Xcode codesign failed with exit code 1; expired certificates causing ambiguous matches

If you work with Xcode code signing long enough you’ll run into an error like this:

/usr/bin/codesign failed with exit code 1

If you view the build results (Build->Build Results), and expand the error message (there is a little paragraph button on the right-hand side of the line) you may see something like this:

iPhone Developer: Firstname Lastname (hashcode): ambiguous (matches "iPhone Developer: Firstname Lastname (hashcode)" in /Library/Keychains/System.keychain and "iPhone Developer: Firstname Lastname (hashcode)" in /Users/username/Library/Keychains/login.keychain)
Command /usr/bin/codesign failed with exit code 1

You have two certificates, with the same unique identifiers. One is in your login keychain and the other is in your system keychain. The real problem is, you probably have an expired certificate conflicting with your active certificate.

See my video explaining how to fix Xcode codesign failed with exit code 1; expired certificates causing ambiguous matches. You can also follow along with the screenshots below.

You wouldn’t know it when viewing the Keychain Access app. When you view your login certificates it will probably look like everything is fine. Open Applications->Utilities->Keychain Access. Then select the login keychain and Certificates category. Everything will probably look fine.

Keychain login certificates

And when you view your system certificates, there won’t be anything there either. Select the System keychain and Certificates category.

Keychain system certificates with expired hidden

You have to show expired certificates. For some reason, this isn’t on by default. From the menu, choose View->Show Expired Certificates.

Keychain system show expired certificates

Then you will see the offending certificate with an onerous red x circle.

Keychain system with expired certificates visible

Just delete the old certificate and build again.

Keychain system delete expired certificate

I hope this saves someone some time.

More information:

About Eric Holsinger

Eric Holsinger is a mobile app developer and hobbyist photographer. He lives near the coast in Southern Maine with with his wife and son.

29 thoughts on “Xcode codesign failed with exit code 1; expired certificates causing ambiguous matches

  1. Thank you so much. I’ve been trying for hours to fix this issue, jumping through all kinds of hoops, deleting and re-downloading certificates, manually editing project files… and this was it.

    Why viewing expired certificates is only turned off be default in the System view of Keychain is beyond me. Uggh.

  2. That’s exactly what happened to me, too. I’m really glad it helped to share this information. It seems like the expired certs should get extra visibility, not less.

  3. THANKS TO YOU!!! I was going crazy trying to figure out what was wrong. You saved my monitor from any more verbal abuse… for the moment. :)

  4. Thank you SOOOOOO much!!! I have been cursing Apple for hours now lol. I even made a new project called F*** Y** Apple thinking it was a corrupted project :) It all works now!

  5. Thanks a lot for these steps. The view Show Expired Certs fixed my issue. I could have never figured that out..

    Thanks

  6. Thanks for the tip here! This head-scratcher was threatening to make me turn myself bald before my time. =)

  7. thank you very very very very very very very very very very very very very very very very very very very very very very very very very very very very very very very very very very very very MUCH

  8. Thank you a lot… the trick was really to delete the old certificate in the system section…

  9. thanks so much, but I had another twist. The KeyChain Access utility wouldn’t let me delete any of the duplicate certificates in the System keychain.

    I finally got it to work by rebooting the machine. I tried quiting everything and disconnecting the device, but nothing worked. This was with xcode 4.2 on leopard.

    At any rate, I decided to reboot and that cleared the problem – I was then able to clear the duplicate certs and compile my app.

    It is possible that kicking /usr/sbin/securityd might have worked as well.

  10. Thanks a lot!!. Excellent article and it solved our problem. We have wasted 3 days on this issue.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>