The certificate and its corresponding private key can be created with the following command:
makekeys -cert -dname "CN=Your Name EM=myemail@address CO=myOrg" mykey.key mycert.cer
Finally, to make use of the new certificate, installation packages must be signed using the corresponding private key. This process is documented in the SDK, but, briefly, the steps are the following: Copy the original key and certificate files created by makekeys to a known location. Add the following line to the installation package file (project.pkg):
*"mykey.key","mycert.cer"
Create the installation package normally. If you set a passphrase for the key, makesis will prompt you for it. The new installation package can now be installed normally and without security warnings.