How do I prevent the "The package was signed with an invalid certificate" warning when installing my signed application in Mountain Lion?

Question

I have an application which I have signed using [path]/PackageMaker --sign [MyPackage].pkg -c "3rd Party Mac Developer Installer: [MyCompany]" -o [MyPackage]-signed.pkg.

This succeeds and spctl --assess --type install [MyPackage]-signed.pkg also succeeds.

But when I try to install it on a computer running OS X 10.8 Mountain Lion I get a warning:

The package was signed with an invalid certificate. This package might not install what you expect. Do you want to continue with the installation anyway?

If I show the certificate, the name is "3rd Party Mac Developer Installer: [MyCompany]" and it is listed as issued by "Apple Worldwide Developer Relations Certification Authority". A warning is displayed that "This certificate was signed by an unknown authority."

The computer's security settings are set to "Allow applications downloaded from: Mac App Store and identified developers".

I've tried both packagemaker (from Xcode 3.2.4) and PackageMaker (3.0.6 from the auxiliary tools download) with the same result.

The certificate was requested from within Xcode 4 and appears to be correct from what I can tell. It shows up correctly in Keychain Access with a private key nested underneath it.

What do I need to do to get my application's installer package to run without displaying this warning in Mountain Lion?

Answer 1

you also must ensure that the "Developer ID Certificate Authority" certificate is in your keychain. You can get it from here:

https://developer.apple.com/certificationauthority/AppleWWDRCA.cer

Answer 2

The "3rd Party Mac Developer Installer: [MyCompany]" certificate is for apps being submitted to the App store. For applications distributed yourself the certificate you need to sign with is the "Developer ID Installer: [MyCompany]" certificate.