I'm trying to sign an OS X installer package using the command line utility productsign, but get an error.
productsign --sign "Developer ID Installer: XYZ" input.pkg output.pkg
productsign: error: Could not find appropriate signing identity for “Developer ID Installer: XYZ”.
When I open Keychain Access, I'm able to see the cert that I created at developer.apple.com and imported into my login Keychain. Its Common Name matches my command line parameter: "Developer ID Installer: XYZ". Is there any way to debug this particular error?
I had the same issue. My installer certificate had no private key. You can check this by opening keychain and look for your certificat named like:
Developer ID Installer: My Company (1258345791ZL)
If you there is a private key attached, you should see
Developer ID Installer: My Company (1258345791ZL) (!) Private Key
If you cannot unfold the private key under your certificate, it means that it is missing.
Then to fix this, you have to log on to developer.apple.com with your apple ID and
1- try remove and download your certificate again
2- if this is not enough create a new with with the following steps
2a - click on the (+) or go here:
https://developer.apple.com/account/mac/certificate/distribution/create
2b - specify Production / Developer ID, then press Continue
2c - specify "Developer ID Installer"
2d - follow, the instruction to create a certificate request using keychain
2e - upload your certificate request file in apple developper
2f - download the newly created certificate in your keychain.
2g - cleanup all other installer certificate to be sure.
Et voila, you can sign.