Troubleshooting Tips for Code-Signing and Authentication Support for macOS or OS X–Based Target Systems

InstallAnywhere 2020

The following table provides tips for various issues that you may encounter when preparing or testing code-signed installers with authentication support.

Troubleshooting Tips for Code-Signing and Authentication Support

Issue

Tip

While you are code signing one of your files, you encounter an error about the code-signing identity not being found.

This error indicates that the certificate is missing from the login keychain, or that the spelling of the specified common name is incorrect.

When you are building a code signed installer with authentication support from within InstallAnywhere (option 1), the stderr/stdout messages indicate that your code-sign command exited with a non-zero exit code.

Check to ensure that the certificate is found in the login keychain on your InstallAnywhere build machine. Also verify that you are not logged in as the root user on the machine when you are building and signing; you should be logged in as the same user that was logged in when the certificate was added to the login keychain.

After performing all of the building and code-signing steps, your installer does not launch when you try to run it.

This issue may occur in the following scenarios:

One or more of the code-signing requirements are not met on the machine that you are using for code signing (either your InstallAnywhere build machine or a designated signing machine). To learn more, see Requirements for Code-Signing Support for macOS or OS X–Based Installers.
The helper tool, the authentication wrapper, or the installer was not properly signed. Ensure that you perform the verification steps after signing each file.
The code signature identities of the helper tool and the authentication wrapper do not match, or the trust relationship between them is not intact.
Your login keychain is locked. Ensure that it is not locked.

To learn more, see Verifying that Your Code-Signing Output Files Are Working as Expected on macOS or OS X–Based Target Systems.

The Console utility that is built into macOS or OS X may provide relevant clues. (This is different from Terminal; the Console utility is the OS-level log-reporting application.) When you try to launch the installer but it fails to launch, check the Console for errors.

If you still cannot identify the problem, try removing the certificate and corresponding private key from your keychain, re-adding them, and then rebuilding and re-signing as needed.

When the code-signing step occurs, a dialog box opens, prompting for administrative credentials.

On some machines, when the certificate is added to the login keychain, only certain applications have access to it. If you try to code sign in this case, the prompt for credentials is displayed. To avoid this prompt, ensure that the certificate has been granted access to be used by all applications:

1. In Keychain Access, right-click the certificate and then click Get Info.
2. On the Access Control tab, click the Allow all applications to access this item option.

Your installer successfully installs your product, but your uninstaller does not uninstall it.

Being unable to uninstall the product is a limitation of the option 2 method of code signing, where signing is performed on a separate designated code-signing server. The only way to remove a product whose installer was code signed using this method is to drag it to the Trash.

See Also

About Authentication and Code-Signing Support for macOS or OS X–Based Installers

Code-Signing Methods for macOS or OS X–Based Installers

InstallAnywhere 2020 Help Library

October 2019

 Copyright Information | Flexera

Open topic with navigation