User Profile

I have a nodejs app, made into a single executable using pkg which signs the app with an ad-hoc signature. This single executable (xkeys-server-arm64)works fine on the machine which made it but fails on another machine of the same type - presumably because the ad-hoc signature is insufficient in this case. I've tried to replace the ad-hoc signature with my own, using: codesign --force --verify --verbose --sign "Developer ID Application: Christoph Willing (..........)" xkeys-server-arm64 but that fails with xkeys-server-arm64: replacing existing signature xkeys-server-arm64: errSecInternalComponent Checking my own signature with: find-identity -v -p appleID shows a bunch of stuff which doesn't look good. My Christoph_Willing_dev_CA entry says (CSSMERR_TP_NOT_TRUSTED) All other entries, including the Developer ID Application entry I'm trying to codesign with have the comment: (Missing required extension) My questions are: what causes the errSecInternalComponent error (and how can I fix it)? why isn't my dev_CA trusted (and how to fix)? what are the missing extensions for the other certificates (and how to provide them)? Thanks for any tips, chris