Code Signing 101

Hi all,

I am absolutely new at code signing, so I have a couple of questions for you:

1) Say that I purchase a code signing certificate (with a 1 year expiration date) and use it to sign an application that I wrote.

  • What happens to those signed apps once the certificate expires? Will customers still be able to install and use them? Or, will they see a Gatekeeper message, blocking them from using it?

2) Can you use non-Apple certificates to sign Mac apps, or does the certificate have to come from Apple? (I am not thinking of selling on the Mac App Store.)

Thank you,


(or at least for about a year until Apple change the rules again and your app needs to be updated.
But it wont stop working due to the certifcate)


To get the Certificate you need to set up a developer account with Apple, which involves agreeing to lots of terms and conditions.

Thank you! That makes sense…

There are some things to note.

  1. Traditionally the certificate was only evaluated on the first run of the application.
  2. There were reports about 5 years or so ago, that apps with expired certificates stopped working or failed to launch, but I haven’t heard anything in recent years (probably because each OS update finds a new way to break your application, and so you’re forced to update your application at least once a year).
  3. Developer ID certificates are valid for 5 years, but you can only Notarize apps (Catalina security) if you have a valid Apple developer account, must be renewed each and every year.
  4. Supposed the next version of iPadOS macOS will evaluate the certificate each and every time the application is launched, yeah for slower application launch times.
  5. The ARM rumor is gaining moment again, with supposed launch this summer, which means you’ll have to update your application soon anyway.