osx-gatekeeper

I develop a Mac app with Qt5, so outside Xcode. I want GateKeeper to allow my app to run on clients' computers rather than issuing the "Can't be opened because the identity of the developer cannot be confirmed" warning. I have successfully digitally signed the app but GateKeeper still comes with this complaint. I have an Apple developer certificate (I am the Team Agent) and my keychain says it is valid. I also have installed two Apple root certificates. I use the command line utility codesign to digitally sign all the binaries inside the app folder and in addition I digitally sign the app

My company produces Java Applications for Servers and delivers JNLP files to start local Applications. Since OSX 10.8.4 it is required to sign JNLP files with a Developer ID to keep Gatekeeper happy (it's actually in the release notes at the very bottom). The question is: how to accomplish this? AFAIK you can sign Apps (we have some Java Apps signed with Developer IDs) - but JNLP - Files are just that: files. Next: how to do this with generated JNLP files. We have to modify them as they come from a server - e.g. properties, base URL and so forth. AFAIK Java has a certain mechanism to say JNLP

With the new release of OS X 10.8, the Gatekeeper will popup the following warning, when you try to start a signed Java applet: The applet has been signed with a valid code signing certificate and will work correctly on other platforms as well as previous versions of OS X. If I change "Allow applications downloaded from:" to "Anywhere", it works correctly. As far as I can figure out "The digital signature could not be verified", actually means something like "the signature has not been made with a Mac Developer ID". So: Can I sign Java applets with a Mac Developer ID? Can I sign it with both a