MAS: Requesting certificates

Alexey Stoletny edited this page Jul 19, 2015 · 2 revisions

Apps on the Mac App Store are signed. A few words about it (source):

Code signing is a security technology, used in OS X, that allows you to certify that an app was created by you. Once an app is signed, the system can detect any change to the app—whether the change is introduced accidentally or by malicious code.

To sign your app, you will need to have two certificates installed on your machine.

  • A Mac App Distribution certificate - used to sign the .app file
  • A Mac Installer Distribution certificate - used to sign the .pkg file that will be uploaded to the MAS

Preparing the request

To request your certificates you need a .certSigningRequest file.

Open /Applications/Utilities/Keychain Access.app; in the app menu, and select Request a Certificate From A Certificate Authority...:

Capture

Fill the needed information in the assistant:

Capture

  1. Your email address
  2. The name of the certificate
  3. The CA Email field tells it is required, but you have to leave it blank

Save the file on the disk. Its name is CertificateSigningRequest.certSigningRequest.

Generating the certificates from the Apple Member Center

Login to the Member Center, and go to the Certificates, Identifiers & Profiles page, which looks like this:

Capture

In the Mac Apps > Certificates page, click on the + button to add a new Mac App Store certificate:

Capture

Then, select Mac App Distribution:

Capture

Upload your CertificateSigningRequest.certSigningRequest file, when asked:

Capture

Finally, download the generated certificate on your machine:

Capture

Then, you have to renew those steps, by selecting Mac Installer Distribution instead of Mac App Distribution, on the concerned step.

Installing the certificates

When both certificates have been downloaded, you have to import them in Keychain Access, by double-clicking on them.

The installed certificates look like this:

Capture

Save the string in parenthesis (beginning with LK7 on the capture).

When signing the app, we will refer to it as the identity.

Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.