productsign is not able to find cert from keychain

We are trying to sign a Mac installer (.pkg file) using the following command.


productsign --sign "Developer ID Installer: MyCompany, Inc." unsigned_installer.pkg signed_package.pkg


But we are getting the following error.


productsign: error: Could not find appropriate signing identity for “Developer ID Installer: MyCompany, Inc.”.


When we try to find the certificates using 

security -v find-identity -p codesigning
, we get the following output.


Policy: Code Signing

Matching identities

1) 1234....6789 "MyCompany, Inc."

     1 identities found

Valid identities only

1) 1234....6789 "MyCompany, Inc."

     1 valid identities found


When tried as:

productsign --sign "commonName" unsigned.pkg signed.pkg

We get error as :

productsign: error: Could not find appropriate signing identity for “commonName”. An installer signing identity (not an application signing identity) is required for signing flat-style products.


Can you give us any on how to troubleshoot and fix this issue?

Up vote post of apoorvam Down vote post of apoorvam
5.3k views
Posted by
apoorvam
Reply
Add a Comment

Replies

Did you find any solution? I encounter the same problem...

Posted by
dailysoft
Up vote reply of dailysoft Down vote reply of dailysoft
Add a Comment

Me too - hoping a new reply might get this noticed.

Posted by
TOLIS Tim
Up vote reply of TOLIS Tim Down vote reply of TOLIS Tim
Add a Comment

some problem and no solutions - very common situation at the applehead community

Posted by
gundra
Up vote reply of gundra Down vote reply of gundra
Add a Comment
I am Getting the same error, when I try to sign the package. Using MacOS Big Sur 11.1 

Code Block 
security -v find-identity -p codesigning
find-identity "-p" "codesigning"
Policy: Code Signing
  Matching identities
     0 identities found
  Valid identities only
     0 valid identities found

However, my Issued by: Developer ID Certification Authority shows up in the Keychain Access, and I am able to validate it.

Has anybody found the solution to this? My Syntax for the command is in line with what everyone uses: 

Code Block 
/usr/bin/productsign --sign 'Developer ID Installer: Comp ID (ID_NUMBER)' '/Users/user/package-tosign.pkg' '/Users/user/SIGNED/Signgned.pkg'

Any Help would be appreciated - Thanks!

Posted by
ChicagoGuy
Up vote reply of ChicagoGuy Down vote reply of ChicagoGuy
Add a Comment

I am Getting the same error, when I try to sign the package.

OK, let’s see if we can get an easy win…

Have you got the new WWDR intermediate? See Apple Worldwide Developer Relations Intermediate Certificate for details.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Hi Eskimo

  • I do have in my System keychain access the Apple Worldwide Developer Relations Certification Authority that expires: Wednesday, 8 February 2023 at 04:48:47 Indochina Time
  • I do have in my Login Keychain access the Developer ID Installer: <MY_COMPANY_NAME>, (<COMPANY_USER_ID>)

But when I run the command I get

productbuild: error: Cannot write product to "/pathtoPKG". (Could not find appropriate signing identity for “Developer ID Installer: <MY_COMPANY_NAME>, (<COMPANY_USER_ID>”.)

Any suggestions?

Posted by
Daniboomerang
Up vote reply of Daniboomerang Down vote reply of Daniboomerang
Add a Comment

What does this print:

% security -v find-identity

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Was encountering this issue too, and after looking in Keychain Access, I realized my certificates were showing up as "not trusted." Refer to this thread; essentially, Apple periodically expires their Developer Relations Certification Authority cert.

Posted by
yoonicode
Up vote reply of yoonicode Down vote reply of yoonicode
Add a Comment