In the App Wrapper help (which is also available here Certificate Issues) there is a section on how to handle missing private keys.
1 Like
Iâve been following the various suggestions, the most recent is the Missing Private Key issue. I followed that on my Mac Mini with Big Sur (itâs an M1 system). I got the following. I also notice that the Keychain Access looks a bit different that pictured in the recommendation.
macOS version 11.6 (build 20g165)
Xcode and required tools check
0 /Applications/Xcode.app 13.0 (13A233)
0 /usr/bin/codesign 30.100.2
0 /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate 986.0
0 /usr/bin/productbuild 763.0
0 /usr/sbin/spctl 313.140.4
0 /Applications/Xcode.app/Contents/Developer/usr/bin/stapler 34.0
0 /Applications/Xcode.app/Contents/Developer/usr/bin/altool 405.39
0 /Applications/Xcode.app/Contents/Developer/usr/bin/iTMSTransporter
0 /Users/Shared/awhelper 342.2.2.3.4
Xcode licensed: YES
â Stephen Batson (48P7XD57H7)
WA! 2026-10-21 login-db âDeveloper ID Applicationâ MIssing Key
â Intermediate authority certificates
â 2023-02-07 System âApple Worldwide Developer Relations Certification Authorityâ 134752589830791184 Good
âDeveloper ID Certification Authorityâ was not found on this Mac, it may be âSystem Rootsâ keychain where AW canât access it.
If you view your Developer ID Application certificate in Keychain Access, is there a disclosure arrow by it that, when opened, shows a child of your certificate name with a key icon? If not, the certificate is not installed correctly.
1 Like
FYI: Even after these years it is unclear to me how this happens, it typically occurs when people apply a major OS update.
If re-downloading the code signing certificates doesnât help (make sure you remove the broken one for Keychain access first to avoid confusion). Try re-creating the certificates by using the following guide.
If you need to re-create certificates (Missing Private Key), itâs a bit more complicated, but not too difficult.
- Open âKeychain Accessâ, select âKeychain Accessâ on the menubar, then select âCertificate Assistantâ â âRequest a Certificate from a Certificate AuthorityâŠâ.
- In the next window, enter in your Apple account e-mail address.
- Select âSaved to diskâ under âRequest is:â, then click âContinueâ.
- Save it somewhere you can easily get to.
- Visit developer.apple.com/account/resources /certificates/.
- Click on the bright blue â+â icon, select the certificate type and click on âContinueâ.
- Choose the file you created in step 4, click on âContinueâ.
- Follow the on-screen instructions to be able to download the newly created certificate.
Please note that I have been recommend by a friend inside of Apple to apply for a special program, that once approved it should allow me and App Wrapper to handle the creation of certificates and various other services that are going to be needed in the next few years to dsitribute Mac applications.
It will take time for approval and a serious amount of time to implement (especially as Iâll need to fully understand the system before I can design it).
At some point, I probably need to go through all the screenshot in the help and update them. Right now I am working on the next incoming change for the App Store 
The days I have wasted trying to understand which certificate and provision is valid and which is not.
Doesnt seem to be a way to say âclear the lot and give me a working setâ
Letâs face it, it would a lot easier if Apple , having granted dev access, gave us a âone clickâ screen that downloaded all the possible provisions and certificates in a bundle. (Even if it included stuff for Apple watch or TV, so what)
And another one click to revoke and rebuild if we (for example) change our dev machines.
Yesterday I had an email to say new T&Cs had to be signed. Unusual to be notified.
(If you dont notice new agreements are required and havent agreed to them, stuff stops working just when you need it. )
When I got to the Apple site to agree again , the dialog that offers the new terms and asks me to confirm, was too large to fit on the âdefault for displayâ size of my 13inch MBP
Had to change the screen resolution to its highest in order to be able to reach the âOKâ button!
2 Likes
So true⊠(and shouldnât be)
Apple made its processes more bureaucratic than getting an authorization for anything in the 60âs Russia.
1 Like
On my Catalina system that doesnât have Xcode on, itâs exactly as you describe. On my Mac mini with Big Sur where I installed Xcode and then downloaded and installed the Cert more than once, Iâm not seeing the disclosure arrow.
I was beginning to think it was just me. I suspect Apple is making it harder than it needs to be for some self serving reason. They certainly could make it simple and quick if they wanted to.
Itâs making me wish I hadnât joined the developer program.
AFAIK, you have to have two developer certs and one app-specific password. I feed this into AppWrapper and code-sign my app. Then I make up a dmg containing the code-signed app, plus docs. AppWrapper can then submit the dmg to Apple for notarisation.
After that I can distribute to people via my website.
What is dopey is that (a) I require two different certs (why?), and that (b) I have to go to a different other website from (a) to get the app-specific password. Then thereâs (c) as I already mentioned that changing the AppleID invalidates the p/w from (b). En plus, the error messages one gets (from Apple, not Sam 
) might as well, for the most part, be in Klingon.
Iâm hoping that Sam can get âinsiderâ access so that AppWrapper can become a soup-to-nuts application to cover all these steps. Iâd certainly be queuing up to buy that. I donât object to the security concept per se, just the implementation of it.
2 Likes
This is good! You can backup the signing identity from your Catalina installation and then re-install it on your macBS install.
- Find the Certificate in Keychain Access.
- Confirm it has the disclosure arrow and that the key is revealed on expanding the disclosure arrow.
- Right click on the Certificate and select âExportâ.
- Save it somewhere and enter in a password of your choosing, you are not to use the combination from my luggage 12345.
- Copy that file to your macBS installation.
- Double click it to import it into Keychain Access, enter your password.
- Rejoice, or burn the whole fudging thing to the ground and become a farmer instead.
2 Likes
Thanks Sam, Iâll give this a shot.
Ok, I tried that. It looks like the cert went in with some success. I deleted the failed copies in the keychain and the imported from the export per your suggestion. I still canât get Appwrapper to come up with a good check result. Iâm not quite ready to become a farmer though 
Hereâs screen shots of the keychain on my Mac mini with Big Sur and the check in Appwrapper.
Entitlements Warning. This is simply to alert you that you havenât specified any entitlements yet. This may affect the functionality of your application, so test your application and if everything works as expected, you can ignore this warning.
Authority Certificates Warning. This is just to let you know that App Wrapper canât verify the Authority Certificate as the system wonât give it to App Wrapper, which means itâs probably in the âSystem Rootsâ keychain which is protected from 3rd Party Applications. As your certificate passed the trust evaluation, I would imagine that the authority certificate is fine and working (I may have found a security hole that will allow me access to the certificate), which Iâll explore in a newer version.
Thanks SamâŠso my question is, why would the Cert go where it canât be accessed? Iâm assuming this Appleâs fault, but it seems like a pretty lame one if it is.
No Worries.
This certificate is not the one you downloaded, itâs a certificate that helps to validate the one you get when you join Appleâs developer program. Theyâre included as part of the OS. Why Apple puts them where I canât access them, I honestly donât know.
I would guess that some bright spark thought it was a good idea, without being aware that 3rd Party Apps may want to access this certificate, in order to validate it as part of troubleshooting a code signing process.
Apple PJ does a lot of things where it doesnât consider why things were done differently in the past.
So I wonder how others here arenât having the same issue.
Providing everything works, there technically isnât a problem.
Iâm just trying to collect and display enough information for when it doesnât work, it can hopefully provide enough information to it easier for me to understand the problem, to which I can then update the UI to make it easier for customers to understand the problem and potentially solve the issue themselves, which saves everyone time.
4 Likes
Now you know why we all recommend App Wrapper, Samâs support is above and beyond.
8 Likes
+1000
It is fair to say that if it wasnt for Sam, I may not have still been in business.
3 Likes