1. twocanoes Avatar twocanoes
  2. Open Source
  3. macdeploystick
  4. Issues

Support other package signing certificate types

Issue #610 resolved
timothy perfitt created an issue

First:

If I go to Preferences -> Packages and click select next to "Signing 
Identity", I should be able to select other than apple certificates. 
Right now I only see those, but I have other valid certificates in my 
keychain, the SSL Server certificate for example, which is third-party 
signed and trusted (T-Telesec Global Root Class 2).

The certificate I select there should then be added to the 
"anchor_certs" property of the DEP profile, so that the mac trusts it 
and the pkgs signed with this certificate install without an error.

Second:

As one needs a SSL certificate that has to be trusted by the mac anyway, 
there could be a checkbox that says "Sign pacakges with SSL cert" in the 
Packages section. This way no Apple developer ID installer certificate 
is needed.

  • -

The only problem we have with the Developer ID installer cert is that it 
is much harder to get than a third-party signed SSL cert. We as a 
organisational subunit of a university are basically unable to enroll in 
the developer program without a huge bureaucratic and legal process (In 
Germany at least). And if this works we think it would be a good feature 
for many users.

Comments (2)

  2. timothy perfitt reporter

    implemented in 40031 or later. The ssl cert you create in MDS is now selectable for package signing, and that same certificate can be trusted on the clients. no muss no fuss.

    Please verify and close if works as expected.

  3. Log in to comment
Assignee
Type
bug
Priority
major
Status
resolved
Milestone
4.0
Version
Votes
1
Watchers
2