You can now easily request access to managed capabilities for your App IDs directly from the new Capability Requests tab in Certificates, Identifiers & Profiles > Identifiers. With this update, view available capabilities in one convenient location, check the status of your requested capabilities, and see any notes from Apple related to your requests. Learn more about capability requests.

General: Forums topic: Code Signing Forums subtopics: Code Signing > General, Code Signing > Certificates, Identifiers & Profiles, Code Signing > Notarization, Code Signing > Entitlements Forums tags: Code Signing, Signing Certificates, Provisioning Profiles, Entitlements Developer Account Help — This document is good in general but, in particular, the Reference section is chock-full of useful information, including the names and purposes of all certificate types issued by Apple Developer web site, tables of which capabilities are supported by which distribution models on iOS and macOS, and information on how to use managed capabilities. Developer > Support > Certificates covers some important policy issues Bundle Resources > Entitlements documentation TN3125 Inside Code Signing: Provisioning Profiles — This includes links to the other technotes in the Inside Code Signing series. WWDC 2021 Session 10204 Distribute apps in Xcode with cloud signing Certificate Signing Requests Explained forums post --deep Considered Harmful forums post Don’t Run App Store Distribution-Signed Code forums post Resolving errSecInternalComponent errors during code signing forums post Finding a Capability’s Distribution Restrictions forums post Signing code with a hardware-based code-signing identity forums post New Capabilities Request Tab in Certificates, Identifiers & Profiles forums post Isolating Code Signing Problems from Build Problems forums post Investigating Third-Party IDE Code-Signing Problems forums post Determining if an entitlement is real forums post Code Signing Identifiers Explained forums post Mac code signing: Forums tag: Developer ID Creating distribution-signed code for macOS documentation Packaging Mac software for distribution documentation Placing Content in a Bundle documentation Embedding nonstandard code structures in a bundle documentation Embedding a command-line tool in a sandboxed app documentation Signing a daemon with a restricted entitlement documentation Defining launch environment and library constraints documentation WWDC 2023 Session 10266 Protect your Mac app with environment constraints TN2206 macOS Code Signing In Depth archived technote — This doc has mostly been replaced by the other resources linked to here but it still contains a few unique tidbits and it’s a great historical reference. Manual Code Signing Example forums post The Care and Feeding of Developer ID forums post TestFlight, Provisioning Profiles, and the Mac App Store forums post For problems with notarisation, see Notarisation Resources. For problems with the trusted execution system, including Gatekeeper, see Trusted Execution Resources. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hi. How can I change to an Individual Membership? Or when the time comes to notarize the app I will distribute from my website can I do that as an individual?

I'm trying to register the App ID ai.mycompany.app under our company Apple Developer account, but the portal says: "An App ID with Identifier 'ai.mycompany.app' is not available. Please enter a different string." We own the domain mycompany.ai, and no app is published with this identifier (an App Store lookup by bundle ID returns no results). I believe it was auto-registered earlier by Xcode's automatic signing under my personal Apple ID while testing a build, not under our company team. So it's now holding the identifier globally but isn't in use. I have access to both accounts — my free personal Apple ID and our paid company Developer account. The problem: under the free personal account, the Identifiers list (Certificates, IDs & Profiles) is restricted — free accounts can't access it on the portal, so I can't see or remove the Bundle ID there myself. And from the company account it doesn't appear, since it's owned by the personal team. What I want: release/remove this Bundle ID so I can register it under our company Developer account. Questions: If a Bundle ID was auto-created under a free personal team, how can it be removed when free accounts can't access the Identifiers list? Is contacting Developer Support the only way to release it in this case? Once released, does the identifier become available immediately, or is there a hold period before another team can register it? Any guidance appreciated.

I'm hitting what looks like the same service-side notarisation issue reported recently (e.g. the "submissions stuck In Progress for days" thread / FB22939442), and would appreciate having my submissions looked at on the backend. Since 2026-06-25 ~12:00 UTC, every notarytool submission from my team goes to "In Progress" and never reaches a terminal state — no Accepted, no Invalid, no log (Submission log is not yet available, though info resolves the ID fine). The oldest is ~15 hours. Signing checks out: codesign --verify --strict passes and satisfies the Designated Requirement, hardened runtime with a secure timestamp, no get-task-allow, Developer ID Application. My builds notarised normally yesterday (e.g. 1ad9878b, Accepted 2026-06-24) — but those were on my previous Developer ID certificate. That cert's private key was lost (orphaned login keychain after a reboot), so I re-issued the Developer ID cert on 2026-06-25, and every submission on the new cert has been stuck since. Key data point: a trivial 5.8 KB signed "hello world" CLI binary (8c138308 below) also hangs "In Progress", so this is account/team-level, not app content. This lines up with the new-Developer-ID evaluation described in the Notarisation Resources Q&A, but several of mine are now past the usual window. Team: Creative Machines Limited (V95N2B8X7A) Feedback: FB23407538 Stuck submission UUIDs (oldest first): ef4af6d3-5750-4213-a108-584c75a861cc – 2026-06-25 ~11:59 UTC (oldest) 2d435abc-af77-4447-b2c8-94572b723f34 404a7d9d-9713-42df-99b6-1f144bc27ba1 8c138308-f23f-4df1-85f9-29095587f42b – the 5.8 KB hello-world This is the only blocker before I can distribute. Is there any way to get these specific IDs cross-referenced against the notary backend queue? Happy to share signed artifacts or the full notarytool poll log. Environment: macOS 26.4.1 (25E253), Xcode 26.5, notarytool 1.1.2 (41).

We are facing following message "A timestamp was expected but was not found" during codesign for following .dylib and .pkg and it cause notarization process failed. We are facing this issue for last 3 days and we have access for timestamp.apple.com and 17.0.0.0/8 and we didn't change firewall settings. We are facing this issue randomly and not for all time(scenario is 3:1). We tried the below command to sign the package, codesign --verbose --deep --force --timestamp --options=runtime --sign "<CODE SIGN IDENTITY>" <TO BE SIGNED PACAKGE> Kindly let us know how to fix this probelm.

Updating an App for the first time since 2011. Build, Analyze, Archive all successful. Automatically Manage Signing checked. Validation fails with 90286 - Invalid code signing entitlements, and 91130 - Invalid Provisioning Profile dozens of times after tweaks, clean builds, trying manual signing (thought I was done with that), etc. For 90286 it seems my Developer ID , e.g. 346JXXXXX (not Team ID, QZ99XXXXX) is the prefix for the bundle ID, com.company.app-name and that generates the error? For 91130 it's invalid "com.apple.application-identifier" which I assume is the same issue with a Developer ID instead of a Team ID. The original version of the app was QZ99XXXXX.com.company.app-name. I even changed the bundle identifier in Xcode to that, and got this: App Record Creation failed due to request containing an attribute already in use. The app name you entered is already being used for another app in your account. If you would like to use the name for this app you will need to submit an update to your other app to change the name, or remove it from App Store Connect. Yes, the original app name is being used for an app in my account. I was trying to update the app, checked all the boxes, added update text, but of course there was no build to upload. Would appreciate any help.

Hi, I am trying to build an installer package of an usual(?) format: it contains a binary that I am developing code signing and notarization is straightforward here. it contains a 3rd-party binary that is open source, code signed and notarized by this third party code signing and notarization is also straightforward here as it's already been done. it also contains a 3rd-party binary that is also open source, however, it is not code signed or notarized This last one is the subject of my question. It is a well-established project with thousands of stars on GitHub, however their own "installation method" is a shell script that downloads the binary, checks its checksum and just places it in the right location. When building an installer package (it's an installer package of these three binaries packaged - productbuild with --distribution flag) this binary needs to be code signed and notarized for Developer ID distribution. I trust this binary, however the chance of supply chain attacks is never zero. My questions are: How can I shield myself best against accidentally submitting a malicious version of this third binary via notarytool to Apple? Should I separately submit versions of this binary for notarization from submitting new versions of my app? This binary is bound to change way less frequently than the app I'm actually developing. I really don't want to risk termination of my Apple Developer account because it has many high-value applications available. I am doing some basics - matching the intended checksum before packaging, signing with the hardened runtime entitlement - but I would love to hear if there's other steps I can do to protect this pipeline and my company from accidents like these that may unintentionally damage our reputation. Thanks in advance!

Hello, I submitted a .pkg installer for notarization on 2026-06-23 at 05:26 UTC, and more than 24 hours later the status is still In Progress. This is the first time I notarize this particular software — a small, lightweight Adobe Premiere Pro plugin — so I have no previous turnaround time to compare against. From what I understand, notarization usually completes within minutes to an hour, so a delay of this length feels abnormal and I'm not sure whether it's expected. Submission details Submission ID: 28b6be07-6bf0-4456-b6f1-6c2f7da27409 Submitted (UTC): 2026-06-23 05:26:37 Tool: xcrun notarytool (authenticated via a stored keychain profile) Package: .pkg installer for a small Premiere Pro plugin Status: In Progress (never moves past this state) The build was submitted successfully with no error and returned a valid submission ID. Running notarytool log does not yet return a log, since processing hasn't completed. Questions Is there currently a known notarization backlog or service delay on Apple's side? Can a first-time submission for a given product take noticeably longer than usual (e.g. an initial review)? What is a realistic maximum processing time before a submission should be considered stuck rather than simply slow? Should I wait, or cancel and resubmit? I'd rather not create duplicate submissions if it won't help. Thanks in advance for any guidance. Best regards, Robin

Subject: Developer ID Notarization submissions stuck in “In Progress” for over 24 hours Developer Team ID: R6KKTZV8SL Environment: macOS 26.2 (Build 25C56) notarytool version: 1.0.0 (38) I am unable to complete notarization of any submissions. Affected submission IDs: 53fb3f5e-45e1-4435-9b46-6420d3fc1c98 Created: 2026-06-22T17:17:47.385Z Status: In Progress 37e99554-376f-419f-8648-cf8ba39ea1ff Created: 2026-06-22T18:13:35.034Z Status: In Progress 0af4a2be-aa8d-4bed-ab0b-173bd1b62538 Created: 2026-06-23T02:29:35.134Z Status: In Progress To rule out issues with my application bundle, I also submitted a minimal test archive (test.zip). That submission is also stuck in “In Progress”. The issue affects every notarization submission I have attempted. Commands used: xcrun notarytool submit … xcrun notarytool history –keychain-profile breather-notary xcrun notarytool info –keychain-profile breather-notary The submissions appear in history and info and remain in “In Progress”. Additionally, attempting to retrieve logs returns: “Submission log is not yet available or submissionId does not exist” Could you please investigate whether there is an issue with notarization processing for my team/account or a backend service issue affecting these submissions?

First-time notarization stuck 'In Progress' ~12h and appears to be blocking my account's queue. Submission ID: dc257767-a693-4382-88db-8ecf82994a0b Team ID: 83B3GJVFAS

General: Forums topic: Code Signing Forums subtopic: Code Signing > Notarization Forums tag: Notarization WWDC 2018 Session 702 Your Apps and the Future of macOS Security WWDC 2019 Session 703 All About Notarization WWDC 2021 Session 10261 Faster and simpler notarization for Mac apps WWDC 2022 Session 10109 What’s new in notarization for Mac apps — Amongst other things, this introduced the Notary REST API Notarizing macOS Software Before Distribution documentation Customizing the Notarization Workflow documentation Resolving Common Notarization Issues documentation Notary REST API documentation TN3147 Migrating to the latest notarization tool technote Fetching the Notary Log forums post Q&A with the Mac notary service team Developer > News post Apple notary service update Developer > News post Notarisation and the macOS 10.9 SDK forums post Testing a Notarised Product forums post Notarisation Fundamentals forums post The Pros and Cons of Stapling forums post Resolving Error 65 When Stapling forums post If your notary requests are stuck in the In Progress state, see my reply here. If your notary requests are failing with Team is not yet configured for notarization, see my reply here and also the follow-up here. Many notarisation issues are actually code signing or trusted execution issue. For more on those topics, see Code Signing Resources and Trusted Execution Resources. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

I've been trying to notarize an installer (.pkg file) on a new laptop. Previous versions have been notarized successfully on a previous Mac. However, in spite of having the required certificates (same as the old Mac, generated for the new Mac) the submission gets stuck at "In Progress". Doing it multiple times (even hours apart) doesn't help. Is there a FAQ / suggested list of steps to help resolve this issue? Here's what I see: xcrun notarytool history --keychain-profile "(my profile name)" results in (problem started with v4, the first version I've tried on this new Mac): createdDate: 2023-10-17T01:34:36.911Z id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx name: xxxxxxxxxx-v4.pkg status: In Progress -------------------------------------------------- createdDate: 2023-10-17T01:33:59.191Z id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx name: xxxxxxxxxx-v4.pkg status: In Progress -------------------------------------------------- createdDate: 2023-10-16T21:01:25.832Z id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx name: xxxxxxxxxx-v4.pkg status: In Progress -------------------------------------------------- createdDate: 2023-10-16T19:57:44.776Z id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx name: xxxxxxxxxx-v4.pkg status: In Progress -------------------------------------------------- createdDate: 2023-10-02T14:17:34.108Z id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx name: xxxxxxxxxx-v3.pkg status: Accepted -------------------------------------------------- createdDate: 2023-09-28T14:04:46.211Z id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx name: xxxxxxxxxx-v2.pkg status: Accepted -------------------------------------------------- createdDate: 2023-09-20T17:28:46.168Z id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx name: xxxxxxxxxx-v1.pkg status: Accepted -------------------------------------------------- xcrun notarytool log xxxxxxxxxxxxxxxxxxxx --keychain-profile "(my profile name)" results in: Submission log is not yet available or submissionId does not exist id: xxxxxxxxxxxxxxxxxxxxxxxx

Hi — multiple notarytool submissions from my account have been stuck "In Progress" for 60+ hours and never reach Accepted/Invalid. Apple's Developer System Status shows "Developer ID Notary Service" as operational, so this appears to be a backend/account processing stall rather than a public outage. This is blocking a product launch. Team ID: Q7FF775479 ("Developer ID Application: JUNSEN LIU", individual account). Submissions (all still In Progress): e9d00de6-074c-4818-a452-f765fa178a4e — 2026-06-19 06:07 UTC (current build) f02a0398-b6db-4ba0-8429-86a797bdc153 — 2026-06-18 23:21 UTC 8aa72d28-642a-466a-be85-181db125596b — 2026-06-18 04:40 UTC App: "Dollar Desktop Pet" 1.0.0 — a signed .dmg of a hardened-runtime, Developer ID-signed Universal (arm64 + x86_64) Electron app. Tooling: notarytool 1.1.2, Xcode 26.5, macOS 26.5. notarytool submit/history/info all work and list the submissions; status simply never completes, and notarytool log returns nothing. Could you please investigate why these aren't processing? I can provide the .dmg or any additional logs. Thank you.

I'm hitting what looks like a service-side notarization problem and could use a pointer on how to get it escalated. Over the past 3 days I've submitted 9 times with notarytool. Only 2 came back Accepted. The other 7 are stuck at "In Progress" and never reach a terminal state, no Accepted, no Invalid, no log (notarytool log says it isn't available yet), and no email. The oldest has been sitting ~71 hours. Signing checks out: codesign --verify --deep --strict passes and satisfies the Designated Requirement, hardened runtime with a secure timestamp, no get-task-allow, signed with my Developer ID, and the DMGs are signed before submission. The 2 submissions that completed were Accepted, so credentials and signing are fine. It really looks like the service just isn't processing most of my submissions. This is a newly enrolled account, and I've filed FB22939442 and have an open Developer Support case. Is this a known issue for new accounts, and is there a way to get these submissions looked at? Environment: macOS 26.2, Xcode 26.5, notarytool 1.1.2 (41).

Hello. I am developing our company's SDK for iOS as a third-party library. This SDK consists of a static library and header files wrapped within a framework (and wrapping the target-specific frameworks in xcframework). I understand that codesign is required even for static frameworks, is it correct? Should I update the distributed files when the certificate expires? Does this depend on whether it is static or dynamic? When is the signature verified?

Eons ago we were approved in the older entitlement method where we had to apply an Entitlement to our provisioning profile via a dropdown. We'd basically attach "Local Push Provider (Dist)" to our profile. That broke in May of 2025 when our fastlane process could no longer automate the creation of a provisioning profile with that profile attached. We learned the future was the capabilities so we submitted a request to migrate our Local Push Provider to a capability - https://developer.apple.com/contact/request/entitlement-migration-requests/ Meanwhile a new client wanted a white-labeled iteration of our app. So a new client requested the capability of Local Push via https://developer.apple.com/contact/request/local-push-connectivity and it worked in roughly 4 weeks. Their account now has "Network Extensions (additional values)" on the identifier which grants access to app-push-provider. Our build is fully automated - everything works. So we waited on our migration request and after months passed, we submitted in October of 2025 a new entitlement request for Local Push as our submit to migrate went stale. It never arrived again. So I started a case in 2026 roughly 6 months later - 102869206062. After many escalations I've been told: I wanted to provide an update to you regarding your entitlement request. It appears that your entitlement no longer requires a request. The channel you’ve reached is actually set up to provide administrative support to Apple Developers and those enrolled in the Apple Developer Program I just wanted to follow-up with you and ask you to please request the Network Extensions Entitlement again (19627183) It seems the overarching point is Network Extensions are no longer required for approval, but it seems app-push-provider (LocalPush) is. I don't want a random forum post to be a support thread. So looking for clarity on 2 points. Can you obtain app-push-provider (network extension) without Apple approval? Is this doc out of date? https://developer.apple.com/documentation/networkextension/local-push-connectivity To use the Local Push Connectivity API, your app must have the Network Extensions Entitlement with the app-push-provider value. Request this entitlement from the Entitlement Request Page. After you receive the entitlement, apply it to both your app target and your provider extension target. tldr; ➜ Desktop security cms -D -i match_ClientApp.mobileprovision| plutil -p - | grep 'push' 0 => "app-push-provider" ➜ Desktop security cms -D -i match_OurApp.mobileprovision| plutil -p - | grep 'push' ➜ Desktop

I am experiencing an issue where multiple notarization submissions remain in “In Progress” status for an unusually long time. Some submissions are approaching one week without any result. Current affected submissions: ID: 381ea19f-ed44-411b-a283-1dab2845538c File: test-signed.pkg Submitted: 2026-06-04 07:03 UTC Stuck for approximately 65 hours ID: 3ba2198a-fd72-4936-a197-c54d13ed728d Submitted: 2026-06-01 11:52 UTC Stuck for approximately 132 hours ID: bca23b30-e944-442b-8fde-041dd4f22d7b Submitted: 2026-05-31 15:14 UTC Stuck for approximately 177 hours ID: 5f923382-393a-485c-8eec-64bafac1be65 Submitted: 2026-05-31 15:07 UTC Stuck for approximately 177 hours The issue affects both production packages and simple test-signed packages. All submissions remain in the “In Progress” state and never move forward.

Issue: Multiple notarization submissions have remained "In Progress" for several days. Last successful submission: eb3d534a-cd69-4589-916b-8305c63429c2 Accepted on 2026-06-01 Affected submissions: 54123d59-6fcf-4358-b14c-fb2cbd1a6f84 5787259c-cad8-409a-9ca9-ead7cdcbfdd0 d069aeed-bc0c-46f9-ac83-facb00769d66 d2d483ad-55af-465b-aa5b-81e010eaf6fc 1575fc69-3ab8-47bb-a589-f8e6715068ab 7bee3edc-764b-422f-8722-727b51e46355 All submissions remain "In Progress". codesign verification passes successfully. Please investigate whether these submissions are stuck in the notarization service queue.

I've tried to notarize my app recently and got the error:{ "logFormatVersion": 1, "jobId": "...", "status": "Rejected", "statusSummary": "Team is not yet configured for notarization", "statusCode": 7000, "archiveFilename": "myapp.dmg", "uploadDate": "2019-06-20T06:24:53Z", "sha256": "...", "ticketContents": null, "issues": null }I've never heard about "team configuration for notarization" previously. What are the steps to resolve that issue?Thanks in advance.

Hi, I'm trying to archive my xcode project. There is a build error. Warning: unable to build chain to self-signed root for signer "Apple Development: JOHN WILLIAM BAKER (VCZ7S72JNR)"

I am trying to learn Swift in Xcode. I am using a SampleTrips project in order to use an SQLite database. Trouble is I don't know anything, I don't even now if I'm in the right forum. I muddled through a configuration but am stuck at this error: I don't know what any of this means or why it's necessary to learn Swift. Can anyone explain?