Reputation: 197
Unable to 'codesign' installer package with valid installer certificate
I am trying to produce a code-signed installer package for distribution outside the Mac Store. My keychain contains the 5 certificates you get when joining the Apple Developer program yesterday. I have to use the command line "codesign" tool to do this. This requires great craft because codesign's default mechanism for hooking up with the correct certificate does not discriminate between certificates with similar "common names"--that they all begin with "3rd Party Mac Developer" creates confusion for codesign's default setting. There are ways to deal with this, however, if you study the documentation (codesign's man page and Apple's technical document, "Code Signing"). When I follow the various instructions carefully my attempt still fails. Here's my terminal command line input (note that my certificate id is X-ed out):
codesign -s "3rd Party Mac Developer Installer: Antony Nispel (XXXXXXXXXX)" -v /Users/antonywallacenispel/Desktop/SpellAware
_1.0/SpellAwareDistributionPackageStuff/SpellAware
Here is the result:
3rd Party Mac Developer Installer: Antony Nispel (XXXXXXXXXX): this identity cannot be used for signing code
And when I try the more restrictive request:
codesign -s -i "3rd Party Mac Developer Installer: Antony Nispel (XXXXXXXXXX)" -v /Users/antonywallacenispel/Desktop/SpellAware_1.0/SpellAwareDistributionPackageStuff/SpellAware
I get the following response:
-i: no identity found
I assure you that my "identity" (the comon name of my installer certificate) is correct.
I would appreciate any help.
Upvotes: 1
Views: 6264
Answers (1)
Reputation: 47169
The "Developer ID Installer" certificate is what you would use if not submitting to the AppStore.
Certificates Matter
These are the certificates you will need to use together for codesigning:
- Developer ID Installer
Developer ID Application
- 3rd Party Mac Developer Installer (usually only used for the AppStore apps).
Apple Developer Codesigning Workflow Guide
In short, you have codesign your installer in a specific order with the correct codesigning certificate. I answered a similar question previously here.
Upvotes: 2
Related Questions
- Code Signing on Mac "error: The specified item could not be found in the keychain"
- codesign throws err 'errSecInternalComponent'
- macOS installer certificate evaluation error in Keychain: Invalid Extended Key Usage
- Submitting to Mac App Store keeps giving "Invalid Signature" for app's installer
- Signing a Package in MAC
- Mac Codesign wants wrong key
- "This certificate is not yet valid" error on Mac
- Codesign says "no identity found" however the identity is on the keychain
- How do I prevent the "The package was signed with an invalid certificate" warning when installing my signed application in Mountain Lion?
- CodeSigning pkg file with Installer Certificate in Mac