Code Signing, Evaluation Status, Invalid Extended Key Usage

Code Signing General
Nicklasu OP
Created Jan ’22
Replies 1
Boosts 0
Views 1.6k
Participants 2

Hi

We are trying to Code sign an application from a server over SSH. We get this error from the Server:

Failed to generate branded installation software: Codesigning frameworks: Running remote command: Process exited with status 1, SoftPlan-Backup.app: errSecInternalComponent In subcomponent: /private/var/folders/79/1kz2lffs31q71fhvbpckfk4r0000gn/T/tmp.6YmYqfJg/SoftPlan-Backup.app/Contents/MacOS/backup-tool Remote codesign process failure (0)

When I try to Evaluate the Developer ID Installer Certificate i get Evaluation Status: Invalid Extended Key Usage. Certificate Status Good.

I do not get this error with Developer ID Application certificate.

Any ideas what might be wrong?

Replies  1
Boosts  0
Views  1.6k
Participants  2
DTS Engineer OP
Apple
Jan ’22

The key usage variance you’re seeing is definitely a red herring. Developer ID signing identities fall into two groups:

  • Developer ID Application — These are used to sign code and disk images.

  • Developer ID Installer — These are used to sign installer packages.

The corresponding certificates have different extended key usage settings because of these different roles. That’s completely normal.

As to what’s going on with your server-side signing, that’s most likely caused by a missing intermediate certificate. If you log into the server as the same user using the GUI (using screen sharing, for example) and then run the same codesign command via Terminal, does it work?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
Code Signing, Evaluation Status, Invalid Extended Key Usage
First post date Last post date
 
 
Q