Welcome to our community!

Digitally signed pkg files for MDM deployment to macOS systems

Avatar
Andrea Rochira
  • updated
  • Pending Review

Our company recently transitioned to ConnecWIse Control. A great product, although on macOS systems, Gatekeeper dislikes the "unidentified developer" property of the pkg file. 

This poses two problems:

  • many times, the support technicians have to guide end-users through multiple System Preferences settings in order to successfully establish a connection
  • when the pkg file is deployed through an MDM platform (and it's not internally signed by the company), the installation fails 

It would be much appreciated to include one of the following features in Control:

  • pkg files automatically signed by ConnectWise
  • upload a company developer certificate that can be used to sign the pkg files

Thanks


Duplicates 3
Allow upload of developer certificate for signing mac installers

Unsigned packages are particularly hard to deal with on a remote session.


Developer Identities are $99 a year and easy enough to purchase. It would be great if a screenconnect server could store ours, and allow for on-the-fly signing of packages.

add version number in MacOS pkg file for MDM deployment.

Currently the .pkg package does contain a buildNumber (eg. 6.6.18120.6697) but not a VersionNumber. We just had a Microsoft PSS call regarding not installing this package through intune and their conclusion was the missing version number. 


To quote MS "his is limited by what is supported by the Mac OS MDM.  The version is not in the intunemac file but in the actual application packaging. To make such a change will require contacting the person/company that created the app and suggest they make the necessary changes."


Please add the VersionNumber property to the .pkg installer for connectwise control.


Kind regards,

Marco

have the .pkg installer signed
Replies 19
Avatar
1
John Case

Can you please just make a .mobileconfig file that we can use with MDM solutions? I believe everything else is in place, but a .mobileconfig file would make setting the Mac permissions SO MUCH easier. The software updates continue to cause updates for our managed Macs.

Avatar
2
John Case

I just got off a chat session and was told to submit a feature request. Obviously after 5 years, they could care less.

Avatar
1
Andrea Rochira

Since it doesn't seem a priority for the ConnectWise dev team to provide the digital signing of the pkg files, this feature would be a very much appreciated (and maybe easier to implement) alternative. 

Avatar
0
Caitlin M Barnes Team Member

Hi Marco, 

Are you still having problems deploying the MacOS .pkg? 

Caitlin 

Avatar
0
George Oosthuizen

Yes please, just moved from Teamviewer and our ad-hoc support sessions have visibly increased in times to close and it's just due to end-users struggling to override gatekeeper. 

And it's not an easy attack vector but not as secure as it could be. 

Avatar
0
anonymous
  • Under Review
Avatar
0
Marc L. Mintz

one more vote for Apple signing. We love CONNECT, but it cannot be used with many of our clients due to regulatory or security issues. The other developers in this category have found ways for customization AND still qualify for signing. 

Avatar
0
Ian

I support a LOT of Macs and having a signed installer would be much better. Right now, I direct my Mac users to Team Viewer because your app is too much for them to install.

Avatar
0
joshthree

Kirsten I just followed your directions and it worked! You have saved years off my life. Thank you!

Avatar
1
Will Polley
Quote from anonymous

Hello All,

Please take a look at this post:

http://forum.screenconnect.com/yaf_postsm36955_Signing-the-Mac-Installer-Package.aspx

That's great if you have access to a Mac to maintain updated signed pkgs.


However, I'm sure everyone here would like to not have another manual process to manage.



Top contributors
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar