Tell HN: Apple development certificate server seems down?
48 points
4 hours ago
| 8 comments
| HN
I don't see anything on https://developer.apple.com/system-status/, but I haven't been able to install apps for development on my own devices starting at 11AM PDT.

Other people on Reddit seem to be hitting this too [0]. Anyone knows anything about it?

[0]: https://www.reddit.com/r/iOSProgramming/comments/1rq4uxl

Edit: Now getting intermittent 502s from https://ppq.apple.com/. Something is definitely going on.

xutopia
4 hours ago
[-]
For those wondering why this is a big deal it means that every developers attempting to run a development version of an iPhone, iPad or MacOS app cannot run their apps right now.

This is worse than Github being down and Apple Developers who pay 99$ a year for the privilege of writing software on this ecosystem aren't event getting a status page update: https://developer.apple.com/system-status/

reply
andyvanosdale
6 minutes ago
[-]
It's definitely not worse than GitHub being down...
reply
ToucanLoucan
3 hours ago
[-]
Can confirm. Spent over an hour trying to figure out why I couldn't build to devices just to get frustrated, browse to HN, and here we are.

I'm looking for a job shoveling pig shit as we speak.

What genuinely pisses me off is that this isn't noted on their status page, nor is it indicated at all when you, I dunno, revoke and generate certs repeatedly trying to solve a problem you didn't fucking cause.

reply
gt565k
4 hours ago
[-]
Enterprise apps distributed via MDM & signed using in-house distribution certificates are dead in the water too with the error message "Unable to Verify App" showing on start-up.

Apple's status page is showing no problems (all green).

This is a really bad look for Apple.

reply
strongpigeon
4 hours ago
[-]
I'm getting invalid certificates from https://ppq.apple.com. I think that's probably the root cause?
reply
astrostl
3 hours ago
[-]
Invalid certs according to what? Quoth Claude Code:

OpenSSL can't validate the cert because it contains a critical extension it doesn't recognize — specifically 1.2.840.113635.100.6.27.3.2, which is an Apple-proprietary OID marked as critical. Per X.509 rules, if a client encounters an unrecognized critical extension, it must reject the cert.

That said, this is likely intentional on Apple's part — browsers and Apple's own TLS stack (SecureTransport/Network.framework) almost certainly know how to handle this extension. It's a private Apple CA (Apple Server Authentication CA) signing an Apple-internal service endpoint, so it's designed to work within Apple's ecosystem rather than with generic OpenSSL.

In practice:

  - Works fine in Apple clients (Safari, curl on macOS using the system TLS stack, iOS apps)                                                          
  - Fails with raw OpenSSL or other non-Apple TLS implementations                                                                                     
  - Not a misconfiguration — it's Apple intentionally using a proprietary critical extension on their private PKI
reply
strongpigeon
3 hours ago
[-]
That's fair. I've never attempted to reach this before so I can't compare and the explanation makes sense.

The intermittent 502s on the other hand are an issue.

reply
gt565k
4 hours ago
[-]
Hilarious... their provisioning profile query server has an expired SSL certificate?

Are you serious Apple?

reply
strongpigeon
3 hours ago
[-]
It doesn't look expired per se:

  Issued On Wednesday, January 21, 2026 at 9:47:41 AM
  Expires On Wednesday, February 17, 2027 at 10:28:16 AM
What I get is: net::ERR_CERT_AUTHORITY_INVALID
reply
gt565k
3 hours ago
[-]
Has some undisclosed error.

Says cannot be trusted when validating via SSL checker

https://decoder.link/sslchecker/ppq.apple.com/443

reply
gt565k
3 hours ago
[-]
SSL Error: Verify return code: 34 (unhandled critical extension)
reply
xutopia
3 hours ago
[-]
OMG my app just got rejected because I didn't have the right screenshots to their liking... an app specifically made to remember stuff like this LOL the irony!
reply
ynac
3 hours ago
[-]
Any other services down for anyone? I've had a credit service portal fail for hours today with a notice of server issues. As well as a credit union login with a similar message. These are all first times for me. Some big black cape / hat pressure testing?

[edit] And FreeUSATax portal. Solar cone today?

reply
avicado0o
2 hours ago
[-]
Finally WORKING!!
reply
strongpigeon
2 hours ago
[-]
Confirmed! Damn that was annoying.
reply
erkanerol
2 hours ago
[-]
Why is all green in the status page? Really really annoying.
reply
tariksune
2 hours ago
[-]
updated that there was an outage on app store connect https://developer.apple.com/system-status/

edit: working now

reply
semtra
2 hours ago
[-]
Bro im tryin to sideload and everytime i try to verify my app it doesnt let me what is even going on like i need my spotify back when will the certificates be back up what else can i use to sideload
reply