that is on the calling
user's keychain search list. All keychain sources are supported if properly configured. In particular,
it is possible to sign code with an identity stored on a supported smart card. If your signing iden-
tity is stored in a different form, you need to make it available in keychain form to sign code with
it.
If the --keychain argument is used, identity is only looked-for in the specific keychain given. This is
meant to help disambiguate references to identities. Even in that case, the full keychain search list
is still consulted for additional certificates needed to complete the signature.
The identity is first considered as the full name of a keychain identity preference. If such a prefer-
ence exists, it directly names the identity used. Otherwise, the identity is located by searching all
keychains for a certificate whose subject common name (only) contains the identity string given. If
there are multiple matches, the operation fails and no signing is performed; however, an exact match is
preferred over a partial match. These comparisons are case sensitive. Multiple instances of the
exactly same certificate in multiple keychains are tolerated as harmless.
If identity consists of exactly forty hexadecimal digits, it is instead interpreted as the SHA-1 hash
of the certificate part of the desired identity. In this case, the identity's subject name is not con-
sidered.The problem is the way Apple issues the certificates. Development certificates are issued to the names of the people who are listed as developers for the business account. It will issue a distribution certificate in the business name but not a development certificate. The developer ID is different for the two development certificates in my name but I don’t have the option in Xojo to choose among different certificates at that level.
I tried deleting my individual developer certificates from the keychain but that didn’t resolve the problem because it appears that Xojo expects the developer cert and the distro cert to have the same name but that is not the case for business accounts. For some reason, Apple creates the distro cert in the company name and the developer cert in the name of an individual developer from the team member list. There is a development profile for the company account but the cert is in my name and not the company name, which doubles as the team name. I have no idea how to resolve this problem within Xojo. I’m still waiting on an answer from Apple regarding the way the certs are created for business accounts.
I finally got this sorted out and it turned out to be the App ID wildcard issue rather than a certificate name issue. I had to create a distribution profile, development profile and adhoc profile all using an App ID of * before it would finally sign the app.