How to create Certificate Authority for Code Signing in macOS

Certificate Authority or CA allows you to sign digital certificates. In macOS, you can create your own Code Signing certificate and then configure your own CA to sign the certificate.

Creating your own CA is useful if you are running a development environment or signing modules or programs using codesign tool on your system. Certificate Authority can be created in macOS using the Keychain Access utility.

1. Launch Keychain Access.

   
2. Go to Keychain Access → Certificate Assistant → Create a Certificate Authority from the menu bar.

   
3. Set a name for your CA.

   
4. Click on User Certificate select list.

   

5. Select Code Signing from the list.

   
6. Check on Let me override defaults checkbox.

   
7. Enter the email address for your CA.

   
8. Click on Continue.

   

   Click Continue if you encounter this warning.

   Related : How to create code signing certificate in macOS

9. Accept defaults for Certificate Information and click Continue.

   

   Click Continue if you encounter this warning.

   

10. Enter certificate information and click Continue.

    
11. Accept defaults for Key Pair Information For This CA and click Continue.

    
12. Accept defaults for Key Pair Information For Users of This CA and click Continue.

    
13. Accept defaults for Key Usage Extensions For This CA and click Continue.

    
14. Accept defaults for Key Usage Extensions For Users of This CA and click Continue.

    

15. Click on Include Extended Key Usage Extension.

    
16. Click to check the Code Signing checkbox.

    
17. Click Continue.

    
18. Accept defaults for Extended Key Usage Extensions For Users of This CA and click Continue.

    
19. Accept defaults for Basic Constraints Extension For This CA and click Continue.

    

20. Accept defaults for Basic Constraints Extension For Users of This CA and click Continue.

    
21. Accept defaults for Subject Alternative Name For This CA and click Continue.

    
22. Accept defaults for Subject Alternative Name for Users of This CA and click Continue.

    
23. Click Create to create the CA.

    
24. Close the Certificate Assistant window and open Keychain Access.

    

25. Double click on your newly created CA in login → My Certificates.

    
26. Click on Trust.

    
27. Click on When using this certificate select list.

    
28. Click on Always trust.

    
29. Close the CA information window.

    

30. Authenticate to the system to enable your changes.