I'm attempting to sign an application on macOS Sierra, but my Developer ID certificate(s) cannot be found. Can anyone clarify what I'm doing wrong? Thank you!
Here's my flow:
- I downloaded an "Application" and "Installer" Developer ID certificate from Apple
- I installed both to my System keychain, they show "This certificate is valid"
- I open Terminal and change directories to my application folder
- I try
codesign --deep --force --verbose --sign "<identity>" "<appName>"but I get the following "error: The specified item could not be found in the keychain"
Some things I've tried:
a. Using custom settings for the certificates by setting Code Signing to "Always Trust"
b. Using the certificate's entire Common Name for the identity instead of the value inside the parentheses
c. Running security find-identity -p codesigning, I get the following "Policy: Code Signing Matching identities 0 identities found Valid identities only 0 valid identities found"
d. Deleting the certificates and reinstalling them to the login keychain
Best Answer
You didn't mention the private key you used to generate the cert in the first place.
I purchased a new Mac Mini build machine to replace an old one. The old one had the signing certs. Just importing the signing certs downloaded from Apple didn't work, I also needed the original private key from which the certificate request was formed. So I followed https://stackoverflow.com/a/34063997/28190 to export a new keychain from the old machine, imported to a new one, and then I was able to use that.
You need to customise your `unlock-keychain' calls to point to the imported keychain.