Creating Apple Developer ID-signed Casper QuickAdd installer packages
With 10.8, Apple introduced Gatekeeper as a way to allow users to define which sources they would trust for downloading applications. This functionality was also available by 10.7.x, but not turned on by default.
By default, Gatekeeper allows applications downloaded from the Mac App Store and applications signed by certified Apple developers to be launched. This restriction also applies to application installers. If a downloaded installer package is not signed with an Apple developer certificate, Gatekeeper treats it as an unknown installer and does not allow it to launch without being manually overridden.
As part of supporting OS X 10.8, Casper 8.6 includes the ability to sign Casper QuickAdd agent installer packages. If you need to have signed QuickAdd packages for your own Casper environment, see below the jump for how to obtain the needed certificates.
Creating a Developer ID certificate using the Apple Developer site’s Developer Certificate Utility
1. Log into a 10.7.x or 10.8.x Mac.
2. Sign into the Apple Developer website using a paid ADC account and click on the Get Started link for the Developer Certificate Utility.
Note: Free ADC accounts don’t have the needed access to the Developer Certificate Utility page.
3. In the Developer Certificate Utility page, click on the Create Certificates link.
4. Under Certificates, select Developer ID and check off both boxes for Developer ID Application Certificate and Developer ID Installer Certificate.
5. Follow the instructions to create a certificate signing request. Begin by launching Keychain Access.
6. In Keychain Access, go to the Certificate Assistant and select Request a Certificate from a Certificate Authority.
7. Fill in the User Email Address and Common Name fields as appropriate, select Saved to disk, then click the Continue button.
8. Save the certificate signing request file to an appropriate place.
9. Once the certificate signing request has been saved, go back to your browser and click the Continue button to access the Submit Your Certificate Signing Request page.
10. On the Submit Your Certificate Signing Request page, click the Choose File button and choose the certificate signing request file you just created with Keychain Access.
11. Once the certificate signing request file has been selected, click the Generate button to create the certificate.
12. Once the Developer ID certificate has been generated, download the Developer ID Installer certificate and double-click on it to add it to your 10.7.x or 10.8.x Mac’s login keychain.
Creating a signed QuickAdd package with Recon
1. If not already installed, install JAMF’s Recon application on the 10.7.x or 10.8.x Mac.
Note: If you’re building on a 10.7.x Mac, you may also need to install the Apple Developer ID Certification Authority Intermediate Certificate into the Mac’s system keychain. Instructions on how to that are available here at JAMF Nation.
2. In the QuickAdd Package section of Recon, click the Sign with: checkbox then select your Developer ID Installer certificate from the accompanying drop-down menu.
3. Configure the other options you want for your QuickAdd package and then click the Create… button.
4. Check your QuickAdd package to verify that it has a lock icon in the top-right corner.
5. Click the lock icon to verify that the certificate is showing up as a valid Apple Developer ID Installer certificate.