Certificate Authority for Code Signing in Mac/Apple

Sometime or the other, developers using Mac have come across error messages like no identity found in the keychain or 0 valid identities found while trying to do code signing of some app.

The issue arose because of the mandatory requirement in macOS Monterey that all apps be code signed. We create a Certificate Authority first and a code signing Certificate thereafter, issued by the created certificate authority.

Press Command (⌘) + Space Bar and bring up the Spotlight search window.

spotlight

Type "Keychain" and select Keychain Access.

keychain access

Click on Keychain Access > Certificate Assistant > Create a Certificate Authority...

create certificate authority

Fill the name field with whatever name you decide for your certificate authority. In the Identity Type and User Certificate fields, select Self-Signed Root CA and SSL Server from the options respectively.

ertificate authority fields

Click on Create, and the certificate authority is created.

certificate authority complete

But the certificate authority you just created is marked red, with the message reading: "this root certificate is not trusted".

certificate authority not trusted

To resolve this, double click on the newly created certificate. A window pops up, and you will see the collapsed Trust panel. Expand the panel.

certificate authority double-click

You will find the When using this certificate: field. From the options, select the Always Trust option and save the changes.

certificate authority always trust

Now the certificate is trusted for your account. The red warning message is no more.

certificate authority trusted

Now that a certificate authority has been created, we next create a code signing certificate.

Click on Keychain Access > Certificate Assistant > Create a Certificate...

create a certificate

A form pops up. The name field you can fill with whatever name you fancy. In the Identity Type and User Certificate fields, select Leaf and Code Signing from the options respectively. Also, check the Let me override defaults box just below.

create a certificate form

In the next page of the form, fill the Email field. Then click on Continue.

create a certificate email field

Next, you get the Choose An Issuer form where your newly created Certificate Authority comes auto selected. Click Continue.

create a certificate choose CA

The next consequent steps are outlined in the image below.

create a certificate next 6 steps

After clicking on the Create button of the last step, the code signing certificate is created.

create a certificate done

Your certificate is listed in the Keychain Access.

create a certificate list in keychain

Now bring up the terminal and type the following command: 

				
					security find-identity -v

Now bring up the terminal and type the following command: 

				
					security find-identity -v

Your will find something akin to the lines below.

create a certificate identities

To bring up just the code signing certificate(s), refine the command as below: 

				
					security find-identity -v -p codesigning

They will be listed as:

create a certificate codesigning

If however you find output messages like 

				
					0 valid identities found

which obviously would have given way to messages like no identity found in the keychain error when codesigning an app, you need to download the Apple WWDR CA from here. 

				
					find / -libphp7.so

code sign libphp7.so 

				
					codesign -f -s 59A385A3526927AD6089FB2F57A5605B22AD5C57 /usr/local/opt/php@7.4/lib/httpd/modules/libphp7.so