sign application with self certificate

2016-04-04 :: ( 2 minutes reading )

When compiling binary that open port, (depending on your settings) it will ask to allow if the process can make the connection.

We can sign our binary with certificate to avoid this.

From http://apple.stackexchange.com/questions/3271/how-to-get-rid-of-firewall-accept-incoming-connections-dialog/121010#121010

While RedYeti’s link is useful, just to save a few clicks for others let me recap how to generate a code-signing cert and to use it for code (re-)signing:

1. Create your own code signing cert:
In Keychain Access, Keychain Access > Certificate Assistant > Create a certificate. This launches the Certificate Assistant:

Name: Enter some arbitrary string here that you can remember. Avoid spaces otherwise you'll need to escape the cert's name when using codesign from the command line.

Identity type: Self Signed Root

Certificate Type: Code Signing

Check the box "Let me override defaults", this is quite important

Serial number: 1 (OK as long as the cert name/serial no. combination is unique)

Validity Period: 3650 (gives you 10 years)

Email, Name, etc. fill out as you wish.

Key pair info: set to RSA, 2048 bits. Does not really matter IMHO.

From "Key usage extension" up to "Subject Alternate Name Extension": accept the defaults.

Location: login keychain.

Once it is created, set to "Always trust" in the Login keychain.


2. Re-signing an app: codesign -f -s <certname> /path/to/app --deep

3. Verify that it worked: codesign -dvvvv /path/to/app

Enjoy!
comments powered by Disqus

Archives

English

  • My Desktop With i3, polybar, conky, and rofi
  • Convert Intellij Live Template to vscode Snippet
  • Why for-range behaves differently depending on the size of the element (A peek into go compiler optimization)
  • Testing go 1.5 cross compilation on raspberry pi
  • osx-push-to-talk App
  • Tracking origin of bugs with git bisect
  • Stubbing Time.Now() in golang
  • My account just got hacked by Romanian (Possibly)
  • berks upload core dump
  • Safely sharing credentials with PGP

Indonesia

  • Ruby Fiber apaan sih ?
  • Scale MongoDB dengan Sharding
  • Telepon murah ke Indonesia dengan voip

Today I Learned

  • Convert PDF to Text Using OCR
  • Checkout Last Branch
  • Replacing Last Command and Execute It
  • Open Last Command in the Editor With Fc
  • Regex for Validating Password
  • Sort file inline
  • Show Hidden File
  • Bash Forloop
  • Zsh Ctrl P Same Behavior as Up Arrow
  • extend letsencrypt certificate with DNS challenge
Labs.Yulrizka.com
twitter github feed
    • Left Panel
    • No Panel
    • Right Panel
  • Home
  • EN
  • ID
  • Today I Learned

© Ahmy Yulrizka 2019. Made with hugo source