"certificate is not trusted"

I've got a Developer ID Application certificate - however when I open the details in KeyChain it tells me "Developer ID Application XXXXXXX certificate is not trusted"

When I try signing my code with this certificate, using

codesign -s MY_CERTIFICATE_NAME  -v --deep --timestamp --entitlements entitlements.plist -o runtime "path/to/MyApp.app" --force

I get

Warning: unable to build chain to self-signed root for signer MY_CERTIFICATE_NAME

It does work when I use another certificate - one that is trusted (however with that other certificate, I get problems in notartizing, apparently because it is an "Apple Development" certificate and not a "Developer ID Application" certificate).

How can I make my certificate trusted?

All online advice I can find online doesn't help:

  1. Find any other certificates and change their trust settings from "Always Trusted" to "Use System Defaults" (however they all are on "Use System Defaults" already).
  2. Adding intermediate signing certificates to KeyChain as in - https://stackoverflow.com/a/66083449/851699 - I've tried this, and my problem persists.
Up vote post of petered Down vote post of petered
1.2k views
Posted by
petered
Reply
Add a Comment

Replies

Gaaah - found it. It turned out I needed to download "Developer ID - G2 (Expiring 09/17/2031 00:00:00 UTC)" from https://www.apple.com/certificateauthority/ and open it in KeyChain. Then my other certificate was deemed valid and then I could sign.

Thank you to @ibamba in this thread for pointing to solution

Posted by
petered
Up vote reply of petered Down vote reply of petered
Add a Comment