Correct way to sign a .pkg on mac?

What I did was change the certificate type to one of type Developer ID Installer:

1. Go to developer.apple.com/account, and click on Certificates, IDs & Profiles.
2. In the sidebar, select OS X from the menu, and under Certificates, select ALL.
3. Click on the (+) button at the top right.
4. Select Developer ID which is under Production, and click Continue.
5. Select the type of certificate —Developer ID Application or Developer ID Installer— and click Continue.
6. Follow the instructions to create a "certificate signing request (CSR)" using Keychain Access, and click Continue.
7. Click on Choose File.
8. Select a CSR file (with a .certSigningRequest extension), and click Choose.
9. Click Continue.
10. Click on Download.

NOTE: Only the Team Agent can create this type of certificate, if you are not the Team Agent, even if you are an Admin user you will not be able to create it, contact your Team Agent and send them your CSR file so that they can generate the certificate for you.

Once this is done, double-click the certificate (previously downloaded) to add it to Keychain Access and proceed to sign your .pkg with the productsign(1) tool as follows (Terminal):
productsign [options] --sign identity input-product-path output-product-path

Example:

productsign --sign "Nombre de tu Certificado en Keychain Access" ruta-de-entrada-al-pkg ruta-de-salida-al-pkg