Get DMGKit

Setup

DMGKit First Setup: Notarization, Certificates, and Keychain

Set up DMGKit for macOS notarization with Apple Developer certificates, notarytool credentials, Keychain profiles, and repeatable export settings.

Updated June 2026SetupDMGKit Guide

The first notarization setup is usually the hardest part of direct Mac distribution. Once your certificates and keychain profile are configured, every future release becomes much calmer.

This guide walks through the setup DMGKit expects: Developer ID certificates, Apple notary credentials, and a keychain profile that can be reused during export.

What you are setting up

A complete signing and notarization setup connects your Apple Developer account, Developer ID certificate, notarytool credentials, and DMGKit export settings.

  • Apple Developer membership.
  • Developer ID Application certificate.
  • Notarytool keychain profile.
  • DMGKit notarization settings.

Create Developer ID certificates

In the Apple Developer portal, create and install Developer ID certificates. Confirm the private key exists in Keychain Access; without it, signing will fail.

  • Developer ID Application signs the app bundle.
  • Developer ID Installer signs installer packages where applicable.

Store notarization credentials

xcrun notarytool store-credentials "DMGKit_Notary" \
  --apple-id "your@email.com" \
  --team-id "TEAMID123" \
  --password "app-specific-password"

Use an app-specific password, not your normal Apple ID password.

Configure DMGKit

Open DMGKit settings and enter the signing identity, team ID, and notary profile name. Save the configuration before exporting.

Run a test export

codesign -dv --verbose=4 "YourApp.app"
spctl -a -vvv --type execute "YourApp.app"

Test a small internal build before relying on the workflow for a public launch.

Best practices

  • Keep certificate names consistent across Macs.
  • Save your keychain profile name.
  • Test on a clean Mac or clean user account.
  • Verify final output with DMGKit Inspector.

Ship cleaner Mac releases

Design, notarize, inspect, and distribute from one native workflow.

DMGKit helps developers turn a fragile release checklist into a polished, repeatable Mac distribution process.

Get DMGKitDownload DMGKit Inspector

FAQ

Do I need to set this up every time?

No. After the first setup, the same certificate and notary profile can be reused.

What if DMGKit cannot find my certificate?

Check Keychain Access and confirm the certificate includes its private key.

Can I use a custom notary profile name?

Yes. Use the same profile name in DMGKit that you stored with notarytool.

Related guides

Notarize Mac appsRead next →Configure installer sizeRead next →Add legal agreementsRead next →