Let's say an Apple developer program membership has expired, so new code signing certificates cannot be requested from the Apple site. Still I have a backup of:
developerID_application.cer,developerID_installer.cer(and the expiration date is 2024, so it is still valid)- a
CertificateSigningRequest.certSigningRequestfile from 2 years ago, that was created exactly at the same time than the .cer files
How to install these certificates on a new Mac installation, such that we can use productsign to sign a .pkg installer with them?
Here is what I tried:
- Import the .cer files in the "System" Keychain, it seems successful
- Import the AppleWWDRCA.cer in the Keychain that I used at the creation time of these certificates (https://developer.apple.com/certificationauthority/AppleWWDRCA.cer), idem
productsign --sign "Developer ID Installer: MyName" myinstaller.pkg myinstaller_signed.pkg
Result:
productsign: error: Could not find appropriate signing identity for "Developer ID Installer: MyName"
I have looked at OS X productsign error: Could not find appropriate signing identity but it does not help here: I only have the 2 .cer files and the .certSigningRequest file. I don't have another Private key file. Also when I open the .certSigningRequest file, I see:
Please specify the issuing Certificate Authority for MyName's certificate request
Issuing CA: Let me choose
What would you like to do?
Create a certificate for yourself
Create a CA
Use your CA to create a certificate for someone else
Request a certificate from an existing CA
Set the default CA
View and evaluate certificates
What to do with this previous .certSigningRequest file?
