- changed milestone to 4.0
Support other package signing certificate types
First:
If I go to Preferences -> Packages and click select next to "Signing
Identity", I should be able to select other than apple certificates.
Right now I only see those, but I have other valid certificates in my
keychain, the SSL Server certificate for example, which is third-party
signed and trusted (T-Telesec Global Root Class 2).
The certificate I select there should then be added to the
"anchor_certs" property of the DEP profile, so that the mac trusts it
and the pkgs signed with this certificate install without an error.
Second:
As one needs a SSL certificate that has to be trusted by the mac anyway,
there could be a checkbox that says "Sign pacakges with SSL cert" in the
Packages section. This way no Apple developer ID installer certificate
is needed.
- -
The only problem we have with the Developer ID installer cert is that it
is much harder to get than a third-party signed SSL cert. We as a
organisational subunit of a university are basically unable to enroll in
the developer program without a huge bureaucratic and legal process (In
Germany at least). And if this works we think it would be a good feature
for many users.
Comments (2)
-
reporter -
reporter - changed status to resolved
implemented in 40031 or later. The ssl cert you create in MDS is now selectable for package signing, and that same certificate can be trusted on the clients. no muss no fuss.
Please verify and close if works as expected.
- Log in to comment