使用现有的CA颁发的证书来签名OS X应用程序并使Gatekeeper保持满意 [英] Using existing CA-issued cert to sign OS X application and keep Gatekeeper happy
问题描述
我构建了一个OSX应用程序,该应用程序作为DMG在Mac App Store之外分发,我希望一旦
I build an OSX app which is distributed as a DMG outside of the Mac App Store, and I'd like to continue to have it be that way once Gatekeeper enforcement begins.
通过研究代码签名文档,看来推荐的方法是获取开发人员ID"证书,然后使用该证书进行代码签名.但是,您必须是注册的OSX开发人员,并每年向Apple支付99美元.我已经有来自公认的CA的证书,并且我想将其与codesign一起使用.我找到了有关如何执行此操作的文档,但是我无法确定Gatekeeper是否允许使用使用其他CA(而不是Apple)颁发的证书签名的应用程序.
From studying code signing documentation, it looks like the recommended approach is to get a "Developer ID" certificate and use that to codesign. However, you must be a registered OSX developer and pay Apple $99 each year. I already have a certificate from a recognized CA, and I would like to use it with codesign. I found documentation on how to do this, but I cannot tell whether Gatekeeper will allow applications signed using certs issued by other CAs, not Apple.
有人知道吗?
推荐答案
Gatekeeper仅识别使用开发者ID签名的应用,而不仅仅是任何签名.请参阅此,其中还介绍了如何在以下环境下测试Gatekeeper功能狮子.
Gatekeeper only recognizes apps signed with Developer ID, not just any signature. See this which also explains how to test Gatekeeper functionality under Lion.
重点是,如果Apple拥有证书颁发机构,则如果您的应用程序是木马之类的东西,他们可以吊销证书.
The point is that if Apple owns the certificate authority, they can revoke the certificate if your app turns out to be a trojan or something.
这篇关于使用现有的CA颁发的证书来签名OS X应用程序并使Gatekeeper保持满意的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
