Developer ID certificates

1. In Certificates, Identifiers & Profiles, click Certificates in the sidebar.

2. On the top left, click the add button (+).

3. Under Software, select Developer ID, then click Continue.

   • Developer ID Application: A certificate used to sign a Mac app.

   • Developer ID Installer: A certificate used to sign a Mac Installer Package, containing your signed app.

4. Follow the instructions to create a certificate signing request.

5. Click Choose File.

6. In the dialog that appears, select the certificate request file (a file with a .certSigningRequest file extension), then click Choose.

7. Click Continue.

8. Click Download.

   The certificate file (a file with a .cer file extension) appears in your Downloads folder.

To install the certificate in your keychain, double-click the downloaded certificate file. The certificate appears in the My Certificates category in Keychain Access.

Apps signed with a Developer ID are evaluated by GateKeeper when a customer installs your application. If your application utilizes a Developer ID provisioning profile to support advanced capabilities, then that profile is also evaluated, both at app installation time and at every app launch. Developer ID provisioning profiles generated after February 22, 2017, are valid for 18 years from the creation date, regardless of the expiration date of your Developer ID certificate. It's helpful to understand how the expiration of your Developer ID certificate and Developer ID provisioning profile will impact you and your users.

• For apps that don’t utilize a Developer ID provisioning profile
  Gatekeeper will evaluate the validity of your Developer ID certificate when your application is installed. As long as your Developer ID certificate was valid when you compiled your app, then users can download and run your app, even after the expiration date of the certificate. However, you’ll need a new certificate to sign updates and new applications.
• For apps that utilize advanced capabilities with a Developer ID provisioning profile
  Gatekeeper will evaluate the validity of your Developer ID certificate when your application is installed and will evaluate the validity of your Developer ID provisioning profile at every app launch. As long as your Developer ID certificate was valid when you compiled your app, then users can download and run your app, even after the expiration date of the certificate. However, if your Developer ID provisioning profile expires, the app will no longer launch.
• For installer packages signed with a Developer ID Installer certificate
  Gatekeeper will evaluate the validity of your Developer ID Installer certificate when your installer package is run. Your installer package will only launch if your Developer ID Installer certificate is valid. Installer packages signed with a Developer ID Installer certificate that has expired must be re-signed with a valid Developer ID Installer certificate in order to run.

Any Developer ID app signed with a certificate that has been revoked can no longer be installed nor launch if it’s already installed.

What happens to my applications signed with Developer ID if my Apple Developer Program membership expires?

If your membership expires, users can still download, install, and run your applications that are signed with Developer ID. However, once your Developer ID certificate expires, you must be an Apple Developer Program member to get new Developer ID certificates to sign updates and new applications.