Last week we updated the Mac App Store app signing certificate. This was a planned event and most users experienced no issues. However, some users experienced some issues during this change. We have corrected those issues, and wanted to share this update with you.
In anticipation of the expiration of the old Mac App Store certificate, we issued a new certificate in September. The new certificate used the stronger SHA-2 hashing algorithm in accordance with current recommended industry practice, where the old certificate had used the SHA-1 hashing algorithm.
Unfortunately, a caching issue with the Mac App Store meant that some users had to restart their systems and re-authenticate with the Mac App Store to clear a system cache of some outdated certificate information. We are addressing this caching issue in an upcoming OS X update.
Also, some apps are running receipt validation code using very old versions of OpenSSL that don't support SHA-2. We addressed this by replacing the new SHA-2 certificate with a new SHA-1 certificate last Thursday night.
In addition to issuing the new certificate and addressing the Mac App Store caching issue, we have provided up-to-date troubleshooting information to the AppleCare support team.
Most of the issues are now resolved, though some apps may still experience receipt verification failure if their receipt checking code makes incorrect assumptions about the certificate. Please ensure your code adheres to the Receipt Validation Programming Guide and check that all receipt validation issues are resolved. If necessary, you may resubmit your app for expedited review in iTunes Connect.
We apologize for any inconvenience to you and your customers. If you have any questions, contact us.
Apple Developer Relations
Users browsing this forum: CCBot [Bot] and 0 guests