How can I achive Gatekeeper pass an app signed with a third-party certificate?
I have signed mine with the one I bought for the Windows version and if I have checked the "Mac App and identifier developers" option in System Preferences it can't be executed.
This is the command I executed for signing:
codesign --force --verify --verbose --sign "My cert" My.app
This is the command for verifying the signing:
codesign --verify --verbose=4 My.app
And this is the output:
My.app/: valid on disk
My.app/: satisfies its Designated Requirement
What am I doing wrong?
Thanks.
Gatekeeper does not accept third-party certificates, only Mac App Store and Apple Developer ID certs. The reason for this is that if Apple finds signed malware being distributed, they want to be able to revoke the certificate that was used to sign it; that's only possible if Apple owns the certificate authority that issued the signing cert. As a result, third-party certs are not considered trustworthy for Gatekeeper purposes.
BTW, the check you're doing with codesign -- verify only checks whether the signature matches the contents of the app, not whether it's considered a Gatekeeper-valid signature. For that, you want spctl -va My.app (although note that this checks it against your current Gatekeeper policy, so if you have Gatekeeper set to Mac App Store only, it'll report Developer ID-signed apps as "rejected").