Code signing ensures the authenticity and integrity of a piece of software, allowing end-users to trust the source of the application they're installing. In macOS, using certificates from a trusted certificate authority (CA) is paramount for assuring users that the software they're obtaining hasn't been altered maliciously and that it originates from a verified source.
Apple's macOS offers built-in tools for creating self-signed certificates suitable for local testing and development. However, if you're distributing software to a broader audience, Apple recommends acquiring a certificate from a public CA or, if suitable, creating an in-house CA for private distributions.
You can create a Certificate Authority (CA) for code signing in macOS using the built-in Keychain Access application. Once you have your own CA, you can then create a Code Signing certificate and use the CA to sign that certificate.
Steps to create Certificate Authority for Code Signing using Keychain Access:
- Launch Keychain Access.
- Go to Keychain Access → Certificate Assistant → Create a Certificate Authority from the menu bar.
- Set a name for your CA.
- Click on User Certificate select list.
- Select Code Signing from the list.
- Check on Let me override defaults checkbox.
- Enter the email address for your CA.
- Click on Continue.
Click Continue if you encounter this warning.
Related : How to create code signing certificate in macOS
- Accept defaults for Certificate Information and click Continue.
Click Continue if you encounter this warning.
- Enter certificate information and click Continue.
- Accept defaults for Key Pair Information For This CA and click Continue.
- Accept defaults for Key Pair Information For Users of This CA and click Continue.
- Accept defaults for Key Usage Extensions For This CA and click Continue.
- Accept defaults for Key Usage Extensions For Users of This CA and click Continue.
- Click on Include Extended Key Usage Extension.
- Click to check the Code Signing checkbox.
- Click Continue.
- Accept defaults for Extended Key Usage Extensions For Users of This CA and click Continue.
- Accept defaults for Basic Constraints Extension For This CA and click Continue.
- Accept defaults for Basic Constraints Extension For Users of This CA and click Continue.
- Accept defaults for Subject Alternative Name For This CA and click Continue.
- Accept defaults for Subject Alternative Name for Users of This CA and click Continue.
- Click Create to create the CA.
- Close the Certificate Assistant window and open Keychain Access.
- Double click on your newly created CA in login → My Certificates.
- Click on Trust.
- Click on When using this certificate select list.
- Click on Always trust.
- Close the CA information window.
- Authenticate to the system to enable your changes.

Mohd Shakir Zakaria is a skilled cloud architect with a background in development, entrepreneurship, and open-source advocacy. As the founder of Simplified Guide, he helps others understand the complexities of computing, making tech concepts accessible to all.
Comment anonymously. Login not required.