diff --git a/README.md b/README.md
index 244f41a..ca474f2 100644
--- a/README.md
+++ b/README.md
@@ -79,7 +79,7 @@ You can also run this step directly with [Bitrise CLI](https://github.com/bitris
 | `min_profile_validity` | If this input is set to >0, the managed Provisioning Profile will be renewed if it expires within the configured number of days.  Otherwise the Step renews the managed Provisioning Profile if it is expired. | required | `0` |
 | `apple_team_id` | The Apple Developer Portal team to use for downloading code signing assets.  Defining this is only required when Automatic Code Signing is set to `apple-id` and the connected account belongs to multiple teams. |  |  |
 | `certificate_url_list` | URL of the code signing certificate to download.  Multiple URLs can be specified, separated by a pipe (`\|`) character.  Local file path can be specified, using the `file://` URL scheme. | required, sensitive | `$BITRISE_CERTIFICATE_URL` |
-| `passphrase_list` | Passphrases for the provided code signing certificates.  Specify as many passphrases as many Code signing certificate URL provided, separated by a pipe (`\|`) character. | required, sensitive | `$BITRISE_CERTIFICATE_PASSPHRASE` |
+| `passphrase_list` | Passphrases for the provided code signing certificates.  Specify as many passphrases as many Code signing certificate URL provided, separated by a pipe (`\|`) character.  Certificates without a passphrase: for using a single certificate, leave this step input empty. For multiple certificates, use the separator as if there was a passphrase (examples: `pass\|`, `\|pass\|`, `\|`) | sensitive | `$BITRISE_CERTIFICATE_PASSPHRASE` |
 | `keychain_path` | Path to the Keychain where the code signing certificates will be installed. | required | `$HOME/Library/Keychains/login.keychain` |
 | `keychain_password` | Password for the provided Keychain. | required, sensitive | `$BITRISE_KEYCHAIN_PASSWORD` |
 | `output_dir` | This directory will contain the generated artifacts. | required | `$BITRISE_DEPLOY_DIR` |
diff --git a/e2e/bitrise.yml b/e2e/bitrise.yml
index d0ae641..edcd726 100644
--- a/e2e/bitrise.yml
+++ b/e2e/bitrise.yml
@@ -9,6 +9,7 @@ app:
   - BITRISE_KEYCHAIN_PASSWORD: $BITRISE_KEYCHAIN_PASSWORD
   - BITFALL_APPLE_APPLE_CERTIFICATE_URL_LIST: $BITFALL_APPLE_APPLE_CERTIFICATE_URL_LIST
   - BITFALL_APPLE_APPLE_CERTIFICATE_PASSPHRASE_LIST: $BITFALL_APPLE_APPLE_CERTIFICATE_PASSPHRASE_LIST
+  - BITFALL_APPLE_IOS_CERTIFICATE_NOPASSPHRASE_URL: $BITFALL_APPLE_IOS_CERTIFICATE_NOPASSPHRASE_URL
 
 workflows:
   test_swiftpm:
@@ -121,6 +122,30 @@ workflows:
     after_run:
     - _run
 
+  test_single_certificate_no_passphrase:
+    steps:
+    - script:
+        inputs:
+        - content: |-
+            #!/bin/bash
+            set -ex
+            rm -rf "./_tmp"
+            mkdir -p "./_tmp"
+    - git::https://github.com/bitrise-steplib/bitrise-step-simple-git-clone.git@master:
+        inputs:
+        - repository_url: https://github.com/bitrise-io/sample-apps-ios-simple-objc.git
+        - branch: bundle_id
+        - clone_into_dir: ./_tmp
+    - path::./:
+        title: Step Test
+        inputs:
+        - project_path: ./_tmp/ios-simple-objc/ios-simple-objc.xcodeproj
+        - scheme: ios-simple-objc
+        - automatic_code_signing: api-key
+        - certificate_url_list: $BITFALL_APPLE_IOS_CERTIFICATE_NOPASSPHRASE_URL
+        - passphrase_list: ""
+        - apple_team_id: 72SA8V3WYL
+
   _run:
     steps:
     - script:
diff --git a/go.mod b/go.mod
index c1f723b..49dd26f 100644
--- a/go.mod
+++ b/go.mod
@@ -13,7 +13,7 @@ require (
 require (
 	github.com/bitrise-io/go-steputils/v2 v2.0.0-alpha.1
 	github.com/bitrise-io/go-utils/v2 v2.0.0-alpha.2
-	github.com/bitrise-io/go-xcode/v2 v2.0.0-alpha.9
+	github.com/bitrise-io/go-xcode/v2 v2.0.0-alpha.10
 )
 
 require (
diff --git a/go.sum b/go.sum
index 831ba2f..cb5d9cc 100644
--- a/go.sum
+++ b/go.sum
@@ -12,8 +12,8 @@ github.com/bitrise-io/go-utils/v2 v2.0.0-alpha.2/go.mod h1:sy+Ir1X8P3tAAx/qU/r+h
 github.com/bitrise-io/go-xcode v1.0.1/go.mod h1:Y0Wu2dXm0MilJ/4D3+gPHaNMlUcP+1DjIPoLPykq7wY=
 github.com/bitrise-io/go-xcode v1.0.2 h1:Uv/cBOJ/qZpitjOpyS8orafee3wk66OwvRTbqA2fr+4=
 github.com/bitrise-io/go-xcode v1.0.2/go.mod h1:Y0Wu2dXm0MilJ/4D3+gPHaNMlUcP+1DjIPoLPykq7wY=
-github.com/bitrise-io/go-xcode/v2 v2.0.0-alpha.9 h1:zBb8U+i6LrZXdTSh+FrXhb/ivw/ghnLVmhU5mjQIOSM=
-github.com/bitrise-io/go-xcode/v2 v2.0.0-alpha.9/go.mod h1:6YbvyYwZgSTt96CQSQ6QlrkcRiv3ssX8zLijh2TPnbU=
+github.com/bitrise-io/go-xcode/v2 v2.0.0-alpha.10 h1:fL+rOyxRXZADO3o4UKCUFsO3Fr83G+r8fbH4BnzOvls=
+github.com/bitrise-io/go-xcode/v2 v2.0.0-alpha.10/go.mod h1:6YbvyYwZgSTt96CQSQ6QlrkcRiv3ssX8zLijh2TPnbU=
 github.com/bitrise-io/pkcs12 v0.0.0-20211108084543-e52728e011c8 h1:kmvU8AxrNTxXsVPKepBHD8W+eCVmeaKyTkRuUJB2K38=
 github.com/bitrise-io/pkcs12 v0.0.0-20211108084543-e52728e011c8/go.mod h1:UiXKNs0essbC14a2TvGlnUKo9isP9m4guPrp8KJHJpU=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
diff --git a/step.yml b/step.yml
index 812d646..4e994c4 100644
--- a/step.yml
+++ b/step.yml
@@ -237,7 +237,9 @@ inputs:
       Passphrases for the provided code signing certificates.
 
       Specify as many passphrases as many Code signing certificate URL provided, separated by a pipe (`|`) character.
-    is_required: true
+
+      Certificates without a passphrase: for using a single certificate, leave this step input empty. For multiple certificates, use the separator as if there was a passphrase (examples: `pass|`, `|pass|`, `|`)
+    is_required: false  # A single cert with an empty passphrase is allowed too
     is_sensitive: true
 
 - keychain_path: $HOME/Library/Keychains/login.keychain
diff --git a/vendor/github.com/bitrise-io/go-xcode/v2/codesign/inputparse.go b/vendor/github.com/bitrise-io/go-xcode/v2/codesign/inputparse.go
index cac172a..82d1902 100644
--- a/vendor/github.com/bitrise-io/go-xcode/v2/codesign/inputparse.go
+++ b/vendor/github.com/bitrise-io/go-xcode/v2/codesign/inputparse.go
@@ -31,15 +31,6 @@ type Config struct {
 
 // ParseConfig validates and parses step inputs related to code signing and returns with a Config
 func ParseConfig(input Input, cmdFactory command.Factory) (Config, error) {
-	if strings.TrimSpace(input.CertificateURLList) == "" {
-		return Config{}, fmt.Errorf("code signing certificate URL: required variable is not present")
-	}
-	if strings.TrimSpace(input.KeychainPath) == "" {
-		return Config{}, fmt.Errorf("keychain path: required variable is not present")
-	}
-	if strings.TrimSpace(string(input.KeychainPassword)) == "" {
-		return Config{}, fmt.Errorf("keychain password: required variable is not present")
-	}
 	certificatesAndPassphrases, err := parseCertificates(input)
 	if err != nil {
 		return Config{}, fmt.Errorf("failed to parse certificate URL and passphrase inputs: %s", err)
@@ -59,6 +50,16 @@ func ParseConfig(input Input, cmdFactory command.Factory) (Config, error) {
 
 // parseCertificates returns an array of p12 file URLs and passphrases
 func parseCertificates(input Input) ([]certdownloader.CertificateAndPassphrase, error) {
+	if strings.TrimSpace(input.CertificateURLList) == "" {
+		return nil, fmt.Errorf("code signing certificate URL: required input is not present")
+	}
+	if strings.TrimSpace(input.KeychainPath) == "" {
+		return nil, fmt.Errorf("keychain path: required input is not present")
+	}
+	if strings.TrimSpace(string(input.KeychainPassword)) == "" {
+		return nil, fmt.Errorf("keychain password: required input is not present")
+	}
+
 	pfxURLs, passphrases, err := validateCertificates(input.CertificateURLList, string(input.CertificatePassphraseList))
 	if err != nil {
 		return nil, err
@@ -78,10 +79,10 @@ func parseCertificates(input Input) ([]certdownloader.CertificateAndPassphrase,
 // validateCertificates validates if the number of certificate URLs matches those of passphrases
 func validateCertificates(certURLList string, certPassphraseList string) ([]string, []string, error) {
 	pfxURLs := splitAndClean(certURLList, "|", true)
-	passphrases := splitAndClean(certPassphraseList, "|", false)
+	passphrases := splitAndClean(certPassphraseList, "|", false) // allow empty items because passphrase can be empty
 
 	if len(pfxURLs) != len(passphrases) {
-		return nil, nil, fmt.Errorf("certificates count (%d) and passphrases count (%d) should match", len(pfxURLs), len(passphrases))
+		return nil, nil, fmt.Errorf("certificate count (%d) and passphrase count (%d) should match", len(pfxURLs), len(passphrases))
 	}
 
 	return pfxURLs, passphrases, nil
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 55af5df..12aafcf 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -55,7 +55,7 @@ github.com/bitrise-io/go-xcode/xcodeproject/xcodeproj
 github.com/bitrise-io/go-xcode/xcodeproject/xcscheme
 github.com/bitrise-io/go-xcode/xcodeproject/xcworkspace
 github.com/bitrise-io/go-xcode/xcpretty
-# github.com/bitrise-io/go-xcode/v2 v2.0.0-alpha.9
+# github.com/bitrise-io/go-xcode/v2 v2.0.0-alpha.10
 ## explicit; go 1.16
 github.com/bitrise-io/go-xcode/v2/autocodesign
 github.com/bitrise-io/go-xcode/v2/autocodesign/certdownloader