Let's say an Apple developer program membership has expired, so new code signing certificates cannot be requested from the Apple site. Still I have a backup of:
developerID_application.cer, developerID_installer.cer (and the expiration date is 2024, so it is still valid)CertificateSigningRequest.certSigningRequest file from 2 years ago, that was created exactly at the same time than the .cer filesHow to install these certificates on a new Mac installation, such that we can use productsign to sign a .pkg installer with them?
Here is what I tried:
productsign --sign "Developer ID Installer: MyName" myinstaller.pkg myinstaller_signed.pkgResult:
productsign: error: Could not find appropriate signing identity for "Developer ID Installer: MyName"
I have looked at OS X productsign error: Could not find appropriate signing identity but it does not help here: I only have the 2 .cer files and the .certSigningRequest file. I don't have another Private key file. Also when I open the .certSigningRequest file, I see:
Please specify the issuing Certificate Authority for MyName's certificate request
Issuing CA: Let me choose
What would you like to do?
Create a certificate for yourself
Create a CA
Use your CA to create a certificate for someone else
Request a certificate from an existing CA
Set the default CA
View and evaluate certificates
What to do with this previous .certSigningRequest file?
There is nothing you can do, if the 3 named files is all you have.
What you need is the private key.
If you have a system running or a full system image backup (to be restored) with the private keys in the keychain (~/Library/Keychains/login.keychain-db) you can export them to move to another system:
Xcode > Preferences.Accounts (top of the window).gear icon (right of the Delete button in the lower-left corner).Export Developer Accounts from the pop-up menu.