Mac app direct distribution: "Your account does not have permission to create Mac App Direct Distribution certificates"

Dominik Palo picture Dominik Palo · May 20, 2016 · Viewed 22.6k times · Source

I want to distribute my mac application outside the App Store (as file downloadable from our servers), but every attempt to export archive from Xcode with option "Export a Developer ID-signed Application" ends with a "Permission failure":

Your account does not have permission to create Mac App Direct Distribution certificates

I've downloaded and added all certificates to my keychain (system). I'm using an Organization Apple Developer account, so is it possible to use this type of account to sign applications outside the App Store or must I have an Enterprise Program Account to do it? Or is there other problem?

Answer

Dominik Palo picture Dominik Palo · May 24, 2016

I consulted this problem with Apple and their answer is:

You certainly don’t need an Enterprise account to distribute Developer ID signed apps. One gotcha here is that you must be the Team Agent in order to issue Developer ID certificates. Please double check that.

Problem was, that I have Admin role in our team, but only user with Team Agent role has permission to generate certificates for distribution of app outside the App Store (Developer-ID signed apps). So, I generated a Certificate Signing Request and sent it to our Team Agent, then he creeated and sent a certificate for me and now I can sign apps.