Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Invalid data error reading pass. The passTypeIdentifier or teamIdentifier provided may not match your certificate, or the certificate trust chain could not be verified. Because of WWDR Certificate #118

Closed
sokolx1 opened this issue Oct 3, 2022 · 7 comments

Comments

@sokolx1
Copy link

sokolx1 commented Oct 3, 2022

Well, i did everything in order from readme, created .p12 file, which is valid. Spent 2 days to understand why i keep getting this error

Invalid data error reading pass. The passTypeIdentifier or teamIdentifier provided may not match your certificate, or the certificate trust chain could not be verified.

And suddenly i found this website https://pkpassvalidator.azurewebsites.net/
(BTW, this website worth mentionind in readme IMO)

Which says that ONLY G4 wwdr is valid for generating pkpass files.
I'm not sure if i'm an idiot or not, did i miss something important or not, BUT, now it works perfectly fine.

I'm not sure, what you gonna do with this info. Just trying to save somebody from 3 days of disaster

If you face same issue, try exporting this wwdr into pem via keychain. Use it in your code for generation like this

$pass->setWwdrCertificatePath('Certificate/wwdr4.pem');

it might save your day

AppleWWDRCAG4.zip

@tschoffelen
Copy link
Owner

This is very helpful knowledge for sure! Turns out the reason I or anyone else hasn't run into this yet is probably because we were signing our pass certificates with developer keys that have existed for a while:

The renewed version is used to sign new software signing certificates issued after January 28, 2021

https://developer.apple.com/support/expiration/

@tschoffelen
Copy link
Owner

I've updated the WWDR to version 6 in #119. Any specific reason you went for version 4?

@Kai-Luo
Copy link

Kai-Luo commented Oct 27, 2022

Hello @tschoffelen

I'm facing this same problem. So after getting information from different places, I think I understood this:

Version 6 isn't compatible with wallet, the validation will fail.
The WWDR (Apple WorldWide Developer Relations) G1/G4 Certificates would be the good ones.

In https://developer.apple.com/support/expiration/ they mention this:
If you plan to send notification requests or passes with certificates issued after January 27, 2022, you’ll need to download the Worldwide Developer Relations G4 sub CA, available for download. You can confirm that the correct intermediate certificate is installed by verifying that the expiration date is set to 2030 and the Organization field is set to G4.

I think would be a better option to force users of the package to set the path for the WWDR certificate instead of having it hard coded, I believe that will prevent future headaches.

This package has a good wiki about the subject

I hope it helps
Thanks

@razvanphp
Copy link

Indeed, why do you bundle this in the library? It should be a configuration setting like in any other lib....

Here is the relevant documentation that @Kai-Luo is mentioning: https://developer.apple.com/help/account/reference/wwdr-intermediate-certificates/

G6 is for Swift app signing, we need G4.

@tschoffelen
Copy link
Owner

Good point! Happy to accept a PR that adds a method to override the default cert, I was just looking for ways to make the library as plug & play as possible.

@razvanphp
Copy link

My understanding from your comment is that this is possible already with setWwdrCertificatePath() function, sorry: https://github.com/includable/php-pkpass/blob/master/src/PKPass.php#L146

@tschoffelen
Copy link
Owner

You're totally right, apologies!

And I've merged PR #132 that switched to the correct default cert. Thanks everyone for your help!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants