Signing code with self-signed certificate

(Rhiannon Miller) #1

I’ve created a self-signed code-signing certificate using the Certificate Assistant in Keychain Access and saved it in the login keychain. However, although I’ve relaunched Script Debugger, I’m still seeing ‘No code signing identities available’ in the Code Signing section of the Resources pane.

Does Script Debugger support self-signed certificates and, if so, what have I failed to do?

(Mark Alldritt) #2

Script Debugger supports any valid code signing identity. Script Debugger relies on the macOS’s codesign and security commands to do this.

From the command line, issue this command to see if your certificate appears:

security find-identity -p codesigning -v

This command lists the valid code signing identities on your system. Once your self signed code signing certificate is listed by this command, Script Debugger will see and offer it to you.

As for how to accomplish this, self signed code signing certificates isn’t something I’ve played with so I’m out of my depth. Maybe others can chime in with help.

Google found this link which suggests self signing can be made to work:

(Rhiannon Miller) #3

Thanks Mark. I had followed those instructions already, without it creating a valid code-signing certificate that showed up in Script Debugger. The certificate did not appear when I ran the security command you give above.

I looked at the certificate in Keychain Access and changed its trust settings to Always Trust for code-signing. After that, the certificate did appear when I ran the security command, and also appeared in the drop-down menu in Script Debugger, and I was able to use it to code-sign a simple app.

The first code-signed version of the app naturally still brings up the "app would like to control…’ dialog in Mojave. Once I tell it OK, the app runs as normal. I am hoping that code-signed updates to the app will run without asking again for authorisation. However, if I increment the version number and save, the app now does nothing on Mojave, though it still runs as expected on High Sierra.

Any idea what’s going on here?

(Mark Alldritt) #4

Please open up the Mojave console and see if anything is being logged. If there is, it may give us some insight into the problem.