Apple Code Signing Certificate Guide

Mac OS X (and 9) Signing Code from the Command Line

Apple code signing is done from the command line using their (aptly named) codesign tool, and should be very straightforward.

  1. First, make sure you have properly installed your code signing certificate to the Mac certificate store. If you used our easy installation tool, the certificate should have been imported to the certificate store through your web browser. If you have a .pfx version of the file, you can install by clicking the file and entering the .pfx file password.

    apple code signing instructions

    Your certificate should appear in the "My Certificates" catagory of the Keychain Access Manager.

  2. Once you have confirmed your certificate is properly installed, just run the command:

    codesign -s "Your Company, Inc." /path/to/MyApp.app

    If you do not know the common name of your code signing certificate file, you can find it in the Keychain Access Manager by selecting the certificate and finding the common name field. You do not need to enter the entire common name, just enough to uniquely identify your certificate (this option is case sensitive).

    If you receive an error saying "CSSMERR_TP_NOT_TRUSTED", you will need to install an Intermediate certificate on your machine first. View the details of your code signing certificate and find the Issuer Common Name. Download and install the Intermediate certificate that matches the Issuer Common Name (DigiCert Assured ID Code Signing CA-1 or DigiCert High Assurance Code Signing CA-1). You should then be able to use codesign without receiving any errors.

  3. You can verify the signature by running this command:

    codesign -v /path/to/MyApp.app

  4. Congratulations, you should now have a freshly signed piece of code, ready to use!

Get code signing certificates for just $178/year

Buy Now