Read this first

This project is in an early experimental stage. Everything related to this project is subject to change at any time. Our current root CA certificates are temporary, will expire in August 2013 and will be replaced before that. When that happens, all CSRs will have to be re-processed with the new root CAs, and all software signed with previously issued certificates must be re-signed. is not a serious Certificate Authority. It should be considered an example of what is possible and aims to show how to configure the OS X security mechanisms to suite more specialized needs.

If you're a user is an alternate source of trust for Mac OS X Gatekeeper. Using a simple installer you can configure Gatekeeper to trust certificates issued by us in addition to those issued by Apple. This gives you greater choice in what software you want to install on your computer, without giving up all the benefits of Gatekeeper and code signing.

If you're willing to trust (which you probably shouldn't at this point, unless you know me personally), download and run the installer and your system will be set up to accept apps signed by in just a few seconds.

To uninstall

To uninstall, simply open Terminal and type: sudo /opt/AltCa/bin/
The uninstaller script will remove all certificates and the corresponding rules in the Gatekeeper security policy.

If you're a developer is an alternate certificate authority for Mac OS X Gatekeeper. If you are a free/open source software developer we will issue code signing certificates for free. Currently we issue certificates to people with a GitHub account and a proven track record of free software releases.

To request an certificate (actually, you get two certificates; one for Installer packages and one for code signing), simply generate a CSR using the Certificate Assistant in Keychain Access. Save the CSR to a file. Fork the AltCA/csr repositoy on GitHub. In your fork, create a sub-directory with a name equal to your GitHub username. In that directory, place your CSR and commit and push to your GitHub fork of the csr repo. Then open a GitHub pull request with the commit containing your CSR. We will review your CSR and if everything looks OK we will merge the pull request and at the same time place your new certificates in PEM format in our csr repository. You can then import those into your keychain and start signing software with them.

More information

Everything that makes up, except the private keys used for signing, is available on the AltCA GitHub page. The purpose of AltCA is to provide the infrastructure for anyone who wishes to provide similar services, not necessarily to provide a real CA for public use. This can be particularly useful for in-house development or software distribution to a limited, controlled audience.