Codesign and Ambiguos identity, matches "Mac Developer" and "iPhone Developer"

Ambiguous Certificates

This happens when two certificates of the same identity are present in the keychain:

The codesign tool requires there only be one.

NOTE: The mention of ldid in your question might need a bit more clarification as to how it relates to your Apple issued codesigning certificates, or what the concern there is exactly.

Duplicate certificates sometimes appear in the keychain as a result of one being expired which was never removed. Apple has some instructions for resolving such issues, although you might need to go a bit outside the normal procedure for resolving it if the following doesn't work:

  1. In Keychain Access, make sure your "View" menu > Show Expired Certificates option is turned ON
  2. Click the "Certificates" 'Category' and then click through every one of the keychains you have listed in your 'Keychain' sidebar in Keychain Access. If you see any duplicates, even expired certificates, delete those duplicates.
  3. Click the "Keys" 'Category' in Keychain Access.
  4. Navigate through every keychain looking for and deleting any "Orphaned Keys" that have the same Common Name as the affected certificate. Orphaned keys are ones that are not bound by a Disclosure Triangle to an iPhone Developer or iPhone Distribution certificate that currently exists in the keychain.
  5. If you found and removed any extra keys or certificates, please reattempt your build.
  6. If the issue persists after removing all active or expired duplicate certificates or keys by the same common name, you might try removing all existing signing certificates and keys and replace them with new ones using the steps in How do I delete/revoke my certificates and start over fresh?.

  7. Finally, if the error persists even after creating new certificates, please control-click on the affected certificate in Keychain Access, choose "New Identity Preference" and click the 'Certificate' field. If you see duplicate certificates listed in here, this is an known and uncommon issue with Keychain Access. To work around the problem, try the following:

    Keychain Access > Edit > Keychain List, uncheck "Shared" for the login keychain.

If going back into the Keychain List you find the login keychain is still marked as Shared, create a backup of the following files and then remove them if they exist:

    /Library/Preferences/com.apple.security-common.plist
    ~/Library/Preferences/com.apple.security.plist

Then retry your build...

If you fail to resolve the issue by the steps above then try searching for one of the certificates listed in the error message. Once you find the certifcate in question delete either the expired one, or the one that is conflicting with the one you need.

Multiple Codesigning Certificates (not duplicates)

If you have multiple codesigning certificates you will want to specify which one to use (if codesigning from the command line) by using the -s option:

codesign -s <certificate name> -vvvv foo.app

-s, --sign identity Sign the code at the path(s) given using this identity. See SIGNING IDENTITIES in man codesign.

Optional:

-v, --verify Requests verification of code signatures. If other actions (sign, display, etc.) are also requested, -v is interpreted to mean --verbose.

For example, in your case:

codesign -s "iPhone Developer: John Doe" cryptest.app

Tags:

Ios

Code Signing

Jailbreak

Recent Posts