Can you codesign a Mac OS X App outside of Xcode and have Gatekeeper accept it?

Question

I have an application (installer, actually) that was built outside of Xcode which I have codesigned using the codesign utility, but when I try to install it after downloading the signed app, Gatekeeper complains that it comes from an unidentified developer. I have tried using the "3rd Party Mac Developer:..." identity, as well as my own "Mac Developer:..." identity; same result in either case. codesign (as far as I can tell) says all is well, so I'm thinking I'm either using the wrong identity (in which case my question is what I should use/make-to-use instead) or the signature is fine, but there is something that needs to be done w/ my developer account (in which case my question is what might that be).

Answer 1

According to Apple, and verified by me :), there is another set of identities specifically for signing apps to satisfy the intermediate security setting in Gatekeeper, but only a Team's Agent can get, which is why I wasn't getting them. My agent got them, I used them, and Gatekeeper is happy.