Hi, I remember reading on here somewhere that I can PACE sign my Windows AAX plug-ins with an Apple certificate. Is that true, and how do I do it? Thanks.
Also, is it a real hassle, and not worth it and that I should go straight to Comodo and get a bloody certificate for Windows now?..
One comment made in a thread I asked about using Apple certs to sign Windows installers (you canāt was the consensus) was āif the plugin developer is not making the effort to sign their installers, what kind of message does that send about their attention to detail in code/security/etc.ā
Of course you might not be using an installer, but if you are then I tend to agree that itās a pretty valid point, so buy the cert and youāll get 2 birds with 1 ($80/yr) stone
fwiw apparently the reverse is true : you can use a Comodo cert to sign AAX under macOS
Thanks Dan, is that the āintaller IDā, the ādeveloper ID cert authorityā, the āDeveloper ID: My nameā, or the āApple Worldwide Developer Relations Certification Authorityā
I have no idea, but it sounds like it should be the latter?
I donāt know. My assumption would be, it shouldnāt matter, as long as it validates against a root CA, which should be the case for all of them, but I donāt know.
The most sensible would be āDeveloper IDā IMHO, but I guess you will have to try them one by oneā¦
OK I finally got the Mac version signed - phew. The only thing I can say is, donāt have multiple and identicle certs on you Mac - easily done when they update the legal stuff, and you download it, it doesnāt delete the old one. Then Apple gives an āambiguousā error, which doesnāt make immediate sense.
Yeah, Iāve been bitten by something similar and I discovered something interesting that may be helpful for others:
if you issue the following command to a Terminal:
security find-identity -v
It will output a list with the names of the found identities along with their IDs, for example:
1) 070832C9721D3F296D7DDFFD4AEC0534215E3234 "Developer ID Installer: YourCompanyName"
2) AF9152CCF431BD9CA31CB92CD6846D94B90BDD51 "Developer ID Application: YourCompanyName"
Now, in the place where the name of the identity would go, you can use its ID instead.
That means the -s command line argument for codesign, or and also the
(read the rest of the sentence only if you are under NDA with AVID for AAX development) --signid argument of wraptool.
In my case, this ambiguity with the name was causing an obscure problem which led to the following error message, which I am copying here to help others finding it in search results:
Hey I just found out how to use the apple cert on windows (for anyone whos interested).
BTW: this wont give you a blue trusted developer thingy but it works for signing.
right click on your cert in the keychain access and click information.
scroll all the way down to thumbprint. copy it. thats what you need for the --signid.
on windows run: certmgr in the console.
the cert manager opens
->import certificate
->choose your cert