I've been having trouble re-establishing my build environment. It's worked fine in the past, but in the midst of running archive processes, I've managed to throw myself back a couple of days.
I've done TN2250 patiently.
Everything goes smooth — except no matter what I do, the Apple WWDRCA.cer shows up in the login (default) keychain in my Keychain Access as "This certificate was signed by an unknown authority." I've tried getting the certificate from a link from Apple's iOS Provisioning Profile as well as hard links — not that it should matter, but I'm desperate at this point.
My developmer and distribution certificates appear to be fine — there are no errors next to their view in Keychain Access and they contain my private keys, as best as I can tell (click arrow, down it goes, there's my key.)
I notice this even before I add the certificate. I mean — it's coming from Apple? It's a file. Why would it not be signed correctly?
The errors vary with the various things I try. But the recurring one is
CSSMERR_TP_NOT_TRUSTED codesign failed with exit code 1
Just seem to have figured this out. I haven't seen this answer anywhere, so I'll answer my own question. It seems as though my Keychain was missing a valid "Apple Computer, Inc. Root Certificate" and "Apple Inc. Root Certificate". As soon as I installed these, my certificates became "green" and valid.
I got these certificates from here: http://www.apple.com/certificateauthority/