MacOS Signing Guide

Step 1: Generate a CSR on your Mac

1. Open Keychain Access.
2. Navigate to Menu > Keychain Access > Certificate Assistant > Request a Certificate From a Certificate Authority…
3. Fill in the following details:
   • User Email Address: Your email.
   • Common Name: A recognizable name (e.g., Bubbledesk Developer ID).
   • Request is: Select Saved to disk.
4. Save the .certSigningRequest file (CSR).

Why this matters: The CSR step creates the private key in your Keychain. You need that private key later to export a working .p12 file.

Step 2: Create "Developer ID Application" in Apple Developer Portal

1. Go to Apple Developer > Certificates and click the + (plus) icon.
2. Select Developer ID Application.
3. When prompted, upload the CSR you generated in Step 1.
4. Download the resulting .cer certificate.

Step 3: Install the Certificate on your Mac

1. Double-click the downloaded .cer file to add it to your Keychain.
2. In Keychain Access > My Certificates, confirm you see:
   • Developer ID Application: [Name] with a private key nested underneath.

Required Fields and Assets

1. Certificate (.p12)

What it is A .p12 file containing your macOS Developer ID certificate and its associated private key. It is used to sign the app during the build process.

How to get it Open Keychain Access > My Certificates > Select Developer ID Application (ensure the private key is selected) > Export… > Choose .p12 format.

Notes

• The certificate must appear under "My Certificates" with a private key; otherwise, the export will not work for signing.
• Keep this file private. Anyone with the .p12 and its password can sign apps as you.

2. Certificate Password

What it is The password you set manually when exporting the .p12 from Keychain Access.

How to get it You create it at the moment of export. If you do not remember it, you must export a new .p12 and set a new password.

Notes

• This is not your Apple ID password.
• Use a strong password and store it securely.

3. Dev ID Application

What it is The exact signing identity name for your Developer ID Application certificate (the text label). This tells the signing tool which certificate to use.

Expected FormatDeveloper ID Application: Your Name (TEAMID)

How to find it Run the following command in Terminal: security find-identity -v

Notes

• Must match exactly (case, spaces, and punctuation).
• This field is for signing .app and .dmg files. It is different from "Developer ID Installer".

4. Team ID

What it is Your 10-character Apple Developer Team ID (e.g., UC22LVXXXX).

How to find it

• In the Apple Developer Account membership details.
• Inside the signing identity string parentheses, e.g., (UC22LVXXXX).

5. Apple ID (Email)

What it is The Apple ID email used for notarization (typically your Developer account email).

Notes

• Used for notarization authentication.
• It must have access to the developer team.

6. App-Specific Password

What it is A unique password generated in your Apple ID account for automated services.

How to create it Go to Apple ID Account Settings > Sign-In and Security > App-Specific Passwords > Generate a new one.

Notes

• Required for non-interactive notarization (CI/CD or build servers).
• If lost, you must generate a new one.

7. Sign your app

Now you can use this elements to fill up the form to sign your app for macos on Bubbledesk.

Quick Setup Checklist

1. Export Developer ID Application as a .p12 from Keychain > Upload to Certificate (.p12).
2. Enter the export password into Certificate Password.
3. Copy the identity string from security find-identity -v into Dev ID Application.
4. Paste your Team ID (e.g., UC22LVXXXX).
5. Enter your Apple ID email.
6. Generate and paste an App-Specific Password.