Adt code signing using Apple Developer ID Application certificate

I need to notarize a macOS desktop app.

I’m trying to complete the first step which is to run adt -package and code sign the app. I have to use a “Developer ID Application” certificate from Apple because we are distributing the app outside the mac app store.

I have both the 2023 and the 2030 WWDR from here:

installed on my keychain as well as the .p12 Developer ID Application cert and the respective private key.

I’m on Mojave 10.14.16 and am using AIR SDK

When I run the command:

/Users/me/Downloads/AIRSDK_MacOS/bin/adt -package -storetype pkcs12 -keystore cert.p12 -target bundle air/ application.xml -C bin .

I get:

Unable to build a valid certificate chain for the signer.

Any idea why this would happen given my setup? Or is there a way to get more info on why I’m getting this error?

One wrinkle here is that I’m not the Apple account holder so I can’t generate the “Developer ID Application” certificate. My non-technical client is the account holder - so they generate the “Developer ID Application” certificate and then convert it to .p12 and then send me the .p12 along with the password. Is there a way to remove them from this workflow so that I can ensure that everything is done properly?

Thanks for any help

You can’t sign macOS apps with adt. It doesn’t work the same as iOS. Adobe never really finished proper signing for macOS (and things like required icons are not up-to-date).

You can use the following guide to package and sign for either AppStore or Notarized (compile an unsigned app first):