How to check an app’s signature

GUI software and the commands you need to get the signature of an app checked thoroughly by macOS, plus a detailed list of error code.

What’s in an app’s signature?

App signatures are about more than just the certificate. That provides a chain of trust going back to Apple, and supports integrity checks and entitlements.

How Monterey checks apps and executable code

There have been changes to the way that macOS 12 checks executable code when asked to run it. Summarised in a diagram.

Why do installer packages expire, but apps don’t? Signing certificate and notarization oddities

App signatures remain valid forever, but Installer packages are different, and their certificates can and do expire. What about notarization though?

Will Apple honour its promises on OCSP certificate checks?

Is Apple going to meet the promises it made a year ago, to protect its users around the world from the risk posed by its online signing certificate checks?

Brolly 1.1 now does its own testing of secure connections

Now checks which versions of TLS a server supports, and gives details of its full headers with caching disabled.

Brolly: a utility to help understand failed secure connections

A convenient utility to check secure connections under ATS using the nscurl command tool. For El Capitan to Monterey.

How Safari 15 checks a secure connection

A detailed walk through the log shows Safari 15 checking Safe Browsing, phishing sites using ML, and performing trust evaluation of certificates.

Last Week on My Mac: Web woes worsen

It should have been so easy: a quick change of Root certificate. So why all the chaos, and most of all why you mustn’t compromise your security as a result.

Explainer: Security certificates

Why do we keep having problems with security certificates when they’re just supposed to work? A look at what they do, and they work.