Reputation: 886
How to codesign with an Extended Validation Code Signing Certificate on Mac
I am trying to codesign with hardware token on Mac.
According to this
- Plug your Token into your computer.
- Open SafeNet Tools
- Open Command Prompt
- Input the following command below: signtool sign /tr http://timestamp.sectigo.com /td sha256 /fd sha256 /a "Path_to_the_file_you_wish_to_sign "
- SafeNet should open with a prompt asking users to input your password for the token.
- After successfully inputting the password, your application will be successfully signed. At this point, you’re all set to start distributing your application to your end-users! For those wishing to check that the application was successfully signed, please see the steps below.
It worked fine on my Windows.
Now, how do I codesign on Mac?
I am trying like this
$ codesign -s "Your Company, Inc." "/path/to/yourApp.app"
But it says "Warninig: unable to build chain to self-signed root for signer xxxx"
Upvotes: 1
Views: 832
Answers (3)
Reputation: 1
Installing Sectigo intermediate certificates from the link Matthew provided (https://support.sectigo.com/articles/Knowledge/Sectigo-Intermediate-Certificates) solved the problem of "Warning: unable to build chain to self-signed root for signer ..."
Sectigo Public Code Signing CA EV R36andSectigoPublicCodeSigningRootR46_AAA)
Then for the PIN challenge window (
codesign is trying to sign data. Enter PIN to allow this) what I got when runningcodesign -s "name of the Safenet certificate" ./binaryI followed this thread https://discussions.apple.com/thread/254527538?sortBy=best
That describes how to set the PIN (token unlock password) policy to accept max 8 digits unlock PIN/password and then to change the current PIN/password to numeric, max 8 digits one. Actually, I did not have to change anything. After changing my PIN to eg. 12345678, codesign could sing the binary file.
Run
codesign -v ./binaryto validate and no error was shown.
Upvotes: 0
Reputation: 101
To get past this problem, I installed the two EV Code Signing root certificates from here: https://support.sectigo.com/articles/Knowledge/Sectigo-Intermediate-Certificates
Unfortunately I then get prompted for a PIN and as yet I have no idea what the PIN is.
Upvotes: 1
Reputation: 886
About an EV code signing certificate by sectigo.com,
It’s not that it’s not supported per se, just that it doesn’t buy you very much.
and it is recommended to obtain an apple-issued code signing certificate.
I am not sure what it really means, but it seems that I should obtain an apple-issued code signing certificate.
Upvotes: 0
Related Questions
- Use range of addresses in column values to create new rows with single addresses in R
- Separating address column into multiple columns in R
- creating new rows based on values in a column?
- Use range in column values to create new rows in R
- Converting certain columns into new rows in a data frame and placing them in between rows
- Create a list column with ranges set by existing columns
- how to split addresses (with uneven format) into various fields in R
- How to split address column in R
- Creating new rows in a dataframe using column values
- Create new rows in data frame based on multiple values of column