Code Signing Certificates
ToDesktop supports custom code signing certificates for mac and windows. These are digital certificates that enable operating systems to verify the identity of the software publisher and ensure that the code has not been altered since it was signed.
Custom certificates are required for using ToDesktop plugins that require file system access, and are also generally preferred if you want to adopt the role of the software publisher for your app. To provide a custom certificate, navigate to "Releases" in ToDesktop Builder and click either of the plus icons in the "Certificates" section:
Clicking either of these buttons will redirect you to the web application where you can insert your certificate details.
Mac Certificate and Notarization
Adding a certificate for Mac apps is an involved process that involves multiple toolchains. We'll list the set of steps below, but feel free to contact us at [email protected] if you're feeling overwhelmed:
- Create your CSR:
- Open Keychain Access app
- In menubar click the app name (Keychain Access) and choose Certificate Assistant > Request a Certificate From a Certificate Authority
- Type in your name and email address and let it save to disk
- Create your certificate:
- Go to Member Center: https://developer.apple.com/membercenter/
- Go to “Certificates, Identifiers & Profiles” > “Mac Apps” > “Certificates”
- Click add a cert
- Create a cert for “Production > Developer ID > Developer ID Application”
- When prompted for CSR then use CSR that you created in the previous step
- Download the
.cerand open it so it is installed in your keychain
- Export the cert to a
- Find the certificate in “Keychain Access” application (it should be located in the “login” keychain in the “My Certificates” category).
- Right click on it and choose export
- Export as p12 file
- Set a password on the p12 file
- Get an app-specific password for notarization
- Go to manage your apple account https://appleid.apple.com/account/manage
- Scroll to Security > App-Specific Password, and generate an App-Specific password
- Choose a label for the password
- Copy the password that it gives you, you will be sending this to us later.
- Add the Mac cert details to your app as indicated in the following screenshot (accessible at the URL https://app.todesktop.com/apps/your_app_id/certificates). The required fields are:
- Cert Password: The password you used when exporting the p12 file from keychain.
- Certificate File: Upload the p12 cert file here
- Apple ID: The apple id associated with your apple developer account
- App-specific Password: The app-specific password that you generated earlier.
On Windows, you can choose between a File or an EV certificate. Setting up an EV certificate is more expensive and involved, but will get you immediate “reputation”. This means that users of your desktop app will never be warned that your software is untrusted.
The steps below are for purchasing a certificate with GlobalSign. If using another provider (such as Digicert), please make sure that you purchase a certificate for deployment to a HSM (rather than a USB token).
Order the cert online with GlobalSign (make sure that you order code signing for HSM).
- Process is documented here: https://support.globalsign.com/code-signing/ordering-ev-code-signing-certificate-hsm-based
- Make note of your temporary password for later.
Go through the vetting process with Globalsign. This takes a couple of days and usually involves verifying company details.
Globalsign will send the certificate generation link.
- You will need the temporary password that was created earlier
- More details of this process are here: https://support.globalsign.com/code-signing/download-and-install-code-signing-certificate-hsm-based
You can now use ToDesktop to create a CSR will be used on the GlobalSign portal.
Go to the Certificates settings page via the web app
Scroll down to Windows certificate and choose “EV (GlobalSign)”
You can skip the first few steps as you have already completed them.
Choose “Generate Cert” and then click the “Generate CSR” button
Now you can copy the CSR that ToDesktop has generated into the GlobalSign portal
Finally, GlobalSign will provide you with a certificate file that you can upload to ToDesktop in the next step.
If you're feeling overwhelmed by the steps involved in either the Mac or Windows process, contact us at [email protected] and we'll help in every way we can.