Apple Code Signing Certificate Guide

Mac OS (and 9) Signing Code from the Command Line

Apple code signing is done from the command line using their (aptly named) codesign tool and should be very straightforward.

Note: You can use a DigiCert Code Signing Certificate (standard and EV) to sign your Mac OS software, tools, updates, utilities and applications. However, if you want your apps to open on a Mac that has Gatekeeper enabled or want to distribute apps in the App Store, you need to create a developer ID to sign your Mac apps and installer packages; only Apple Developer code signing certificates are compatible with GateKeeper.

  1. Check Code Signing Certificate Installation

    1. Make sure you've properly installed your code signing certificate to the Mac certificate store. If you used our easy installation tool, the certificate should have been imported to the certificate store through your web browser.

    2. Do you have a .pfx version of the file? To install it, click the file and enter the .pfx file password.

      apple code signing instructions

    3. Your certificate should appear in the My Certificates catagory of the Keychain Access Manager.

  2. Run the Command

    1. Once you have confirmed your certificate is properly installed, just run the command below.

      codesign -s "Your Company, Inc." /path/to/

    2. Don't know the common name of your code signing certificate? You can find it in the Keychain Access Manager.

      Select the certificate and find the common name field. You do not need to type the entire common name; type just enough to uniquely identify your certificate (this option is case sensitive).

    3. Did you receive the "CSSMERR_TP_NOT_TRUSTED" error?

      1. You need to install an Intermediate certificate on your machine.

      2. View the details of your code signing certificate and find the Issuer Common Name.

      3. Download and install the Intermediate certificate that matches the Issuer Common Name (DigiCert Assured ID Code Signing CA-1 or DigiCert High Assurance Code Signing CA-1).

      4. You should now be able to use codesign without receiving any errors.

  3. Verify the Signature

    You can verify the signature by running the command below.

    codesign -v /path/to/

  4. Congratulations!

    You should now have a freshly signed piece of code, ready to use.

Get code signing certificates for just $474/year

Buy Now