MacOS Codesign: How Do I Sign a File with a Code Signing Certificate in MacOS?

Explore how to easily sign your files and software using a macOS code signing certificate

Whether you’re here because you’re looking for a “macOS codesign” solution or another variation of the statement, we’ve got you covered. If you’re thinking of signing your file or software using a certificate authority in macOS, you’re definitely thinking in the right direction.

A code signing certificate is a great way to protect software from being compromised and provides assurance to users that the software/app they’re about to install is from you and is genuine. Because it asserts your company’s name and signature, the code signing process establishes an element of trust in a user’s mind. And, as a result, enhances reputation of your company.

So you want to sign something with a code signing certificate in macOS? Let’s get started.

Sign a File/Software with Code Signing in macOS

Note: Apple has made changes to the settings in GateKeeper. As a result, it changes the way OSX handles certificates from non-Apple certificate authorities and commands the system to disallow ALL certificates that are not issued by Apple. However, after many years, Apple’s operating systems have started recognizing other certificate authorities but there’s not been change in the default setting to allow certificates from other CAs to work at their full potential. Due to this, we cannot guarantee whether certificates from other CAs will be supported by OSX natively or not. Nonetheless, it works with Java on the OSX platform.

Code Signing in Snow Leopard & macOS X

First, locate your certificate in the Mac Keychain Access Manager if you’ve used that to collect your certificate. If you didn’t use the Keychain Access Manager, implement the first five instructions outlined below. If you did, jump straight to the sixth point.

1. First, save the P12 or PFX file on your Mac’s hard disk.
2. Now navigate to Applications/Utilities and start Keychain Access.
3. Choose File -> Import Items and select the PFX/P12 file.
4. For the destination of the certificate, choose Login or System.
5. Click Open and enter the password used during the creation of the certificate.
6. Open the terminal window for signing a Mac .app file and type the command below:

codesign -s "Company Name" " /Applications/Utilities/My App.app"

(For the file name, use the full path. If you don’t know your certificate’s common name, no worries — you can locate it in the keychain access manager.)

Hit Enter and confirm, if prompted. Yeah, it doesn’t get much easier than that.

But now that your code is signed, how do you check to ensure the codesign in macOS was successful?

Signature Verification

Verifying the signature, especially when the application is coming from a third-party source, is quite important since it has higher probability of getting altered. Here’s a command through which we can verify the signature:

codesign -v "/Applications/Utilities/My App.app"

(Use full path for the file name.)

Didn’t get any response? If so, the app is signed and unaltered.

Another way you to verify the signature is through the “codesign” command. Here’s how it looks:

code sign -dv --verbose=4 /Applications/Utilities/My App.app

(For the file name, use the full path)

If you don’t receive any response, then your app is signed and you’re good to go!

Looking for a new code signing certificate? Look no further: