iTranslated by AI

The content below is an AI-generated translation. This is an experimental feature, and may contain errors. View original article

🐰

Preparing Developer ID Certificates for Distributing Mac Apps Outside the App Store (via Notarization)

2026/01/27に公開

Xcode

macOS

tech

 PrerequisitesTo distribute Mac apps, there are basically two ways: 1. Distributing through the Mac App Store, or 2. Distributing outside the store using Apple's Notarization. Method (1) is the same as for iOS apps, while (2) provides a way to freely distribute app binaries via the Web or various media, just like traditional desktop apps.
Previously, developers could distribute binaries by simply packaging them directly into Zip files or similar. However, current macOS is equipped with security features that restrict the execution of such non-notarized apps from unidentified developers, making the distribution of apps without notarization practically difficult.
Details: https://developer.apple.com/documentation/security/notarizing-macos-software-before-distribution
To use Apple's notarization for Mac apps, you must create a Developer ID certificate. Members of the Apple Developer Program can create and manage Developer IDs through Xcode and the Apple Developer website. However, the available operations differ between the Account Holder role and roles from Admin and below within the Developer Team. Only the Account Holder can perform the operation to create a new Developer ID.
In individual development (teams), the person is usually the Account Holder, but when operating within an organization, roles may be divided among different personnel. Please proceed according to your specific situation.

 1. Log in to a valid Apple Account in Xcode settings(Personnel: All)
In Xcode settings, log in to a valid Apple Account that is participating in the Apple Developer Program.
Apple Developer Program details: Apple Developer Program - Apple Developer

 2. Create a Certificate Signing Request (CSR) (First time only)(Personnel: All)
Follow the steps in the official documentation to create a Certificate Signing Request using Keychain Access and prepare the .certSigningRequest file locally.
Official explanation:

Create a certificate signing request

 3. Create a Developer ID via Xcode (Basically only once)(Personnel: Account Holder)
!
This operation can only be performed by an account with the Account Holder role. Accounts with Admin or lower roles should pass the .certSigningRequest file to an Account Holder member to perform the task.
You can create a maximum of five Developer IDs, but please note that once created, you generally cannot delete them yourself.

The official explanation describes the procedure via the web. You can achieve the same result using Xcode, which is often easier once you are familiar with it.
Official explanation:

Create Developer ID certificates
Display the certificate list sheet by clicking "Manage Certificates...", select "Developer ID Application" from the add menu (+) at the bottom left, and follow the dialog to proceed.

 Build SettingsIn Xcode's build settings, set the certificate to "Developer ID Application." Since you cannot select this if "Automatically manage signing" is enabled, disable it first.

 Distributing the Developer ID Certificate from the Account Holder (As needed)(Personnel: Account Holder)
If you want to distribute additional Developer ID certificates within your team, export the Developer ID certificate to a p12 file from the Account Holder's Xcode settings.
Select "Export Certificate" from the context menu,
specify a filename and location, and set an appropriate password. A password is required, but anything is fine. Make sure to communicate the password to the recipient (or remember it if you are the recipient).
Pass the exported p12 file and password to the recipient. Once they double-click it and enter the correct password, it will be registered in the Keychain Access of that environment.

 Building and Exporting a Notarized App BinaryFirst, ensure the archive build is successful.
Run the archive build via Product > Archive.
If successful, the build will appear in the Organizer window. (You can open this Organizer at any time from the Window menu.)
Select the build and click Distribute App.
Select "Direct Distribution" and proceed; the process will start.


If successful, notarization is granted. You can obtain the app build (.app) by clicking Export here or directly from the notarized build in the Organizer.
For distribution, it is recommended to package the .app file into a disk image (.dmg file) or a Zip file rather than handling the .app file directly.

iTranslated by AI

Prerequisites

1. Log in to a valid Apple Account in Xcode settings

2. Create a Certificate Signing Request (CSR) (First time only)

3. Create a Developer ID via Xcode (Basically only once)

Build Settings

Distributing the Developer ID Certificate from the Account Holder (As needed)

Building and Exporting a Notarized App Binary

Discussion