sign application with self certificate
When compiling binary that open port, (depending on your settings) it will ask to allow if the process can make the connection.
We can sign our binary with certificate to avoid this.
While RedYeti's link is useful, just to save a few clicks for others let me recap how to generate a code-signing cert and to use it for code (re-)signing:
1
1. Create your own code signing cert:
2
In Keychain Access, Keychain Access > Certificate Assistant > Create a certificate. This launches the Certificate Assistant:
3
​
4
Name: Enter some arbitrary string here that you can remember. Avoid spaces otherwise you'll need to escape the cert's name when using codesign from the command line.
5
​
6
Identity type: Self Signed Root
7
​
8
Certificate Type: Code Signing
9
​
10
Check the box "Let me override defaults", this is quite important
11
​
12
Serial number: 1 (OK as long as the cert name/serial no. combination is unique)
13
​
14
Validity Period: 3650 (gives you 10 years)
15
​
16
Email, Name, etc. fill out as you wish.
17
​
18
Key pair info: set to RSA, 2048 bits. Does not really matter IMHO.
19
​
20
From "Key usage extension" up to "Subject Alternate Name Extension": accept the defaults.
21
​
22
Location: login keychain.
23
​
24
Once it is created, set to "Always trust" in the Login keychain.
25
​
26
​
27
2. Re-signing an app: codesign -f -s <certname> /path/to/app --deep
28
​
29
3. Verify that it worked: codesign -dvvvv /path/to/app
30
​
31
Enjoy!
Copied!
Last modified 1mo ago
Copy link