Code Signing in Mac OSX – Sign Your File in Minutes

PUBLISH DATE: 19 Jun 2021

There is no doubt in this fact that Codesign certificate protects software from being tampered and also gives confidence about the app/software that it is maintained by Certificate Authority

You have some document to sign with Codesign certificate in MAC OSX but don’t know how to do it. Here is the guide for you. Now sign your file in MAC OSX in a minute. 

Before we begin, please make an IMPORTANT NOTE:

THERE ARE SOME CHANGES MADE BY APPLE IN SETTINGS OF GATEKEEPER. THIS MEANS THE WAY OSX HANDLES THE CERTIFICATES HAS CHANGED FROM OTHER NON-APPLE VENDOR AND GUIDES THE SYSTEM TO PROHIBIT CERTIFICATES NOT ISSUED BY APPLE. AFTER DECADES OF ALL APPLE OPERATING SYSTEMS ARE ABLE TO RECOGNIZE OTHER BIG CERTIFICATE AUTHORITIES BUT UNFORTUNATELY THERE IS NO CHANGE IN THE DEFAULT SETTING WHICH CAN ALLOW CERTIFICATES FROM OTHER CERTIFICATE AUTHORITIES. DUE TO THIS REASON, WE NO LONGER CLAIM WHETHER OTHER CA’S CERTIFICATES WILL WORK BE SUPPORTED BY OSX NATIVELY OR NOT. NEVERTHELESS IT SHOULD SUPPORT JAVA ON OSX PLATFORM. 

Code Signing in Mac OS X Leopard and Snow Leopard:

If you have already collected your certificate on Mac then you can find it in Keychain Access Manager. But if you have used another system to collect the certificate, the follow below instructions: 

  • 1. First thing is to save the p12 or .pfx file on your Mac’s hard disk. 
  • 2. Now go to Applications/Utilities and start Keychain Access
  • 3. Select File then Import Items and select PFX/P12 file. 
  • 4. Select ‘login’ or ‘system’ for the destination of the certificate. 
  • 5. Now open and enter the password. 
  • 6. Open the terminal window for signing a Mac.app file and type the command below: 

codesign -s "Company Name" " /Applications/Utilities/My App.app"

Press Enter and confirm, if prompted. Now when your code is signed, how will you check whether it is successful or not in Mac OS X. You can that with: 

 

Signature Verification

Signature verification becomes very important part when it is coming from third-party source since the chances of software getting tampered is distorted. With the help of below command you can verify your signature.

codesign -v "/Applications/Utilities/My App.app"

If you don’t any response that means the app/software is signed and unaltered. 

CodeSignCert.com utilizes cookies to recall and process the products in shopping cart. We integrate the user's data and site traffic at some points on communications, and it helps us to develop user friendly system on our website. Accept & Close    Understand more about Cookies