Mac Developer: Creating your own CA and Signing Certificates
Before DeveloperID was announced, I spent considerable time creating a 3-layer self-signed codesign certificate chain for my own applications. There are bugs (at least in Keychain Access for Snow Leopard) that make creating self-signed certificates painstakingly error-prone. Mostly due to the fact that the Certificate Assistant does not remember all settings when moving backward and forwards through the wizard.
In any event, it is possible to create your own root Certificate Authority (which you can publish on your web site, ala Apple's Root CA) and your own intermediate software-signing certificate and your own leaf certificates.
Someone conversant with OpenSSL can probably get it done faster and quicker than with Certificate Assistant.
My intent in creating a self-signed certificate chain was to verify that 3rd party codesigning certificates -- and binaries signed with 3rd party certificates -- would work with Tighten Pro. And they do. As long as the signing chain has 3 certificates.
Labels: certificate authority, codesigning, self-signed certificates, validation