I have built an application (Mac and Win) for a client that he intends to sell through his website. These apps (and installer/dmg) need to be code signed. The question is, do I use my own personal certificate(s) or should the client procure his own then pass them on to me to do the signing? Having the client do the code signing is not an option, so the question is: my certificate or his?
The client should be responsible for the cert if they are the entity selling them. You can sign for them, but they need to be the owner of the cert. Also, if you are doing this type of delivery regularly, you should speak with an IP attorney about the separation of responsibility once you have turned over the finished product top the client. This is sadistically different from a legal perspective than creating an application for client use under contract.
@Tim Jones: you made my day with “sadistically different”.
Theirs.
Thanks everyone!