codesign gives no identity found error

Question

Having a problem with codesign and wonder if anyone has any ideas. I'm using the command line 'codesign' command from a Terminal window (under OSX 10.10.3 Yosemite). I dont use XCode as the app in question is created using command line gcc with make etc (its a Qt based app).

Running codesign gives the error (obviously I have changed the actual name and code used in this posting):

Developer ID Application: Foo Bar Ltd (C8C8B8D8X8): no identity found

The command line I use to run codesign is:

codesign -f -s "Developer ID Application: Foo Bar Ltd (C8C8B8D8X8)" -i uk.co.mydomain.myapp -v binaryfile

But I have the certificate installed so dont understand this. If from the same terminal window I do:

certtool y | grep Developer

I get:

Common Name     : Developer ID Certification Authority
Common Name     : Developer ID Installer: Foo Bar Ltd (C8C8B8D8X8)
Common Name     : Developer ID Certification Authority
Common Name     : Developer ID Application: Foo Bar Ltd (C8C8B8D8X8)

.. which all looks OK. If anyone knows what might be wrong it would be a great help.

The funny thing is, the identical commands used to work. Whats happened since I last did this successfully is that I updated the Mac to Yosemite 10.10.3 and Xcode 6.3.1. First time I tried using codesign after that got the 'no identity found' errors. At this point using certtool showed that my certificates were no longer there. Whether they'd expired or the process or upgrading to Yosemite or Xcode had dropped them I dont know. So, I logged in to my developer.apple.com account and downloaded both the Application and Installer certificates [specifically, I downloaded them using Safari, double-clicked each download which opened them into Keychain Access and installed them into the login keychain]. After doing this, "certtool y" gives the results shown above from the same terminal window from which the codesign command fails. I also installed the 'Apple Worldwide Developer Relations Certification Authority' certificate into the System keychain.

If I open Keychain Access now this is what I have:

• Under the 'login' keychain in the 'Certificates' category I have listed: my Developer ID Application cert, Developer ID Installer cert, and the Apple Worldwide Developer Relations Certification Authority
• Under the 'System' keychain in the 'Certificates' category I have listed: Apple Worldwide Developer Relations Certification Authority, com.apple.kerberos.kdc, com.apple.systemdefault, and my Developer ID Application cert (again, seems to be in both the login and System keychains).

If anyone can offer any help I'd much appreciate it. Thanks!

Answer 1

I solved this myself, thanks to the hint from The DarkKnight above. Problem was the lack of the private key in my keychain.

This arose because, when I discovered the certificates were missing entirely, the immediate advice given both on the apple developer site and elsewhere on stackoverflow is to download the Developer ID Application and Developer ID Installer certs from the apple developer site, which is easy to do. So I did that, and added the intermediate 'Apple Worldwide Developer Relations Certification Authority' cert too. But doing that does not set up private keys, and nowhere do the codesign errors indicate that that is the problem. I then discovered that going through the process of submitting a certificate signing request (CSR) to the apple dev site does set up the private key.

Solution: dont simply use the 'download developer ID cert' option from the apple dev site, instead submit a CSR and do this both for the Developer ID Application and Developer ID Installer certs.