Using existing CA-issued cert to sign OS X application and keep Gatekeeper happy

不羁的心 提交于 2020-01-03 01:55:11

问题


I build an OSX app which is distributed as a DMG outside of the Mac App Store, and I'd like to continue to have it be that way once Gatekeeper enforcement begins.

From studying code signing documentation, it looks like the recommended approach is to get a "Developer ID" certificate and use that to codesign. However, you must be a registered OSX developer and pay Apple $99 each year. I already have a certificate from a recognized CA, and I would like to use it with codesign. I found documentation on how to do this, but I cannot tell whether Gatekeeper will allow applications signed using certs issued by other CAs, not Apple.

Does anyone know?


回答1:


Gatekeeper only recognizes apps signed with Developer ID, not just any signature. See this which also explains how to test Gatekeeper functionality under Lion.

The point is that if Apple owns the certificate authority, they can revoke the certificate if your app turns out to be a trojan or something.



来源:https://stackoverflow.com/questions/10592638/using-existing-ca-issued-cert-to-sign-os-x-application-and-keep-gatekeeper-happy

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!