Error signing apps in build step

I just removed all the certificates from Keychain and downloaded them from the Apple developer account.

I am now getting the following error when building a Mac app.

Error signing application: MyProfile: ambiguous (matches Developer ID Application and 3rd Party Mac Developer Application

Anyone know how to resolve this???

That means you have two in your keychain with exactly the same name. You’ll need to remove one.

If I look in Keychain, there is only one of each of the following:

3rd Party Mac Developer Application
Developer ID Application
Developer ID Installer

All for the same profile. However, when I look at XCODE, my account shows more than one. Is there some way to remove a certificate in XCODE?

You may have used only your name, best is to use the id, which you find in keychain access in paranthesis behind an entry.

greetings, Thomas

I’m going to suggest this format:

Developer ID Application: Your Name (TEAMID)

For instance, when I click on the certificate, this is what I see (redacted)

That top line that starts with Developer ID is selectable. Just copy that line and paste it into the IDE.

1 Like

I actually left that part out of my post, but it’s there.

Developer ID Application: PRO-WARE, LLC (dkdkdkdkdk)

All of them have the same ID in parentheses.

Right, but did you put the whole string into the IDE? Using just the 10 char Team ID is certainly a good way to get the error about ambiguity.

Sorry, my tipp was plain wrong, had the impression, that it worked good in my tests. But can’t, if the id is always the same… :roll_eyes:

Greg, you’ve been extremely helpful in your responses and I really appreciate it. Not sure how to resolve this. I re-added my certificates to my keychain and when I add the account ID to xojo to sign the app, I get the following screen. I’m quite sure this is an internal problem with keychain and I’d like to delete the whole thing and re-create it, but I’m not sure that would even fix it. Any ideas?

I did add both the name and ID to the sign field in xojo.

Could you show us a screenshot of what’s in the DeveloperID field of the Sign Step in your Xojo Project? That dialog makes it seem that what you’ve put in there is simply:


where what you really need is the full string:

Developer ID Application: PRO-WARE, LLC (##########)

The error you are seeing is very similar to what I get when I just enter my name instead of the whole string:

Greg, here is a screenshot of:

Keychain Access
Sign setting in my project
Error message when it gets to signing in the build process

Ah… but the error has changed now. I think that’s a problem of mismatched signatures.

You need to actually sign the things that are in the frameworks directory. Where did that libgzip file come from?

You’re right it did change after I copied certificates that were created earlier than the most recent.

The file that it has an issue with is one of the Enhuger plugins. Never caused an issue before.

Well something has changed, but as I said before, everything in your bundle needs to be signed with the same certificate(yours) or you’ll keep getting errors.

Greg, we have our own app to code sign and it now generates this error when trying to code sign. Naturally, it is not code sign in the build process, so I tried to run our app to see if it would code sign and here is the error it generates. Not sure if this provides any enlightenment to the issue.

My guess is that you’re missing one of the Apple WWDR intermediate certificates. I just went through this myself when I was doing the work on the web MapKit JS control because Xcode refused to download the updated certs.

It would be helpful if you could do a verbose manual sign on your app though just to see what the full errors are. IIRC:

codesign -vvvv -s "Developer ID Application:..." --force <path to app bundle> --deep

Now technically you shouldn’t use --deep any more, but for the purposes of this experiment, it should tell us what we need.

Ultimately you really should be iterating over each of the dylibs and frameworks that are in the Frameworks directory and any binaries that are in the Helpers directory within the bundle and then signing the bundle itself, without the --deep option.

P.S., please copy & paste the result into a code block here. The screenshots are less than optimal for analysis.

Greg, I intercepted the first code sign command in our app and just ran it in terminal and then did a screenshot of the results of that command. Looks like the same message I provided before.

Others had this issue, too, years ago. May the tipps in this Apple Forum thread can help.

Thomas, thank you for the link. It actually contained the fix that worked for me. It’s at the very end of the thread.

So here is what I did. I removed my account from XCODE. Opened Keychain Access and set all the Trust settings to “Use System Defaults”. Voila, I am now able to code sign my Mac apps.

Mine were set to “Always Trust” and I guess that’s not what it should be.