Which app payments fail? Why

Certificates

Membership in the Apple Developer Program is required to request, download, and use the signature certificates issued by Apple.

Use certificates

Xcode is typically the preferred method for obtaining and installing digital certificates. However, in order to be able to request certificates for services such as Apple Pay, the Apple Push Notification Service, Apple Wallet and Mobile Device Management, you must request and download them in your developer account under Certificates, Identifiers & Profiles. Distribution certificates can only be requested by account holders and administrators.

For more information on using signing certificates, see Xcode Help.

Protect account and certificates

Your Apple ID, login information, and related account information and materials (such as Apple Certificates for distribution or submission to the App Store) are sensitive materials used to verify your identity.

  • Keep your Apple ID and login details secret and do not give them to anyone. For more information, see Security and your Apple ID.
  • Don't give Apple Certificates to anyone outside of your organization. For information about how to securely share it with trusted team members in your organization, see the Xcode Help Guide under Signature Management.

Expired or revoked certificates

  • Certificate for Apple Push Notification Service
    You can no longer send push notifications to your app.
  • Certificate for the Apple Pay payment processing
    Apple Pay transactions in your apps and websites fail.
  • Certificate for the Apple Pay merchant identity
    Apple Pay transactions on your websites are failing.
  • Certificate for pass type ID (wallet)
    If the certificate expires, any passports already installed on the user's device will continue to function normally. However, you can no longer sign new passes or send updates to existing passes. If your certificate has been revoked, your passports will no longer work properly.
  • iOS Distribution Certificate (App Store)
    If your Apple Developer Program membership is valid, your existing apps in the App Store will not be affected. However, you can no longer upload new apps or updates to the App Store that have been signed with the expired or revoked certificate.
  • iOS sales certificate (in-house or internally used apps)
    The users can no longer run apps that were signed with this certificate. You need to distribute a new version of the app that is signed with a new certificate.
  • Mac App Sales Certificates and Mac Installer Sales Certificates (Mac App Store)
    If your Apple Developer Program membership is valid, your existing apps in the Mac App Store will not be affected. However, you can no longer upload new apps or updates to the Mac App Store that have been signed with the expired or revoked certificate.
  • Developer ID application certificate (Mac programs)
    If your certificate expires, users can still download, install, and run versions of your Mac programs that were signed with that certificate. However, you will need a new certificate to sign updates and new programs. If your certificate is revoked, users will no longer be able to install programs that were signed with that certificate. If your Mac program uses a Developer ID Provisioning Profile to take advantage of more advanced features such as CloudKit or push notifications, make sure that your Developer ID Provisioning Profile is valid so that installed versions of the program can run. Additional Information.
  • Developer ID Certificate for Installers (Mac Programs)
    If your certificate expires, users of your Mac programs will no longer be able to launch installer packages signed with that certificate. Previously installed apps will continue to work. However, it is not possible to install new apps until you have signed your installer packages with a valid Developer ID installer certificate. If your certificate is revoked, users will no longer be able to install programs that were signed with that certificate.
  • Apple Worldwide Developer Relations Certification Intermediate Certificate
    The Apple Worldwide Developer Relations Certification Authority issues certificates that developers use to sign third-party apps and Safari extensions and are used for Apple Wallet and the Apple Push Notification Service.

    The current Apple Worldwide Developer Relations Certification Intermediate Certificate expires on February 7, 2023. The renewed certificate is used to enroll new iOS sales certificates issued after September 2, 2020 for the Apple Developer Enterprise Program. The remaining certificates for all program types will be updated in the foreseeable future, and this page will be updated with information on additional changes to the certificates. More information.

Note: Apple may revoke digital certificates at any time in its sole discretion. For more information, see the Apple Developer Program license agreement in your developer account.

Compromised certificates

If you suspect that your passport ID certificate or Developer ID certificate and private key have been compromised and you want to revoke the certificate, send an email to [email protected] You can still develop and distribute passes by requesting another certificate from your developer account.

I received the following error message: "Xcode could not find a valid private-key / certificate pair for this profile in your keychain".

This error message indicates that either the public or private key for the certificate you are using to sign your program is missing from the system's keyring.

This often happens when you try to sign and develop your program on a different system than the one you originally used to obtain the code signing certificate. It can also happen if your certificate has expired or been revoked. Verify that your app's provisioning profile has a valid code signing certificate and ensure that the system keyring includes this certificate, the private key originally used to create this certificate, and the WWDR intermediate certificate.

Instructions on how to resolve this error can be found on the code signing support page.

What happens to my Developer ID signed programs when my Apple Developer Program membership expires?

When your membership expires, users can still download, install, and run your programs that are signed with the Developer ID. However, once your Developer ID certificate expires, you will need to be a member of the Apple Developer Program to receive a new Developer ID certificate for signing updates and new programs.