This page describes how to sign and notarize your application for macOS.

On macOS Catalina and later Gatekeeper enforces that you must sign and notarize your application. Unsigned software cannot be run, so contrary to Windows Code Signing this is not optional for macOS.


For more details read the Notarizing macOS software before distribution article.

Creating a signing certificate

To create a new signing certificate, you must generate a Certificate Signing Request (CSR) file from your Mac computer. Follow the Create a certificate signing request article to create a CSR file.

Open the Certificates, IDs & Profiles page and click on the Add button to open the interface to create a new certificate. Choose the appropriate certificate type (Apple Distribution to submit apps to the App Store, and Developer ID Application to ship apps outside the App Store). Upload your CSR, and the certificate will be created.

Downloading and installing certificate

On the Certificates, IDs & Profiles page, click on the certificate you want to use and click the Download button.

Double-click on the downloaded certificate to install it using the Keychain Access app on your Mac computer.

Molybden configuration

To have Molybden sign and notarize your application, you need to set the following properties in molybden.conf.json:

  "app": {
    "name": "MyApp",
    "version": {
      "major": "1",
      "minor": "0",
      "patch": "0"
    "author": "",
    "copyright": "",
    "description": "",
    "bundle": {
      "macOS": {
        "icon": "src-cpp/assets/app.icns",
        "bundleID": "",
        "codesignIdentity": "",
        "codesignEntitlements": "src-cpp/assets/entitlements.plist",
        "teamID": "",
        "appleID": "",
        "password": ""

Here’s description of what you should set as values for these properties:

Property name Property value
bundleID The bundle identifier of your application. It must be unique and in reverse-DNS format. For example, if your company’s domain is and your application is called MyApp, then your bundle identifier could be com.example.MyApp.
codesignIdentity This is the name of the certificate you created in the previous step. You can find the name of the certificate in the Keychain Access app on your Mac computer.
codesignEntitlements This is the path to the entitlements.plist file.
teamID This is the Team ID of your Apple Developer account. You can find it on the Membership page.
appleID This is your Apple Developer account email.
password This is an app-specific password for your Apple Developer account.

Signing and notarizing application

Once you set all the required properties in molybden.conf.json, your application will be signed and notarized automatically whenever you run:

npm run molybden build

Congratulations! You have successfully signed and notarized your Molybden application!

On this page