see https://developer.apple.com/forums/thread/792821

This was never resolved properly. My Developer ID Certificates exist in two places within KeychainAccess: (correct) from "login" in MyCerticates (incorrect) from "system" in Certificates I tried to clean this up, but found that from the GUI, when you say to delete the Certificate in the incorrect location, it also deletes the one in the correct location. I accepted the status quo (2 copies of Certificate). The Codesign tool (embedded within the jpackage script) gives a warning "two copies found of the certificate, choosing to use the fist one". Because of that failsafe feature, I was able to complete all my codesigning. With that, this thread is closed.

WOOHOO!!!!! It's been 3 months trying to crack this, going back to a problem that occurred when originally installing my Developer ID Certificates into KeyChainAccess. Thank you for your help. Successfully uploaded file id: e7b2c2a0-24e4-48e3-8c0e-baa7b5a33f07 path: /Users/pierrebierre/DFG2D_MacOS_Manufacturing/MacOSInstallers/DFG2D_Mac_J1602_x86/DataflowGeometry2D-1.0.313.dmg Waiting for processing to complete. Current status: Accepted..................... Processing complete id: e7b2c2a0-24e4-48e3-8c0e-baa7b5a33f07 status: Accepted

I just found some evidence that Eclipse is linking in the unsigned "jogamdp-fat" jar. I can tell because I noted the file size increase after code signing, and the one being linked in the smaller file.

POSSIBLE CLUE: This feedback from: codesign --display --verbose=2 indicates a valid Developer ID signature is attached, (not an adhoc signature) pierrebierre@Pierres-iMac ~ % codesign --display --verbose=2 ~/DFG2D_MacOS_Manufacturing/JogAmpSignedJar/jogamp-fat/natives/macosx-universal/libnewt_head.dylib Executable=/Users/pierrebierre/DFG2D_MacOS_Manufacturing/JogAmpSignedJar/jogamp-fat/natives/macosx-universal/libnewt_head.dylib Identifier=libnewt_head Format=Mach-O universal (x86_64 arm64) CodeDirectory v=20400 size=912 flags=0x0(none) hashes=23+2 location=embedded Signature size=9047 Authority=Developer ID Application: Pierre Bierre (SL7L4YU8GT) Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=Aug 4, 2025 at 11:36:17 AM Info.plist=not bound TeamIdentifier=SL7L4YU8GT Sealed Resources=none Internal requirements count=1 size=172 The codesign --verify --verbose command gives: pierrebierre@Pierres-iMac ~ % codesign --verify --verbose ~/DFG2D_MacOS_Manufacturing/JogAmpSignedJar/jogamp-fat/natives/macosx-universal/libnewt_head.dylib /Users/pierrebierre/DFG2D_MacOS_Manufacturing/JogAmpSignedJar/jogamp-fat/natives/macosx-universal/libnewt_head.dylib: valid on disk /Users/pierrebierre/DFG2D_MacOS_Manufacturing/JogAmpSignedJar/jogamp-fat/natives/macosx-universal/libnewt_head.dylib: satisfies its Designated Requirement Is this not the feedback indicating I (a valid Apple Developer) have signed my code? What possibly could explain why Notarization is calling out this file as unsigned?

Would you agree to a screen-sharing session to help resolve this?

I have a valid Developer ID certificate and key. When I codesign, I'm prompted to enter my system pw. codesign gives absolutely ZERO feedback that it isn't using the Developer ID I reference in the codesign command line. It just says it's signed in response to --verify. You haven't told me anything specifically actionable, like how would I verify during code signing that it's using my Developer ID vs. adhoc. Is there a way to tell, short of the long, exasperating feedback loop leading to Notarization testing?

Link to DropBox where I put the .dmg installer that won't pass Notarization even after signing the errant binaries:https://www.dropbox.com/scl/fi/axj79k0jzwwzwxjimgpg4/DataflowGeometry2D-1.0.313.dmg.cpgz?rlkey=zsan46qo6gdjk6y4dy1utgay6&st=uo9ujuo8&dl=0

My latest process is still failing Notarization, saying 10 .dylib files (located in the jog amp MacosX Universal Binaries folder) are unsigned. My process: Unarchive jogamp-fat.jar (command line too "jar xf") codesign --timestamp all 10 .dylib files confirm all signed reJar the jog amp-fat.jar codesign the jar, and confirm signed add signed jar back into Eclipse Java project as an external library Export app jar use jpackage tool to sign app jar , build .dmg, and sign that test run install and launch submit .dmg to Notarization Will try to email the .dmg to Quinn

The recipe to transfer the Developer ID Certs --> MyCertificates isn't perfect....it did allow me to copy the Certs into login / MyCertificates, but if I then try to delete the Developer ID Certs associated with System / Certificates, the delete command deletes BOTH copies of the Cert, leaving me with nothing. The good news is that codesign accepts the Certs I transferred by .p12 file Export / Import onto my M2 computer (which was the higher-level problem). It only gives a warning about finding multiple copies of the same cert. I chose NOT to accept the answer because it leaves the codesign with this warning.

When I initially obtained my Developer ID Application and Developer ID Installer Certificates, they were put in the "Certificates" under the System Keychain. I don't remember choosing this storage location. The associated private keys were stored in Keys / login. And since "codesign" was happy with finding my credentials stored this way, but you're saying to Export them they needed to go in MyCertificates, this raises the 2 questions: How do I move my Developer ID Certificates into MyCertificates? How was it decided to install them in the wrong place?

This problem was correctly diagnosed as: The private keys were missing in Keychain Access.

Quinn, on my sw manufacturing iMac(intel), I'm able to sign my .dmg installers. That said, when I attempt to port the signing environment over to my M2, I'm thwarted in creating the .p12 file. This Export option is grayed out. What could be causing that?

OK, I the private keys that go with the Developer ID and Installer Certificates were missing on the M2's Keychain. So, I next tried to Export my good-signing Cert+Identity into a .p12 file, but that option was grayed out in the Export dialog. Will start a new thread on that problem.

p.s. the command security find-certificate -a -p Finds all my certificates in the Keychain on the M2 rig