This became a curious situation. I am not running Catalina on my development iMac. I asked my client not to update. One did, their "lead" user. The problem started with a warning on Catalina that the app "cannot be opened because Apple cannot check it for malicious software." I'd never seen that before and since I had just updated the certificate days earlier I assumed that was the problem. It wasn't. Downloading to my Mojave machine works normally.
I use Xojo2DMG to certify my app and build a dmg for distribution. In order to make a good test of the certification I had to send it to myself and download it. The app tested correctly for certification using this command.
codesign -d -vvvv "/path_to/MyApp.app"
The Xojo2DMG scripts do use a line like this.
codesign -f -s "Developer ID Application: YourName (345XXYY)" "YourXojoApp.app/Contents/Frameworks/*.dylib"
It works there within Xojo2DMG but it doesn't in Terminal. I put some time into trying to figure out why be couldn't figure it out.
So the conclusion, for me at least, is that there never really was a problem with certifying my app.