I followed these steps to code sign my app:
https://documentation.xojo.com/topics/application_deployment/apple_requirements/signing_your_mac_application.html#code-signing-your-app
But I get an error while build. My goal is people can download my app from my website and open without error message. What else I have to do?
You can start saying what error you get.
Also, I can highly recommend Sams AppWrapper which does all the hard work for you.
itâs: error signing applicatopn blabla.app :replacing existing signature
Warning: unable to build chain to self signed root for signer âmystuffâ
errSecInternalComponent:/blabla.dylib
I also tried appwrapper, it says âmissing Website certificateâ
and when I run and error in code signing: invalid identity âWebsiteâ;Not Installed
OK, after I downloaded and installed every certification I found Xojo builds my app without error.
BUT⊠after I download and run my app I still get an error message: âMyAppâ canât be opened because Apple cannot check it for malicious software.
What else I have to do people can download and run my app?
You have to notarise it. I use AppWrapper for this.Do you have Apple Developer certificates?
I try to figure out appwrapper.
What is âApple Developer certificatesâ exactly? I downloaded some certificates.
Now I see missing in appwrapper:
Are you a registered Apple developer? You must be so in order to download the right certificates from your Apple Developer account.
Something you have to pay for (for macOS applications).
Yes, I have developer account (payed $100 a year)
Make a search in this Forum about Signing application.
I remember a long discussion that explain how to do (macOS / Windows), but my Memory is⊠bribes !
I seem to have four certificates, but I am not sure which of these I actually need for code-signing and notarising (the App Store is another story). Mine are called:
AppleWWDRCA.cer
CertificateSigningRequest.certSigningRequest
developerID_application.cer
DeveloperIDCA.cer
To get App Wrapper to ALSO notarise the app, pretty sure you will need to create an app-specific password for use with App Wrapper, in the Apple developer pages.
You need to go to the Packing tab of App Wrapper,
in the âSubmit to Appleâ section, tick Notarisation, and select your developer account there.
Then back in the wrapping section, you can select code sign, pack and notarise.
This is slightly more complicated if you also get App Wrapper to create a DMG file instead of a PKG
I have the same opinion. All these certificates are a real mess. Which ones for what? How to install only the least mandatory for a given task? I just keep green and red labels in AppWrapper and cross fingers while wrappingâŠ
And here I thought it was just me being confused by the §$%& certificates.
Start here:
Click +
Then tick and request as many of these as you can.
You may need to generate and supply a certificate request file using Key Chain
Sadly, these are now obscurely named.
When I last asked Apple support which ones were needed for which, even the support people couldnt tell me. They just wanted to talk about XcodeâŠ
Most likely this is what I need, and I tried but I got some error in key chain. Now enough today.
This was more exhausting than any codingâŠ
Iâll try again tomorrow with more questions 
As you see, we all find this business confusing so donât be downhearted. 
Looking at @Jeff_Tullin 's list, and based on what you said in your OP, it would seem to me that you want the first one and the last two (Apple distribution and Developer ID x2). You are doing ad hoc distribution (i.e. via your web site).
It may depend on exactly what you are doing. I do this, using AppWrapper:
Build the app in Xojo, either as ARM or as Intel (Iâve not tried universal)
Code-sign the app (say, myapp.app) in AppWrapper. This will need your developer cert installed.
AW makes a new myapp.app which is code-signed. I then put the code-signed myapp.app in a folder alomg with such as documentation, and use Disk Utility->New image->Image from folder to make a .dmg. I then tell AW to get this .dmg notarised by Apple. For this you need an app-specific-password and I think you need to be logged into another Apple webasite using your AppleID to get this password generated.
AW sends the .dmg to Apple who check it for viruses and hopefully OK it for distribution via your web-site. This takes 2 or 3 minutes, usually. Then upload the .dmg to the website.
Hope this helps.
Finally managed to generate and install all certificates AW needed for both website release and mac app store.
Thank you for the help.
I was so naive, when I saw the new code signing feature in xojo I just thought I just have to paste my developer ID and itâs done
I assume if I dare to think about uploading my app into app store itâs an even more painful processâŠ
