I just tried to submit an App to the MacOS store but it was rejected with the error:
WARNING ITMS-90722: "Certificate Expired. The signing certificate “C=US, O=“Xojo, Incorporated”, OU=6MG2NQJ3FZ, CN=“Developer ID Application: Xojo, Incorporated (6MG2NQJ3FZ)”, UID=6MG2NQJ3FZ” with serial number 6484063494613558584 used to sign Base64UI.app/Contents/Frameworks/XojoFramework.framework/Versions/A/XojoFramework has expired.
Yesterday I was able to upload the same project (with other issues). I’m using Xojo 2018r3 which is the latest version. Is there any chance to get a new vesion of the framework assembly?
Thanks in advance for any ideas.
You need to sign this again with your certificate including all plugins.
Sounds like he is inferring that it is an Xojo certificate that expired, not necessarily his own developer cert.
He is, but he should be signing the finished app with --deep to re-sign all parts with his cert.
Not should be. You shouldn’t sign for code you didn’t write.
However, re-signing the framework will resolve the original issue.
We always sign all parts of our apps so all files have same certificate.
And we remove i386 code parts from Xojo framework which breaks signature so we must resign it anyway.
[quote=413058:@Tim Parnell]Not should be. You shouldn’t sign for code you didn’t write.
However, re-signing the framework will resolve the original issue.[/quote]
I seem to remeber a conversion with an Apple engineer about this many years ago, where Apple do expect you to resign the whole package with your own certificate. As far as I recall the attitude is that youre accepting resonsibility for all included code within your application, even if you didn’t write it.