I asked our Team Agent to produce a Developer ID Installer certificate in order to sign our Mac OSX installer. He sent me the developerID_installer.cer file via e-mail and I added it to my Keychain. However, when I try to sign the installer I get the "productsign: error: Could not find appropriate signing identity for [common name]" error.
productsign does not complain when I sign with a 3rd Party Mac Installer certificate that I requested (which of course is not the Developer ID required by Gatekeeper), while it does complain with another 3rd Party Mac Installercertificate requested by another member and freely available for download.
Therefore I figure it has something to do with the private key of my Team Agent missing, but I don't like one bit the idea that my Team Agent has to share HIS PERSONAL PRIVATE KEY with any developer wanting to sign a Mac Installer. Is it alright to ask my Team Agent his private key? Will it solve the problem?
Can someone confirm this is the right way to do things?
[EDIT] I thougth right now that maybe the right way is to ask my Team Agent to generate a new Developer ID Installer with a .csr (CertSignignRequest) file coming from my Keychain. If my intuition is correct the .csr file contains the private key so that the resulting .cer is valid for that particular user. Is it so?
Best Answer
Yes, I guess that each Developer ID Installer is related to the public / private key with which the CSR was generated.