1 Reply
      Latest reply on Jan 30, 2019 1:31 PM by john daniel
      phelan.bybee@bio-techne.com Level 1 Level 1 (0 points)

        When signing our application dmg for distribution with the Developer ID Application certificate. The signature is not accepted on other mac machines other than the signing machine.

         

        When using codesign as follows, the machine on which I sign our installer DMG returns the spctl check that the signature is accepted. When copying the DMG file onto another machine and running the spctl command. "Rejected; No Usable Signature" is returned. The Developer ID Certification Authority is in the System Roots on both machines Keychains.

         

        STEPS TO REPRODUCE

        The command I run on Yosemite Build Machine is:

        codesign --force --verbose --verify --sign "Developer ID Application" "OurAppNamePlaceholder.dmg"

        The output to this is:

        “signed generic”

         

        The signature check command is:

        spctl --assess --verbose OurAppNamePlaceholder.dmg

        which outputs:

        “accepted

        Source=Developer ID”

         

        I then copy the DMG to the High Sierra test machine and run:

        spctl --assess --verbose OurAppNamePlaceholder.dmg

        which outputs

        "rejected"

        "no usable signature"

         

         

         

        PLATFORM AND VERSION

        OS X

        Our build machine on which the signing occurs is:

        OS X Yosemite (10.10.5)

         

        The machine that I am testing that gatekeeper does not pop-up as unidentified developer is:

        macOS High Sierra (10.13.6)

         

        The Developer ID Certification Authority is in the System Roots on both machines Keychains.