B4J Tutorial MacSigner - Building notarized Mac packages

Screen Shot 2021-05-19 at 11.55.28.png

It is mostly impossible to run non-notarized and unsigned apps on new versions of Mac.
MacSigner tool will help you with the various steps required to convert the app jar to a notarized and signed app package.

  1. Mac computer.
  2. Apple developer account ($99 per year).

The java SDK is made of three components: Java JDK, JavaFX libs and JavaFX jmods.
Java JDK 14.0.2: https://download.java.net/java/GA/j...c647/12/GPL/openjdk-14.0.2_osx-x64_bin.tar.gz
JavaFX libs: https://gluonhq.com/download/javafx-16-sdk-mac/
JavaFX jmods: https://gluonhq.com/download/javafx-16-jmods-mac/

You need to download the three components to a folder:


And unpack the files:


Don't rename the folders.

Mac signer

Download and unzip MacSigner to your Mac: www.b4x.com/b4j/MacSigner.zip

Signing key

In most cases you should use a single signing key for all your app. Steps to create the signing key:
  1. Run MacSigner. Set the path to Java 14 bin folder: jdk-14.02.jdk/Contents/Home/bin
  2. Set the path to the keys folder.
  3. Click on Create Key. You can leave the default values.
  4. It will create various files in the keys folder, including a file named certSigningRequest.csr.
  5. It is a good time to save the MacSigner settings (File - Save).
  6. Go to: https://developer.apple.com/account/resources/certificates/list
    Create a new certificate. Set its type to Developer ID Application. Don't confuse it with other similar types.
    Upload certSigningRequest.csr when requested to upload a certificate signing request file.
  7. Download developerID_application.cer and put it in the keys folder:


    All these files go together. A certificate created with a different csr file will not work.
Steps from a jar to an app package

- the good old B4JPackager11 which is embedded inside MacSigner. Links the app jar with a Java runtime. Creates a standalone package.
Package - Uses Java jPackage tool to convert the standalone package to a Mac app package with a native launcher. The files in the package are signed during this step. It also creates a zip file of the package.
Notarize - Uploads the zip file to Apple server for automatic tests. This step can take several minutes to complete. This step ends when the file was uploaded to Apple. It can take another several minutes for Apple to process the file. An email will be sent after the file was processed.
Request Info (optional) - Checks the status of a submitted app.
Staple - After the app was notarized successfully, the staple step marks the app package as notarized.

More details


Copy the compiled jar to the Mac. If you have used #PackagerProperty then you should also copy packager.json, which is generated when you choose Project - Build standalone package:


No need to copy the json file if not using #PackagerProperty.
If completed successfully, you will see a line similar to:
You can check the linked package: /Users/ereluziel/Downloads/tempjars/temp/build/run.command
Worth running run.command to see that the package works as expected.


Set the app name. You can also put an icon file at the same folder as the jar file. The icon extension should be icns. You can use this tool to create the icon: https://cloudconvert.com/png-to-icns
As before, the output path will be logged. Worth double clicking on the app file. It should work.


Set your Apple's username and password. The password must be an app specific password: https://appleid.apple.com/account/manage - Security - App Specific Passwords
After the zip file is uploaded, you will see something like:
No errors uploading '/Users/ereluziel/Downloads/tempjars/package/MacSigner.zip'.
RequestUUID = 5d17a894-0389-4737-a898-cec4a90f0d50

You can check the request status using the request uuid. You will also receive an email when the check completes.


If the app was notarized properly then you should click on Staple to mark the app package. It will also delete the previous zip file and create a new one.

You can now distribute it 👍



  • 1.01 - Adds an option to set the provider. It is relevant when there are several teams related to the Apple account.
    There is a new List Providers button. Click on it. Find the provider short name and put it in the field. If there is a single provider then you can leave it empty.
  • 0.95 - fixes issue with Java.
Last edited: