(2 votes, average: 4.50 out of 5)
By digitally signing your code with a code signing certificate, you can verify your identity as a developer and protect your users from potential security risks. If you’re a macOS user looking for how to sign a code in Mac OS, this installation blog is your Apple Code signing Guide that will help you through the process step-by-step.
The process is a simple and straightforward task that can be accomplished using Apple’s codesign tool through the command line. However, if you want your application distribution to be done through the App Store or want it to be opened with an enabled Gatekeeper, having a Code Signing certificate alone is not enough.
In such cases, you must create a developer account and use Apple Developer Code Signing certificates. This will ensure compatibility with Gatekeeper. These steps are crucial to make sure that your code is properly signed, ensuring the integrity and authenticity of your software.
Apple code signing is done from the command line using their (aptly named) codesign tool.
To start with, if you have used the Mac Keychain Access Manager to obtain your certificate, the first step is to locate it there. However, if you have not used Keychain Access Manager, follow the instructions mentioned below.
In case you have used Keychain Access Manager, you can directly start with this step
codesign -s "Company Name" "/Applications/Utilities/My App.app"
When using the full path for the file name, you can locate your certificate’s common name in the Keychain Access Manager. Once you hit Enter, you may need to confirm the action.
Note: If you receive the “CSSMERR_TP_NOT_TRUSTED” error, you need to install an Intermediate certificate on your machine. To do so, view the details of your code signing certificate and locate the Issuer’s Common Name. After identifying it, download and install the Intermediate certificate that corresponds to the Issuer’s Common Name.
Following the installation of the Intermediate certificate, using codesign should go without a hitch. However, to make sure that your code signing certificate is trusted and that it can be applied to macOS code signing, you must complete this step.
The next step is checking to see if the codesign in macOS was successfully finished.
Read Also: How to Collect an EV Code Signing Certificate?
You must go through the signature verification process in order to verify. First, let’s check the procedure.
Verifying the signature of an application is essential if you are signing one that came from a third-party source because the likelihood of it being altered is higher.
"/Applications/Utilities/My App.app," codesign -v
(Ensure that the file name contains the whole path.)
In the absence of a response, the application is considered to be signed and authentic.
Here’s how to go about it:
/Applications/Utilities/My App.app codesign -dv —verbose=4
If there isn’t a response, the application is verified as being signed, and you are free to use it without any worries.
Read Also: How to Export a Code Signing Certificate on Mac?
Note: Previously, Apple changed the settings in Gatekeeper, which changed how OS X handles certificates issued by certificate authorities other than Apple. With these modifications, the system can no longer accept any certifications that Apple does not produce. Despite this, an additional certificate authority is now recognized by Apple’s operating systems.
To ensure that certificates from other CAs can operate to their full capacity, the default configuration has not been altered. Hence, it is questionable whether OSX will natively handle certificates from other CAs. On the OSX platform, Java can nevertheless be used to leverage certificates from other CAs.