Skip to content
Home » safety – Why does code-signing id look revoked when utilizing SSH, however good when utilizing Terminal app?

safety – Why does code-signing id look revoked when utilizing SSH, however good when utilizing Terminal app?


Drawback

If I SSH to the mac remotely from one other laptop, then view legitimate code-signing identities, I get CSSMERR_TP_CERT_REVOKED, as seen under.

# executing remotely in an ssh session

% safety find-identity -p codesigning -v my.keychain
Coverage: Code Signing
  Matching identities
  ...
  14) A5D306527C135180E1313619AD54C1890ABBFF81 "Apple Distribution: Firm Inc. (TEAM_ID_VALUE)" (CSSMERR_TP_CERT_REVOKED)
  ...
  Legitimate identities solely
  ...
  14) A5D306527C135180E1313619AD54C1890ABBFF81 "Apple Distribution: Firm Inc. (TEAM_ID_VALUE)" (CSSMERR_TP_CERT_REVOKED)
  ...

However once I run the identical command above to view legitimate code-signing identities, I do not see CSSMERR_TP_CERT_REVOKED.

# executing from the Terminal app within the mac itself

% safety find-identity -p codesigning -v my.keychain
Coverage: Code Signing
  Matching identities
  ...
  14) A5D306527C135180E1313619AD54C1890ABBFF81 "Apple Distribution: Firm Inc. (TEAM_ID_VALUE)"
  ...
  Legitimate identities solely
  ...
  14) A5D306527C135180E1313619AD54C1890ABBFF81 "Apple Distribution: Firm Inc. (TEAM_ID_VALUE)"
  ...

Query

Why does CSSMERR_TP_CERT_REVOKED present solely once I run the safety find-identity command remotely by way of SSH? How can I take away it if doable?

My hunch tells me that it has extra to do with SSH than the certificates truly being revoked. However I do not the place else to search for clues.

What I attempted

  1. I checked the certificates from the Keychain app of the mac. It reveals the certificates is legitimate, with a inexperienced checkmark.
  2. I checked the certificates belief settings. Even when I set it to “at all times belief”, the CSSMERR_TP_CERT_REVOKED nonetheless reveals.
  3. I attempted locking and unlocking my.keychain from the SSH session, however the CSSMERR_TP_CERT_REVOKED nonetheless reveals. Unlocking the login.keychain too does not assist.
  4. I attempted safety set-key-partition-list ... from the SSH session, however CSSMERR_TP_CERT_REVOKED nonetheless reveals.
  5. I appeared into variations in setting variables utilizing printenv between SSH and the Terminal app, however I do not suppose there’s something related.
Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *