in macos is it possible to be a "identified developer" if I sign my app with a self cert and have that cert installed in the target machine?

Question

I have developed an app in mac osx. the app runs properly locally.

Now I'm trying to distribute the app internally with other peers. ( without having to go thru the app store )

I created a self signing cert. I installed the cert and add it to trusted ( it is a ROOT cert ) I then signed the app with my self signing certificate.

all is good. the app still runs properly locally after being signed ( I verified that it is indeed signed )

My next step was to upload the signed app to s3. after downloading the app. the os security settings prevented the launch of the downloaded app - ( unidentified developer) - this is the same machine that has the cert installed..

so I'm not sure why I still receive the unidentified developer error? my assumption is if I the cert is present ( and trusted ) in the target machine - the os should allow the app to go through. is this assumption is incorrect - if so what values does the self sign add ( I guess nothing ) . if it is not true , I maybe have the wrong cert ?

Answer 1

You receive the error after downloading your .app because whatever you used to download it (your web browser?) has set the quarantine attribute, which forces Gatekeeper to kick in. You can read more here.

Gatekeeper is looking for a "developer" certificate, one that is issued by Apple (and has the Apple Root CA as it's root certificate). It's not just checking that the root CA is trusted.

e.g. codesign -dvvvv /Applications/Google\ Chrome.app/

Authority=Developer ID Application: Google, Inc. (EQHXZ8M8AV) Authority=Developer ID Certification Authority Authority=Apple Root CA

Your self-signed certificate is not an Apple-issued developer certificate, so Gatekeeper won't recognize it.