4 Replies Latest reply: May 31, 2012 8:44 AM by Ashvin Savani
mtayyab Level 1 Level 1 (0 points)

I am using PackageMaker software that comes with MacOSX developer tools. I need to codesign the package so I provide a certificate purchased from third-party in PackageMaker but when users run my installer on their MacOSX, they get certificate invalid warning.

 

The problem is because my codesign certificate have "Intermediate Certificate" and it seems like PackageMaker software does not include the information about the Intermediate-Certificate in the package so users get warning. The same certificate works fine when I use it on Windows operating system.

 

I have used the codesigning certificate with PackageMaker before and it worked fine, however my previous certificate does not have "Intermediate-Certificate" and it was directly signed with a Trusted Root certificate.

 

Can anybody please suggest a workaround or guide me if I am doing something wrong ?

 

Thanks,

--Tayyab


PackageMaker, Mac OS X (10.7.3)
  • 1. Re: PackageMaker code-sign issue with chained certificates
    etresoft Level 7 Level 7 (24,265 points)

    I think you should use a Developer ID certificate from Apple. I have no idea if a third party certificate will work with Mountain Lion's gatekeeper.

  • 2. Re: PackageMaker code-sign issue with chained certificates
    mtayyab Level 1 Level 1 (0 points)

    Yes that is an alternate option but as I have purchased the CodeSigning ceritificate from a Trusted Certificate Provider and I am using same certificate for Windows version of my program so I prefer to use the same certiifcate for Mac OSX.

     

    Thanks for referring Mountain Lion's Gatekeeper as I was not aware of this upcoming change. I assume that Gatekeeper will not automatically trust other certificates but still will show the Signing Information to user when user attempts to run my application.

  • 3. Re: PackageMaker code-sign issue with chained certificates
    etresoft Level 7 Level 7 (24,265 points)

    mtayyab wrote:

     

    Thanks for referring Mountain Lion's Gatekeeper as I was not aware of this upcoming change. I assume that Gatekeeper will not automatically trust other certificates but still will show the Signing Information to user when user attempts to run my application.

    The only comment I can make regarding that is that you should really, really find out. If you are shipping MacOS X software, you need to be in the developer program. Then you would have a real developer ID and you would also be able to test on Mountain Lion. Even better, just get rid of the package altogether and sell on the Mac App store.

  • 4. Re: PackageMaker code-sign issue with chained certificates
    Ashvin Savani Level 1 Level 1 (0 points)

    How did you manage to code sign the pkg file (i mean the package file)?

    Can you please provide me the steps to code sign pkg file.

     

    Basically I too used PackageMaker software that came with MacOSX developer tools. I already had Apple certificates for Mac AppStore. I want some  preinstallation checks which can only be done thru package maker and after when my pkg file is ready want to code sign it with Apple Developer Installer Certificate.

     

    If you know how to code sign .pkg file with any of the certificates then please let me know. It would be really helpful.

     

    Thanks