Signing flat PKGs and QuickAdd packages allows users to install them on computers that have Apple's Gatekeeper feature set to only allow applications downloaded from the Mac App Store and identified developers. It also ensures that the packages appear as verified to users. Signing these packages requires an installer certificate (.p12) from Apple.
Installer certificates can be obtained from Apple using Xcode or the Apple Developer Member Center. This article explains how to obtain an installer certificate from Apple using Xcode.
To obtain an installer certificate from Apple using Xcode, you need:
Select the appropriate team with the "Agent" role assigned, and click Manage Certificates.
In the window that opens, Control-click (right-click) Developer ID Installer, and select Export.
Enter a name for the .p12 file and the Developer Profile password, and click Save.
Note: The exported installer certificate is valid for five years.
To renew the installer certificate, repeat the above process.
To install a signed QuickAdd package, the System keychain in Keychain Access must contain Apple’s Developer ID Certification Authority intermediate certificate. For instructions on how to obtain this certificate and import it to the System keychain on client computers, see Importing Apple's Developer ID Certification Authority Intermediate Certificate to the System Keychain.
For more information on signing flat PKGs in Composer or signing QuickAdd packages, see the Casper Suite Administrator's Guide.
For more information on distributing applications outside the Mac App Store, see the following documentation from Apple: