Cert file does not contain Subject line with Apple Organizational Unit (OU)

[itsgowtham]

I tried to sign the .app file and while signing, I got "cert file does not contain subject line". But, certificate.pem file have the subject. Any thoughts?

isign -o resigned.app my.app

subject=/UID=XXXXXXX/CN=Developer ID Application: XXXXXXXXXXXX/OU=XXXXXXXXXX/O=XXXXXXXX/C=XX
issuer=/CN=Developer ID Certification Authority/OU=Apple Certification Authority/O=Apple Inc./C=XX

[ghost]

I still have the same issue.

nick@nick:~/isign$ isign -o out.ipa in.ipa
Traceback (most recent call last):
  File "/home/nick/.local/bin/isign", line 190, in <module>
    isign.resign(app_path, **kwargs)
  File "/home/nick/.local/lib/python2.7/site-packages/isign/isign.py", line 76, in resign
    info_props)
  File "/home/nick/.local/lib/python2.7/site-packages/isign/archive.py", line 383, in resign
    apple_cert_file=apple_cert)
  File "/home/nick/.local/lib/python2.7/site-packages/isign/signer.py", line 102, in __init__
    raise ImproperCredentials("Cert file does not contain Subject line"
isign.exceptions.ImproperCredentials: Cert file does not contain Subject linewith Apple Organizational Unit (OU)

I've checked my cert and it seems having the required field:

nick@nick:~$ cd ..
nick@nick:~$ cd .isign
nick@nick:~/.isign$ cat certificate.pem
Bag Attributes
    friendlyName: Apple Worldwide Developer Relations Certification Authority
    localKeyID: **
subject=/C=US/O=Apple Inc./OU=Apple Worldwide Developer Relations/CN=Apple Worldwide Developer Relations Certification Authority
issuer=/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Apple Root CA
-----BEGIN CERTIFICATE-----
**
-----END CERTIFICATE-----
Bag Attributes
    friendlyName: iPhone Developer: **
    localKeyID: **
subject=/UID=**/CN=iPhone Developer: **/OU=**/O=**/C=US
issuer=/C=US/O=Apple Inc./OU=Apple Worldwide Developer Relations/CN=Apple Worldwide Developer Relations Certification Authority
-----BEGIN CERTIFICATE-----
**
-----END CERTIFICATE-----

I had to install again pyOpenSSL because it gave me an error when i was running isign.

[Dadoum]

@TRIGGEREDNICK Same issue, and i had to reinstall pyOpenSSL.
I run into WSL

[Yi-pixel]

The reason for this problem is that this is a regular expression error that prevents an match.

After on 19 Jan 2017 Releases 1.6.15, continue to merge multiple versions, including 26ad90f, but There are no Releases for them. Causes pip to get the old version.

So something bad happens when you install with pip.

Also, after the most recent Releases, all merges failed to Releases and requested Releases as soon as possible.

Fixed regex for Team ID by cipi1965 · Pull Request #95 · saucelabs/isign

Unfortunately, the maintainer of the above merge has no write permission.

-- Google Translate

[Dadoum]

Thanks for your answer. I successfully fixed this issues by changing some things in the repository before installing but now i have this error:

Traceback (most recent call last):
  File "/usr/bin/isign", line 4, in <module>
    __import__('pkg_resources').run_script('isign==1.6.15.1566561140.dev29+root', 'isign')
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 666, in run_script
    self.require(requires)[0].run_script(script_name, ns)
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 1453, in run_script
    exec(code, namespace, namespace)
  File "/usr/lib/python2.7/site-packages/isign-1.6.15.1566561140.dev29+root-py2.7.egg/EGG-INFO/scripts/isign", line 252, in <module>
    isign.resign(app_path, **kwargs)
  File "/usr/lib/python2.7/site-packages/isign-1.6.15.1566561140.dev29+root-py2.7.egg/isign/isign.py", line 81, in resign
    alternate_entitlements_path)
  File "/usr/lib/python2.7/site-packages/isign-1.6.15.1566561140.dev29+root-py2.7.egg/isign/archive.py", line 400, in resign
    ua.bundle.resign(deep, signer, provisioning_profile, alternate_entitlements_path)
  File "/usr/lib/python2.7/site-packages/isign-1.6.15.1566561140.dev29+root-py2.7.egg/isign/bundle.py", line 262, in resign
    super(App, self).resign(deep, signer)
  File "/usr/lib/python2.7/site-packages/isign-1.6.15.1566561140.dev29+root-py2.7.egg/isign/bundle.py", line 177, in resign
    self.sign(deep, signer)
  File "/usr/lib/python2.7/site-packages/isign-1.6.15.1566561140.dev29+root-py2.7.egg/isign/bundle.py", line 173, in sign
    executable.sign(self, signer)
  File "/usr/lib/python2.7/site-packages/isign-1.6.15.1566561140.dev29+root-py2.7.egg/isign/signable.py", line 238, in sign
    offset, new_codesig_data = self._sign_arch(arch, app, signer)
  File "/usr/lib/python2.7/site-packages/isign-1.6.15.1566561140.dev29+root-py2.7.egg/isign/signable.py", line 122, in _sign_arch
    arch['codesig'].resign(app, signer)
  File "/usr/lib/python2.7/site-packages/isign-1.6.15.1566561140.dev29+root-py2.7.egg/isign/codesig.py", line 305, in resign
    self.set_signature(signer)
  File "/usr/lib/python2.7/site-packages/isign-1.6.15.1566561140.dev29+root-py2.7.egg/isign/codesig.py", line 235, in set_signature
    sigwrapper = self.get_blob('CSMAGIC_BLOBWRAPPER')
  File "/usr/lib/python2.7/site-packages/isign-1.6.15.1566561140.dev29+root-py2.7.egg/isign/codesig.py", line 85, in get_blob
    raise KeyError(magic)
KeyError: 'CSMAGIC_BLOBWRAPPER'

This is not the first error. in codesig.py, I already added a try expect to the blob array but apparently this didn't fixed my issue