Hi,
we are developing a C++ application, compiled with clang. We need to sign it, so user's machine won't complain about unknown developer.
The problem is, that the certificate, that I downloaded here from the Certificates page, do not contain a private key. Therefore codesign would say "no identity found", and he's right.
Before getting here, we tried singing using Thawte certificate supposed to be good for signing of mac application. The signing process itself worked, but the certificate itself was not recognized by the guard application. I found out, it's because of some other certificate authorities, and that zoner wasn't probably right, that this certificate oculd be used for this purpose...
So I downloaded Developer ID Application certificate from the Member Center, hoping this would be better.
My suprise was, that it is not even as good as it was with the thawte one..
The difference there is between the Developer ID Application cert and the thawte one (technicaly speaking) is the lack of private key in the Developer ID one.
When I run codesign --deep --verify --verbose --sign "Developer ID Application: blabla (userid)" the.app , I get almost obviously the 'no identity' error.
I expect that behaviour due to lack of the private key...
What are we missing? Where do I download a good certificate for signing? If this is the good one, how do I use it correctly then?
Thank
Daniel