How to create a code signing certificate in macOS

Code signing in macOS ensures that applications are secure and trusted by verifying their integrity and authenticity. It is important for developers who distribute apps outside of the Apple App Store. A code signing certificate digitally signs an app, assuring users that it has not been tampered with and is from a known developer.

For official distribution, developers typically use certificates from the Apple Developer Program. However, for personal projects or internal distributions, a self-signed certificate can be generated using the Keychain Access utility on macOS. Although a self-signed certificate is less trusted than one issued by Apple, it is sufficient for local development and environments where the developer is trusted.

The process to create a self-signed certificate is straightforward and can be done directly within the macOS Keychain Access application. This method is suitable for developers who need to sign apps without joining the Apple Developer Program, making it a practical option for testing or limited distribution.

Related: How to create a certificate authority for code signing in macOS
Related: How to sign a Homebrew PHP module on macOS

Steps to create a code signing certificate using Keychain Access:

  1. Launch Keychain Access.
  2. Go to Keychain AccessCertificate AssistantCreate a Certificate from the menu bar.
  3. Set the name of the certificate.
  4. Click on Identity Type select list.
  5. Select Leaf from the list.
  6. Click on Certificate Type select list.
  7. Select Code Signing from the list.
  8. Click Create to continue.
  9. Select CA or issuer from the list and click Create.

    Related: How to create a certificate authority for code signing in macOS

  10. Click Done to finish the process.