Closed DrFriendless closed 2 years ago
tomasmcguinness
commented
2 years ago You're not being an idiot. I've run into this, as have many others. At present, only the G1 WWDR certificate is accepted. I need to add some clarity to the error message. You must use the Worldwide Developer Relations - G1 (Expiring 02/07/2023 21:48:47 UTC)
safonovklim
commented
2 years ago +1 but I have OU = G4. @DrFriendless do you sign pass with WWDR G1 or G3?
tomasmcguinness
commented
2 years ago It seems that Apple have changed the WWDR cert they sign their Passkit certificates. See #15 - I'll try and make time this week to update the validator.
pkpassvalidator checks that the WWDR certificate subject is "CN=Apple Worldwide Developer Relations Certification Authority, OU=Apple Worldwide Developer Relations, O=Apple Inc., C=US". However this is the WWDR certificate I have, which has a different OU. Have they changed it? Or am I some sort of uninformed idiot? Your code identified another reason for my pass to not be accepted, so I'm going to fix that and see whether my pass starts working.
Certificate: Data: Version: 3 (0x2) Serial Number: 7c:af:69:0a:25:b7:39:fe:7b:9b:44:7a:c1:78:c5:ee Signature Algorithm: sha256WithRSAEncryption Issuer: C = US, O = Apple Inc., OU = Apple Certification Authority, CN = Apple Root CA Validity Not Before: Feb 19 18:13:47 2020 GMT Not After : Feb 20 00:00:00 2030 GMT Subject: CN = Apple Worldwide Developer Relations Certification Authority, OU = G3, O = Apple Inc., C = US