Starting from Mac os 10.8 apple applications requires certificate. Without that certificate (or without additional system tweaks described here on our product support page: http://support.orm-designer.com/5/macos-mountain-lion-10-8-unidentified-developer ) user will se following message:
"OrmDesigner2" can't be opened because it is from an unidentified developer.
Solution
To solve this error message it’s necessary to do following steps:
- Register in Apple developer program and pay $99 per year
- Download and install developer certificate
- Sign whole application
- Test it!
1) Register on Developer.apple.com
You need to create registration here: https://developer.apple.com/. It’s necessary to fill info about contact person and company. After that, your registration will be reviewed by apple team and if everything will be OK, your registration will be approved.
2) Use Apple site to generate certificates
Open https://developer.apple.com/account/overview.action ,choose Certificates, Click Add. Than select certificate parameters suitable for your need. In my case it was Mac Development and Developer ID.
Now you need to install this certificate to your developer machine. Simply double-click on certificate and let system to import it. You can check that certificate is imported in Go->Utilities->Keychain Access->login. Now search for “Developer ID Application: XXXX”
Note: In my case when I transfer certificate to several developer machines I need to migrate also other Apple certificates. Without that my certificate wasn’t a valid.
3) Sign your application
Now you need to sign your application including all plugins and frameworks inside app bundle. After you sing your app, you can’t do any changes in the bundle. So as first run your deploy as usual and as last step do app singing.
For ORM Designer sign script looks like this:
#go to deploy directory cd $StarkDeploy.directory$/deploy #sign app codesign --force --verify --verbose --sign "Developer ID Application: Inventic s.r.o." ./OrmDesigner2.app #sign all *.dylib files find OrmDesigner2.app -name *.dylib | xargs -I $ codesign --force --verify --verbose --sign "Developer ID Application: Inventic s.r.o." $ #sign all Qt* frameworks find OrmDesigner2.app -name Qt* -type f | xargs -I $ codesign --force --verify --verbose --sign "Developer ID Application: Inventic s.r.o." $
4) Test it!
As last step it’s necessary to test that sign process was successful. As first you can try following command line to validate it:
codesign -vvv -d OrmDesigner2.app #RESULT: Executable=/OrmDesigner2/DeployFiles/macos64/deploy/OrmDesigner2.app/Contents/MacOS/OrmDesigner2 Identifier=com.orm-designer.OrmDesigner2 Format=bundle with Mach-O thin (x86_64) CodeDirectory v=20100 size=174478 flags=0x0(none) hashes=8717+3 location=embedded Hash type=sha1 size=20 CDHash=5a491e16f7dcca15b44af4XXXX1a2d2dcc786518 Signature size=4237 Authority=Developer ID Application: Inventic s.r.o. (6BYV46LH6T) Authority=Developer ID Certification Authority Authority=Apple Root CA Signed Time=6 Jun 2013 23:16:08 Info.plist entries=10 Sealed Resources rules=4 files=27 Internal requirements count=1 size=212
Now when you checked that App is correctly signed, it’s time to try it on clean computer where no security policy changes was made. Upload your app and execute it.
If you don’t see annoying screen “Can’t execute application from unidentified developer”, you win ;-).
External links
- http://successfulsoftware.net/2012/08/30/how-to-sign-your-mac-os-x-app-for-gatekeeper/
- http://lynxline.com/submiting-to-mac-app-store/
- http://comments.gmane.org/gmane.comp.lib.qt.user/637
How to transfer certificate:
How to import:
- https://support.quovadisglobal.com/KB/a59/how-do-i-install-a-digital-certificate-onto-apple-mac-os-x.aspx and http://www.utexas.edu/its/help/user-certs/818
Apple links
thank you very much, that was very helpful!