Friday, June 7, 2013


While building one of my Mac apps this morning, codesign failed with the error “CSSMERR_TP_NOT_TRUSTED.” Apparently this has been happening since last night. Rich Siegel says that there’s a problem with Apple’s timestamp server and that you can work around it by adding --timestamp=none to codesign’s arguments; this disables the use of timestamp services. This is better than disabling code signing entirely, but you can’t ship an app built this way. I wonder how many people realized that even if you’re using Developer ID certificates and Gatekeeper rather than the Mac App Store, you’re still dependent on Apple’s servers to be able to ship your app. Luckily, in this case, the server is back up now.

3 Comments RSS · Twitter

Apple’s server is used to provide a signed date stamp (proving date of signing).

This is needed if the key should later be revoked or expire. Here a system can choose to still trust a signature if it was made long before the key expired, hence why a third party is required to validate the date of signing.

As long as the key hasn’t expired, there should be no issue with shipping an app without a date stamp, and quite sure I have shipped a few builds without the signed date stamp.

@Allan Thanks for that explanation. The “can choose” part is subject to change, but it’s good to know that currently this works. It looks like my Developer ID certificate doesn’t expire until 2017.

The important thing to remember is that according to Apple, the codesign server has never and will never be down. It's always your fault when the codesigning process fails.

Leave a Comment