Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Which certificate should I use to sign my Mac OS X application?

We are developing a Mac OS X application that we are going to distribute outside the Mac App Store. We ended up having these certificates in the Mac Developers program:

List of six certificates: two of type Mac Development, four of types Developer ID Installer, Mac App Distribution, Mac Installer Distribution, Developer ID Application

and when I go to select one for signing the application, I find this:

Certificate selection menu. Automatic: Mac Developer, Mac Distribution, Developer ID: *; others in Identities in Keychain

Am I correct in that I should use Developer ID: * for Debug? Will that allow developers that don’t have my company’s certificate to sign the application to be able to run it locally?

What certificate should I use for Release?

like image 693
pupeno Avatar asked Mar 13 '15 18:03

pupeno


People also ask

Which certificate is used to submit the iOS application to Apple's App Store?

CSR (Certificate Signing Request) The CSR needs to be sent to the certificate authority (CA), which is Apple for the iOS platform. Apple then confirms the developer's identity and issues a certificate to the developer.

What is Apple signing certificate?

A signing certificate is the first requirement you need in order to be able to sign apps for installation on iOS devices. Specifically, you need a development certificate, which lets an individual install and run an app on a device.

What is Mac installer certificate?

To distribute mac app outside app store, you need Developer ID Installer certificate. To subbmit your app to app store, you need Mac Installer Distribution certificate. All team members can create their own development certificate. Only a team agent or admin can create a distribution certificate.


1 Answers

For development (for example, the Debug configuratino) use the Mac Developer option, which will choose your local Mac Developer certificate (in your case "Mac Developer: José Fernández"), which is meant for team members working on your project (includes testing/debugging).

For Release, use "Developer ID: *" which will pick the standard application release certificate used outside the AppStore, in your case "Developer ID Application: Carousel Apps. I recommend doing a final test/debug after codesigning to ensure it's working as expected.

The way Xcode picks up certificates is by a simple substring matching.

Apple Codesigning Certificate Types

(Name, Type, Description)

iOS Development

  • iPhone Developer: Team Member Name Used to run an iOS app on devices and use certain app services during development.

iOS Distribution

  • iPhone Distribution: Team Name Used to distribute your iOS app on designated devices for testing or to submit it to the App Store.

Mac Development

  • Mac Developer: Team Member Name Used to enable certain app services during development and testing.

Mac App Distribution

  • 3rd Party Mac Developer Application: Team Name Used to sign a Mac app before submitting it to the Mac App Store.

Mac Installer Distribution

  • 3rd Party Mac Developer Installer: Team Name Used to sign and submit a Mac Installer Package, containing your signed app, to the Mac App Store.

Developer ID Application

  • Developer ID Application: Team Name Used to sign a Mac app before distributing it outside the Mac App Store.

Developer ID Installer

  • Developer ID Installer: Team Name Used to sign and distribute a Mac Installer Package, containing your signed app, outside the Mac App Store

enter image description here Once codesigned you can also simulate the launch behavior of your app when Gatekeeper is enabled from Terminal.app:

spctl -a -v Carousel.app

./Carousel.app: accepted
source=Developer ID

The Developer ID Application certificate allows your app to run with Gatekeeper on the setting "allow apps downloaded from Mac App Store and identified developers"

like image 130
l'L'l Avatar answered Nov 16 '22 00:11

l'L'l