This article includes instructions for collecting and importing your Code Signing certificate into Keychain on MacOS. This process requires that you originally created your certificate request and private key using Keychain, and that the private key is still saved in Keychain.
If you purchased your Code Signing certificate after May 14, 2023, you will not need to undergo any of these processes as the certificate will be delivered to you in its final form on physical hardware.
Collecting the Certificate
If you created a Certificate Signing Request (CSR) for your Code Signing certificate on your Mac using Keychain Access, this guide will help you complete the collection process to obtain your certificate.
First, you must receive the certificate collection email from the Certificate Authority containing the link to the certificate collection website and the unique collection code required to download the certificate.
Please note that although the Certificate Authority recommends the use of Firefox ESR on Mac, we actually recommend using Google Chrome instead. The Chrome browser should automatically download a file named "user.crt"
Next, you will import the certificate to Keychain to pair it with the private key.
- Import the certificate into Keychain through File > Import Items.
- In the Destination Keychain pop-up menu, choose the keychain you want to import to (should be the same one containing the private key i.e. Login), then click Open.
- You may encounter an error message stating the certificate could not be imported. This is usually a false error and the certificate will be correctly imported.
- Once the certificate is imported in keychain, you can export the certificate from Keychain following the instructions below.
Exporting the Certificate
1. Locate the imported certificate and its matching key by searching for the email address covered by the certificate. Highlight both items by pressing Command when clicking on each one.
You may also need to include the intermediate chain certificates from the Certificate Authority, which can be downloaded from the links below. Import both of these certificates into your keychain and include them when selecting the certificate and key files for export.
- [Download ] Sectigo Public Code Signing CA R36
- [Download ] SectigoPublicCodeSigningRootR46_AAA [ Cross Signed ]
2. Click File on the top toolbar and select Export Items.
3. Save the new file with an easily recognizable name and make sure the format is set to Personal Information Exchange (.p12). You may be required to set a new password on this file.
4. Once you have the certificate saved as a P12 file, you can move the file to another system and install there using the password created when exporting from Keychain.