Publishing Mac apps

Umajin Editor supports producing MacOS standalone apps. The end result is a Mac .app that you can distribute normally. It does not have to be published on the Mac App Store. It is code signed and notarized as required by Apple.

Codesigning and notarizing requirements

In recent years, Apple has made it difficult to distribute software for Mac without “notarizing” it. Without notarization, Mac will refuse to run software by default. This can be worked around by right clicking and using Open, but it is not usually acceptable for end users.

This is a process similar to code-signing for other platforms.

Notarization is done by the Umajin publishing system, and requires actions from you.

Apple Developer Account

First, create an Apple developer account

  • This requires an Apple ID. We suggest creating a generic email address for your company such as appledev@mycompany.com, rather than a specific person; this avoids challenges when that person moves on or changes role.
  • This requires payment each year and a registered DUNS number.

Application Identifier (App ID)

  • In the Apple Developer portal select Identifiers
  • This is a bundle ID usually following the pattern com.<companyname>.<applicationname>
  • It is important to use something you are willing to keep permanently, as it will identify your application to Apple. Don’t use clever brand names that you might need to change later.

Developer ID Application Certificate

If you don’t already have one, create your Developer ID Application certificate, following the process below.

  • This process will make certificates and other files that will identify your company to Apple. Think carefully about the data you enter, and save all the generated files, passwords and emails.
  • The process for generating this is much easier if you have a Mac.
  • If you only have a Windows PC, the process to generate the Apple certificates is more complex.

Creating Developer ID Application on Mac

Use the same Mac for all the following processes, as certain pieces of data are stored silently and are difficult to transfer, such as private keys.

Open the Mac application Applications > Utilities > Keychain Access. Select Certificates in the sidebar.

Certificate Signing Request (.csr)

In Keychain Access:

  • Menu: Certificate Assistant > Request a Certificate from a Certificate Authority.
  • Enter your email address and name for the certificate and select Saved to disk (this will mean the CA email is not required).
  • Click Continue.
  • Save the .csr file somewhere safe.

Developer ID Application Certificate (.cer)

Log into the Apple developer site and go to Certificates.

  • Click the + button to create a new certificate.
  • Select “Developer ID Application” and click Continue.
  • Upload your certificate signing request you made above and click Continue.
  • Download the new developerID_application.cer file.
  • Save the .cer file somewhere safe.

Export the Certificate (.p12)

In Mac Finder:

  • Double click the .cer file to import it into Keychain.

Then in Keychain Access:

  • Find the “Developer ID Application: <your company>” certificate
  • Right click and select export
  • Select the File Format “Personal Information Exchange (.p12)”
    • If you do not have this option, Keychain Access does not have the private key you used in the CSR. Are you still on the same Mac?
  • Enter a password for the P12 file.
  • Save this password for entry into Umajin publishing system below.
  • Save the p12 file.

Creating Developer ID Application on Windows

Certificate Signing Request (.csr)

First, you need to generate a Private Key, and a Certificate Signing Request for your certificates, using the OpenSSL tool. You can download OpenSSL from the OpenSSL site.

When OpenSSL is installed, open a command prompt to the directory where you installed it and enter the following commands

openssl genrsa -out mac_private.key 2048
openssl req -new -key mac_private.key -out mac.csr -subj "/emailAddress=YOUREMAILADDRESS, CN=APPNAME, C=COUNTRYCODE"
Note: Replace the CAPITALIZED text above with relevant information for your app.

This will create a mac_private.key and mac.csr file which are needed below.

Developer ID Application Certificate (.cer)

Log into the Apple developer site and go to Certificates.

  • Click the + button to create a new certificate.
  • Select “Developer ID Application” and click Continue.
  • Upload your certificate signing request you made above and click Continue.
  • Download the new developerID_application.cer file.
  • Save the .cer file somewhere safe.

Export the Certificate (.p12)

The final step is to export or package the .cer file into a .p12 file, by way of a .pem file. Enter the following commands:

openssl x509 -in developerID_application.cer -inform der -out developer.pem
openssl pkcs12 -export -in developer.pem -inkey mac_private.key -password pass:"New password" -out developer.p12

App-specific password for Notarization

Create an app-specific password.

  • This is a special purpose, extra password made in your AppleID account, not in the developer portal.
  • Do not use your Apple account password. That will not work and should never be given to anyone else.

Checklist: Mac Publishing Requirements

You should now have the following items ready to use with Umajin for publishing to the iOS AppStore.

  • developerID_application.p12 file
  • password for the .p12 file
  • app-specific password 

Preparing publishing assets

For the most part, Umajin will package your project files as required. Some special files are involved, as below.

Icons and Splash Screen

For Mac apps these are simply files you add to your project in a specific location:

Icon: manifest/osx/application.icns

Splash: manifest/osx/splash.png or splash.jpg

Native Libraries

If you have integrated native libraries (Dylibs) into your app then they should be placed in the following folder (as in Umajin Lite for testing):

Dylibs: manifest/osx/bin/


Publishing process

To begin, use Umajin Editor’s menu: File > Publish… and select Publish to Desktop.

Umajin Editor will save the project and then the process will continue in the cloud.

Cloud – Publish information

First, select the operating systems you want to target. In this case, select Apple MacOS, and click Next.

Cloud – Mac information

You will need to enter some details for Umajin to build your app.

  • Mac App Name: this will be used for the exe name, for the Window title at startup, and for the embedded version resources.
  • Bundle ID: the ID you created above to identify your app to Apple.
  • Version: the version that will be embedded inside the app.

The remaining information is required for codesigning and notarizing:

  • Apple ID email: the email address of your Apple Developer account. If there is more than one person in the team, then this must be the email of the owner account.
  • App-specific password: The special password you created in the Apple ID portal above. Do not use your Apple account password.
  • Developer ID Application certificate: the .p12 file you created above containing your Developer ID Application certificate.
  • Developer ID Application password: password for the .p12 file.
  • Dev Team: Enter the ID of your Apple development team, a short alphanumeric code like XY826BH
Security Note: Your Developer ID Application certificate and password will be stored on our cloud servers, encrypted with a key that only Umajin is able to decode internally.

Click Next to save the data you have entered.

After entering data for any other platforms you want to distribute to (iOS, Android, Windows) you will reach the Confirm page.

Build process

Please contact Umajin to build the software after you have filled in the data above.

Packaging Output

Umajin will perform a basic packaging of your application into a zip file.

The zip file contains a functional .app folder, which you can drag to the Mac Applications folder, or run in place. The app is signed and notarized as required by Apple.  The files in the .app cannot be changed as this will break the code signing and notarization, and will prevent the app from running.

You may choose to wrap the contents up into a suitable branded installer. We use the Python dmgbuild script to produce a DMG file but there are other formats.