Code Signing with Mac Codesign Utility

Code Signing with Mac Utility Tool

To sign software, Apple provides an efficient and effortless mechanism to its users. You only need a device running macOS and it will sign the code in minimal time. Moreover, Apple provides a built-in mechanism, known as codesign utility similar to signtool in Windows, which you have to utilize for the signing procedure.

But, make sure to only purchase an authentic Apple Code Signing Certificate, to prevent compatibility and other issues. So, avail yourself of your Code Signing Certificate and start with the signing process.

Prerequisites To Complete

Before you utilize the codesign utility on macOS, the certificate must be installed on your machine. And the latest version of the terminal must be present.

Therefore, you must check the below points every time before starting signing applications for Apple devices.

Code Signing Certificate Installation

Double-click on the Code Signing Certificate in the browser. The system will ask you to input the password. And once it gets verified, the machine will install the certificate.

Verify the installation by going to Keychain Access Manager and viewing your certificate under the My Certificates option.

  • Update to latest the terminal and latest macOS version.

The Process To Codesign Software on macOS

After installing the certificate and updating the system, execute the below steps to codesign software:

Step 1: Open the Terminal.

Step 2: Run the following command.

codesign -s "Common Name" /path/to/

After executing the command, the system will digitally sign your application. Just replace the Common Name and /path/to/ in command with your information and you are ready to go.

However, sometimes the system can show you an error “CSSMERR_TP_NOT_TRUSTED” due to the non-presence of an intermediate certificate. But, you can easily resolve it through the following method:

Step 1: View the details of your Code Signing Certificate and note down the Common Name of the issuer.

Step 2: Download the intermediate certificate and install it on the same machine.

Step 3: Again, execute the codesign utility command, and this time it will get executed seamlessly.

Verify Software Authenticity Before Releasing

Whenever you digitally sign any file on a macOS device, always verify it by running the following command:

codesign -v /path/to/

If it doesn’t show any error, it means that your application is signed and aligned with security standards.

Wrapping Up

Whenever you have to sign an application on macOS, always use the codesign utility. And before using it, update the terminal and the operating system version to prevent errors.

In addition, install the Code Signing Certificate in the Keychain Access Manager to effortlessly fetch it during the signing procedure.

Get Apple Code Signing Certificate

Janki Mehta

Janki Mehta is a Cyber-Security Enthusiast who constantly updates herself with new advancements in the Web/Cyber Security niche. Along with theoretical knowledge, she also implements her practical expertise in day-to-day tasks and helps others to protect themselves from threats.