How to Fix iOS Application Code Signing Error?

How to Fix iOS Application Code Signing Error?

I tried to fix this issue that was a nightmare for me during all the last week and fixed it at the end of the long endeavor. It wasn?t a common solution.

Do you really need to this article for fixing?Maybe.

Because during the investigation, I?ve read too many forums (include Chinese ones. but not read, only look :)), articles, StackOverflow entries etc. but none of them could help me. Therefore I want to create a fixes compilation for this issue.

Before the start, you can find my scenario in the following.

I have a Cordova application and generate a build via Cordova CLI. But generally, this isn?t different than the native ios application build. Actually, It was working correctly until the MacOS and XCode updates.

Image for post

After the Mojave and XCode 10 updates, I can?t generate a build on the Jenkins. In the following error was appeared continuously. This is the keychain and certificate dependent issue exactly.

……….errSecInternalComponentCommand /usr/bin/codesign failed with exit code 1

We can start to solutions. You should know those common solutions are at the beginning of the list.

Image for post

Common Solution 1: Check Valid Certificate

You should check the keychain to the valid certificate is added correctly. You can do it via the Keychain Access app or the following command via terminal.

security find-identity -vp codesigning

Your certificate must be in the result. If not, please remove and add your certificate to keychain again.

Common Solution 2: Lock and Unlock Keychain

Another most common solution in here. Run following commands in the terminal. You should add your own keychain name and password.

security lock-keychain temp.keychainsecurity unlock-keychain -p p@ssw0rd temp.keychain

In this case, using the keychain name is ?temp? and its password is ?p@ssw0rd?. Also, you can find keychain?s full path in the following command and it can be used instead of the keychain name (temp).

security list-keychains

Common Solution 3: Restart Machine

It can be seen as funny but this solution high upvoted on most of the websites. If you add the new certificate, restarting the machine can be useful. You can use the following command to restart.

sudo reboot

Common Solution 4: Set Keychain Password to Partition List

This solution is fixing password prompt issues. In some cases, codesign waiting for the keychain password from the prompt but remote access doesn?t have this feature. Therefore, generally, the code signing process completed unsuccessfully.

security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k p@ssw0rd /Users/ceyhunkeklik/Library/Keychains/temp.keychain-db

You can find keychain?s full path with the method that was described in ?Common Solution 1?.

My Case?s Solution: Check and Remove Duplicated Private Keys

In my case, temp keychain had a valid certificate and its private key. I don?t know why but ?System? keychain had a private key that related to my valid certificate. I?ve checked all private keys in all keychains and removed all duplicated keys from irrelevant keychains. Also, I?ve removed all expired certificates if any.

I guess these duplicates was appeared due to Mojave update but really I don?t know why.

Conclusion 🙂

Image for post

22