Is there a way to tell which items inside your DMG are not code signed?
I create the DMG and it installs find in the Applications, but if I upload to our website and download it from there, when I attempt to run the APP, it says it’s damaged.
Also, any good resources that explain how to code sign all the items inside your DMG?
Sorry, follow up question. We have code signing in an application that we wrote and it appears to be working correctly; however, just for clarification and because the developer that wrote that app is no longer employed with us, what exactly do you need to code sign in your app?
Code signing without notarisation doesn’t do anything these days. You still get the dialog “app can contain malicious code”.
You need a developer account, you download the certificates. And then you need to enter the name of the certificate into Xojo and the app you are making the dmg with.
Decided to take the excellent advice from this forum.
Downloaded and purchased AppWrapper and when setting up code sign, it says that I am “missing private key required for signing”. Not exactly sure how to get a private key for my certificates?
Rick, I deleted and recreated all the certificates (Mac Development, Developer ID Installer, and Developer ID Application) with a new CSR that I created on my computer. I then added them to Keychain and yet AppWrapper still says I’m missing a private key. Any ideas how to correct this issue?
Just FYI, the problem with using Xcode is that it likes to create some certificates that are not compatible with Xojo… specifically wildcard certs.
It is possible to get this to work and manage them yourself (that’s how I do it) and get some diagnostics using my Profile Triage app which is available on my website.
Going back to your question though… usually the reason the private key is missing is that you didn’t store it in your keychain the first time you downloaded it. After that, the only thing you can download is the public key, and you can’t sign with that. The remedy is to delete the key and create a new one from scratch.