Apple Code Signing Certificate Guide


Mac OS X (and 9) Signing Code from the Command Line

Code Signing for Apple is done from the command line using their (aptly named) codesign tool, and should be very straightforward.

  1. Make sure you have properly installed your code signing certificate to the Mac certificate store. The certificate should have been imported to the certificate store through your web browser. If you have a .pfx version of the file, you can install by clicking the file and entering the .pfx file password.  Your certificate should appear in the "My Certificates" catagory of the Keychain Access Manager.

  2. Once you have confirmed your certificate is properly installed, just run the command:

    codesign -s "Your Company, Inc." /path/to/MyApp.app

    If you do not know the common name of your code signing certificate file, you can find it in the Keychain Access Manager by selecting the certificate and finding the common name field. You do not need to enter the entire common name, just enough to uniquely identify your certificate (this option is case sensitive).

    If you receive an error saying "CSSMERR_TP_NOT_TRUSTED", you will need to install an Intermediate certificate on your machine first. View the details of your code signing certificate and find the Issuer Common Name. Download and install the Intermediate certificate that matches the Issuer Common Name You should then be able to use codesign without receiving any errors.

  3. You can verify the signature by running this command:

    codesign -v /path/to/MyApp.app