For those wondering why this is a big deal it means that every developers attempting to run a development version of an iPhone, iPad or MacOS app cannot run their apps right now.
This is worse than Github being down and Apple Developers who pay 99$ a year for the privilege of writing software on this ecosystem aren't event getting a status page update: https://developer.apple.com/system-status/
Can confirm. Spent over an hour trying to figure out why I couldn't build to devices just to get frustrated, browse to HN, and here we are.
I'm looking for a job shoveling pig shit as we speak.
What genuinely pisses me off is that this isn't noted on their status page, nor is it indicated at all when you, I dunno, revoke and generate certs repeatedly trying to solve a problem you didn't fucking cause.
And a lot more people use github for something at all and don't use Apple for anything at all.
The entire Apple universe is smaller than the world or even just the github part of the world, and the Apple developer universe is a tiny fraction of even just the Apple universe.
The only thing worse is trying to get a denied Google Play review to change… considering you can’t even provide a comment to the reviewer objecting to your update
Here was the developer thread https://developer.apple.com/forums/thread/818403 I found with lots of other reports of "Unable to Verify App - An internet connection is required to verify the trust of the developer".
Enterprise apps distributed via MDM & signed using in-house distribution certificates are dead in the water too with the error message "Unable to Verify App" showing on start-up.
Apple's status page is showing no problems (all green).
Invalid certs according to what? Quoth Claude Code:
OpenSSL can't validate the cert because it contains a critical extension it doesn't recognize — specifically 1.2.840.113635.100.6.27.3.2, which is an Apple-proprietary OID marked as critical. Per X.509 rules, if a client encounters an unrecognized critical extension, it must reject the cert.
That said, this is likely intentional on Apple's part — browsers and Apple's own TLS stack (SecureTransport/Network.framework) almost certainly know how to handle this extension. It's a private Apple CA (Apple Server Authentication CA) signing an Apple-internal service endpoint, so it's designed to work within Apple's ecosystem rather than with generic OpenSSL.
In practice:
- Works fine in Apple clients (Safari, curl on macOS using the system TLS stack, iOS apps)
- Fails with raw OpenSSL or other non-Apple TLS implementations
- Not a misconfiguration — it's Apple intentionally using a proprietary critical extension on their private PKI
OMG my app just got rejected because I didn't have the right screenshots to their liking... an app specifically made to remember stuff like this LOL the irony!
Any other services down for anyone? I've had a credit service portal fail for hours today with a notice of server issues. As well as a credit union login with a similar message. These are all first times for me. Some big black cape / hat pressure testing?
The Apple status pages (both of them) are some of the worst of the big league offenders, perhaps second only to Microsoft.
Full disclosure, I operate a product that compares official outage acknowledgment to actual outage impact times. (Which I won't mention to avoid self-promotion.)
For this specific incident, I saw the alert come across my Slack at 19:02 UTC. We received over 100 reports of this outage before the official acknowledgement was posted by Apple on their status page at 21:37 UTC.
Shortly after their acknowledgment, the reports fizzled out and then Apple marked the incident as resolved about 20 minute later.
The whole outage lasted about 4 hours from first report to last and wasn't acknowledged by Apple until 3.5 hours into it.
Bro im tryin to sideload and everytime i try to verify my app it doesnt let me what is even going on like i need my spotify back when will the certificates be back up what else can i use to sideload
For those wondering why this is a big deal it means that every developers attempting to run a development version of an iPhone, iPad or MacOS app cannot run their apps right now.
This is worse than Github being down and Apple Developers who pay 99$ a year for the privilege of writing software on this ecosystem aren't event getting a status page update: https://developer.apple.com/system-status/
Can confirm. Spent over an hour trying to figure out why I couldn't build to devices just to get frustrated, browse to HN, and here we are.
I'm looking for a job shoveling pig shit as we speak.
What genuinely pisses me off is that this isn't noted on their status page, nor is it indicated at all when you, I dunno, revoke and generate certs repeatedly trying to solve a problem you didn't fucking cause.
> I'm looking for a job shoveling pig shit as we speak.
https://www.goatops.com
It's definitely not worse than GitHub being down...
Depends on your priorities. Many developers don't pay for github access, and no one pays github 15-30% of gross sales.
And a lot more people use github for something at all and don't use Apple for anything at all.
The entire Apple universe is smaller than the world or even just the github part of the world, and the Apple developer universe is a tiny fraction of even just the Apple universe.
You can still work locally if GH is down. You can even send patches by (gasp!) email for review if you want to do something ASAP.
Apple's servers being down makes it impossible to test your code on your _own_ devices.
> Apple's servers being down makes it impossible to test your code on your _own_ devices.
Which makes it sound an awful lot like they aren't actually your devices
Can’t you still test on simulator
You can, but it's a simulator and it often doesn't behave like real devices. Doubly so if you want to do something media-heavy.
The only thing worse is trying to get a denied Google Play review to change… considering you can’t even provide a comment to the reviewer objecting to your update
Here was the developer thread https://developer.apple.com/forums/thread/818403 I found with lots of other reports of "Unable to Verify App - An internet connection is required to verify the trust of the developer".
Although https://developer.apple.com/system-status/ was green for most of the 3-4 hour outage, the page now at least acknowledges two minutes of downtime:
Not a great developer experience.Can't risk those precious 9s of uptime.
Enterprise apps distributed via MDM & signed using in-house distribution certificates are dead in the water too with the error message "Unable to Verify App" showing on start-up.
Apple's status page is showing no problems (all green).
This is a really bad look for Apple.
I'm getting invalid certificates from https://ppq.apple.com. I think that's probably the root cause?
Invalid certs according to what? Quoth Claude Code:
OpenSSL can't validate the cert because it contains a critical extension it doesn't recognize — specifically 1.2.840.113635.100.6.27.3.2, which is an Apple-proprietary OID marked as critical. Per X.509 rules, if a client encounters an unrecognized critical extension, it must reject the cert.
That said, this is likely intentional on Apple's part — browsers and Apple's own TLS stack (SecureTransport/Network.framework) almost certainly know how to handle this extension. It's a private Apple CA (Apple Server Authentication CA) signing an Apple-internal service endpoint, so it's designed to work within Apple's ecosystem rather than with generic OpenSSL.
In practice:
That's fair. I've never attempted to reach this before so I can't compare and the explanation makes sense.
The intermittent 502s on the other hand are an issue.
Hilarious... their provisioning profile query server has an expired SSL certificate?
Are you serious Apple?
It doesn't look expired per se:
What I get is: net::ERR_CERT_AUTHORITY_INVALIDHas some undisclosed error.
Says cannot be trusted when validating via SSL checker
https://decoder.link/sslchecker/ppq.apple.com/443
SSL Error: Verify return code: 34 (unhandled critical extension)
OMG my app just got rejected because I didn't have the right screenshots to their liking... an app specifically made to remember stuff like this LOL the irony!
Someone on the relevant dev team needs to fix that error message!!
So frustrating to get an error that is obviously wrong. Handle your error cases properly guys. It makes you look like amateurs.
Any other services down for anyone? I've had a credit service portal fail for hours today with a notice of server issues. As well as a credit union login with a similar message. These are all first times for me. Some big black cape / hat pressure testing?
[edit] And FreeUSATax portal. Solar cone today?
And I was surprised why nothing worked, now I know. read comments here system is down hard.
I’m in the 2 hours wasted club. Could have been worse.
Why is all green in the status page? Really really annoying.
The Apple status pages (both of them) are some of the worst of the big league offenders, perhaps second only to Microsoft.
Full disclosure, I operate a product that compares official outage acknowledgment to actual outage impact times. (Which I won't mention to avoid self-promotion.)
For this specific incident, I saw the alert come across my Slack at 19:02 UTC. We received over 100 reports of this outage before the official acknowledgement was posted by Apple on their status page at 21:37 UTC.
Shortly after their acknowledgment, the reports fizzled out and then Apple marked the incident as resolved about 20 minute later.
The whole outage lasted about 4 hours from first report to last and wasn't acknowledged by Apple until 3.5 hours into it.
Finally WORKING!!
Confirmed! Damn that was annoying.
updated that there was an outage on app store connect https://developer.apple.com/system-status/
edit: working now
Bro im tryin to sideload and everytime i try to verify my app it doesnt let me what is even going on like i need my spotify back when will the certificates be back up what else can i use to sideload