~/fix/"iPhone Distribution certificate is not trusted" — fix
2026·04·20
fix20 April 2026#app-development

"iPhone Distribution certificate is not trusted" — fix

Why Keychain Access flags your iPhone Distribution certificate as not trusted and the right way to repair the trust chain instead of overriding it.

TL;DRYour Mac is missing one or more Apple intermediate CAs that chain your Distribution certificate up to the Apple Root CA. Install Apple Worldwide Developer Relations CA — G3 (or whichever generation Apple used to sign your cert) into the System keychain set to "Use System Defaults". Don't manually mark the cert as 'Always Trust' — that masks a real chain problem and breaks CI later.
iPhone Distribution: <Team> — This certificate is not trusted

Why this happens

Your distribution certificate is signed by an Apple intermediate CA (currently "Apple Worldwide Developer Relations Certification Authority — G3"), which is in turn signed by the Apple Root CA. macOS ships with the root, but intermediate CAs are installed lazily — usually on first Xcode launch. If Xcode hasn't run on this Mac, or it ran with an unexpired version of the WWDR cert that has since been replaced, the chain breaks.

Fix it properly

  1. Download the current intermediate from https://www.apple.com/certificateauthority/ — at minimum `AppleWWDRCAG3.cer`. Apple may have rolled to G4/G5 by the time you read this; install whichever current generations Apple lists.
  2. Double-click the .cer file. Keychain Access will offer to add it. Add to **System** keychain (not login).
  3. Open Keychain Access → System → Certificates → find the WWDR cert → Get Info → Trust → set "When using this certificate" to **Use System Defaults**.
  4. Quit and re-open Keychain Access. Your distribution certificate should now show a green checkmark, not a red X.

What NOT to do

Don't right-click your distribution certificate → Trust → "Always Trust". That globally trusts that one cert regardless of chain validity, masks a real CA-chain problem, and frequently breaks `xcodebuild` on CI because CI machines won't have the override and will fail with the same error you 'fixed'.

If the chain is fine but the error persists

Check date and time on the Mac. Certificate validity is wall-clock-sensitive. A Mac with a wrong system clock (common after CMOS battery failure) will treat valid certs as expired or not-yet-valid. Run `sudo sntp -sS time.apple.com`.

Edge cases I've hit on real engagements

  • An MDM-managed Mac had the WWDR intermediate disabled in a security profile — IT had to push an updated profile.
  • On macOS Sonoma+, intermediates installed only to the login keychain don't propagate to xcodebuild's keychain search. Install to System.
  • An old WWDR G2 cert was still present and Keychain was preferring it over G3 — delete the expired one explicitly.

Related fixes