We are developing a Mac OS X application that we are going to distribute outside the Mac App Store. We ended up having these certificates in the Mac Developers program:
and when I go to select one for signing the application, I find this:
Am I correct in that I should use Developer ID: * for Debug? Will that allow developers that don’t have my company’s certificate to sign the application to be able to run it locally?
What certificate should I use for Release?
For development (for example, the Debug configuratino) use the Mac Developer option, which will choose your local Mac Developer certificate (in your case "Mac Developer: José Fernández"), which is meant for team members working on your project (includes testing/debugging).
For Release, use "Developer ID: *" which will pick the standard application release certificate used outside the AppStore, in your case "Developer ID Application: Carousel Apps. I recommend doing a final test/debug after codesigning to ensure it's working as expected.
The way Xcode picks up certificates is by a simple substring matching.
Apple Codesigning Certificate Types
(Name, Type, Description)
iOS Development
- iPhone Developer: Team Member Name Used to run an iOS app on devices and use certain app services during development.
iOS Distribution
- iPhone Distribution: Team Name Used to distribute your iOS app on designated devices for testing or to submit it to the App Store.
Mac Development
- Mac Developer: Team Member Name Used to enable certain app services during development and testing.
Mac App Distribution
- 3rd Party Mac Developer Application: Team Name Used to sign a Mac app before submitting it to the Mac App Store.
Mac Installer Distribution
- 3rd Party Mac Developer Installer: Team Name Used to sign and submit a Mac Installer Package, containing your signed app, to the Mac App Store.
Developer ID Application
- Developer ID Application: Team Name Used to sign a Mac app before distributing it outside the Mac App Store.
Developer ID Installer
- Developer ID Installer: Team Name Used to sign and distribute a Mac Installer Package, containing your signed app, outside the Mac App Store
Once codesigned you can also simulate the launch behavior of your app when Gatekeeper is enabled from Terminal.app:
spctl -a -v Carousel.app
./Carousel.app: accepted
source=Developer ID
The
Developer ID Applicationcertificate allows your app to run withGatekeeperon the setting "allow apps downloaded from Mac App Store and identified developers"
To code sign via the terminal (if not using Xcode):
codesign -s "Developer ID" -v Carousel.app # to sign with "Developer ID Application" for distribution
codesign -s "Mac Developer" -v CarouselDebug.app # to sign with "Mac Developer:*" for testing
spctl -a -v Carousel.app # to verify, look for "accepted"
spctl -a -v CarouselDebug.app # to verify, look for "accepted"
Codesign finds the correct certificate by looking for certificates in your keychain that have the -s string as a substring. If only more than one certificate matches, it will warn you and you can give a longer string.
来源:https://stackoverflow.com/questions/29039462/which-certificate-should-i-use-to-sign-my-mac-os-x-application