Can't just sign with any cert from any CA. You need to sign it with a certificate from Apple's Developer portal. Are you a member of the Apple Developer Program for Mac ($99/yr)?

I believe it also requires the Agent to create the CSR private/public key pair. So if your company already has a OS X Dev account, you must talk to the person who OWNS the account.

Correct me if I'm wrong!

- Justin

Thanks for the replies all, will investigate further and go from there.

Cheers!

Solved + Steps for future inquiries:

1. Generate a Certificate Signing Request through Keychain Access


2. Upload CSR to OS X Dev Center (follow apples guidelines and steps)


3. Download Cert


4. Export cert and private key as .p12


5. Upload to QuickAdd in JSS User-Initiated Enrollment

Easy peasy.

@sam.clark does it matter what type of cert it is? I have a developer id installer and a mac installer distribution created. Looks like the security message still comes up the first time but if I click the installer again it runs correctly.

Does an "Agent" in the Apple Dev Portal have to generate the CSR key pair? I've tried it a couple of times as an admin to no avail

@Canary
This thread is a bit old, but I just went through this. They key pair has to be generated by the Team Agent, which there can only be 1 per developer account/company account.

Great right up of how to do this with screenshots.
https://www.hcsonline.com/images/How_to_Create_a_Signed_QuickAdd_Package.pdf