My employer plans to distribute Mac OSX software outside the App Store through their website. Do I need to get an organizational developer ID from Apple ($99 USD/yr) plus purchase an EV code-signing certificate from Symantec? Or, will the Apple Dev ID certificate work just fine? I'm confused — what's the process? And if you could also show what we do at command line or XCode, that would help, too.
See, I'm used to distributing on Windows. On Windows, we just get an EV cert from Symantec to sign the product. By doing the expensive EV cert, it gets past the web browser filters without warning eventually, given enough downloads from different IP addresses.
Apple states the following, but it's clear as mud (no surprise there, given that this is Apple documentation) because it doesn't explain if I don't need to sign with both certs or just one (if that's even possible to sign with two certs).
On that page, it states:
Note: Apple uses the industry-standard form and format of code signing
certificates. Therefore, if your company already has a third-party
signing identity that you use to sign code on other systems, you can
use it with the OS X codesign command.
Best Answer
Here is what the Apple Documentation says about this in the Developer ID section: "You can distribute your Mac applications outside of the Mac App Store by using Developer ID. Signing your Mac applications, plug-ins, and installer packages with a Developer ID certificate lets Gatekeeper verify that apps are not created by malware developers and haven't been tampered with since they were signed." Here's the link: http://developer.apple.com/programs/whats-included. Click Learn more in this section for details.
According to the documentation approved developers can request the Developer ID and use it to build certificates and sign app files. From what I read it appears you will only need the Apple certificate. I plan to do this when I'm approved as an Apple Developer.