User Profile

I've developed a Java application for ad hoc distribution, not intended for the Apple Store. Using the jpackage utility and the parameters... --mac-sign --mac-signing-keychain --mac-signing-key-user-name ...I'm able to point the software to a signing certificate. My problem is that jpackage requires a certificate with a "Developer ID Application" type/prefix, and I'm not authorized to create a certificate of this type, as "This operation can only be performed by the account holder." I thought it might be sufficient to create a "Distribution" certificate, since this allows a developer to "Sign your iOS, iPadOS, macOS, tvOS, watchOS, and visionOS apps for release testing using Ad Hoc distribution or for submission to the App Store." However, there doesn't appear to be any way to get jpackage to accept anything other than a "Developer ID Application" -prefixed certificate. I gather from this, and the fact that the Developer ID Application certificate is described as "This certificate is used to code sign your app for distribution outside of the Mac App Store," that this is the only type of "legitimate" security certificate Apple will accept when launching out-of-store apps. I'm not certain of this, however, and I'd like to be certain before pestering my client about it. My questions are: Is a "Developer ID Application" certificate specifically required, or can I sign the app using, e.g., a "Distribution" certificate without issues? If a "Developer ID Application" certificate is required, is it possible for my client (the "Account Holder") to grant me access to download it and use it? If a "Developer ID Application" certificate is required, what exactly is a "Distribution" certificate good for? Why isn't it sufficient to distribute software? If I can sign the app using a Distribution certificate, is there a way to force jpackage to do this, or do I have to it manually using, e.g., codesign ex post facto? Note that this issue has cropped up before on this thread, but the developer there ultimately found his developer ID certificate and the discussion was abandoned before any answers were forthcoming.