Mac code sign error

I followed these steps to code sign my app:
https://documentation.xojo.com/topics/application_deployment/apple_requirements/signing_your_mac_application.html#code-signing-your-app

But I get an error while build. My goal is people can download my app from my website and open without error message. What else I have to do?

You can start saying what error you get.
Also, I can highly recommend Sams AppWrapper which does all the hard work for you.

2 Likes

it’s: error signing applicatopn blabla.app :replacing existing signature
Warning: unable to build chain to self signed root for signer “mystuff”
errSecInternalComponent:/blabla.dylib

I also tried appwrapper, it says “missing Website certificate”
and when I run and error in code signing: invalid identity “Website”;Not Installed

OK, after I downloaded and installed every certification I found Xojo builds my app without error.
BUT… after I download and run my app I still get an error message: “MyApp” can’t be opened because Apple cannot check it for malicious software.

What else I have to do people can download and run my app?

You have to notarise it. I use AppWrapper for this.Do you have Apple Developer certificates?

1 Like

I try to figure out appwrapper.
What is “Apple Developer certificates” exactly? I downloaded some certificates.
Now I see missing in appwrapper:

  • Developer ID Application
  • Developer ID Installer
    There is a download button next to them but I can’t download anything and not obvious what I have to do.

Are you a registered Apple developer? You must be so in order to download the right certificates from your Apple Developer account.

Something you have to pay for (for macOS applications).

Yes, I have developer account (payed $100 a year)

Make a search in this Forum about Signing application.

I remember a long discussion that explain how to do (macOS / Windows), but my Memory is… bribes !

I seem to have four certificates, but I am not sure which of these I actually need for code-signing and notarising (the App Store is another story). Mine are called:

AppleWWDRCA.cer
CertificateSigningRequest.certSigningRequest
developerID_application.cer
DeveloperIDCA.cer

To get App Wrapper to ALSO notarise the app, pretty sure you will need to create an app-specific password for use with App Wrapper, in the Apple developer pages.

You need to go to the Packing tab of App Wrapper,
in the ‘Submit to Apple’ section, tick Notarisation, and select your developer account there.
Then back in the wrapping section, you can select code sign, pack and notarise.
This is slightly more complicated if you also get App Wrapper to create a DMG file instead of a PKG

I have the same opinion. All these certificates are a real mess. Which ones for what? How to install only the least mandatory for a given task? I just keep green and red labels in AppWrapper and cross fingers while wrapping…

1 Like

And here I thought it was just me being confused by the §$%& certificates.

1 Like

I see this in appwrapper

And I can’t see in download in my developer account

Start here:

Click +

Then tick and request as many of these as you can.
You may need to generate and supply a certificate request file using Key Chain
Sadly, these are now obscurely named.
When I last asked Apple support which ones were needed for which, even the support people couldnt tell me. They just wanted to talk about Xcode…

Most likely this is what I need, and I tried but I got some error in key chain. Now enough today.
This was more exhausting than any coding…
I’ll try again tomorrow with more questions :slight_smile:

As you see, we all find this business confusing so don’t be downhearted. :smile: Looking at @Jeff_Tullin 's list, and based on what you said in your OP, it would seem to me that you want the first one and the last two (Apple distribution and Developer ID x2). You are doing ad hoc distribution (i.e. via your web site).

It may depend on exactly what you are doing. I do this, using AppWrapper:

  1. Build the app in Xojo, either as ARM or as Intel (I’ve not tried universal)

  2. Code-sign the app (say, myapp.app) in AppWrapper. This will need your developer cert installed.

  3. AW makes a new myapp.app which is code-signed. I then put the code-signed myapp.app in a folder alomg with such as documentation, and use Disk Utility->New image->Image from folder to make a .dmg. I then tell AW to get this .dmg notarised by Apple. For this you need an app-specific-password and I think you need to be logged into another Apple webasite using your AppleID to get this password generated.

  4. AW sends the .dmg to Apple who check it for viruses and hopefully OK it for distribution via your web-site. This takes 2 or 3 minutes, usually. Then upload the .dmg to the website.

Hope this helps.

1 Like

Finally managed to generate and install all certificates AW needed for both website release and mac app store.
Thank you for the help.

I was so naive, when I saw the new code signing feature in xojo I just thought I just have to paste my developer ID and it’s done :slight_smile:

I assume if I dare to think about uploading my app into app store it’s an even more painful process…