Friday, February 21, 2014

To get rid of Firewall warning for particular application in Mac OS X Mavericks

Each time we open up an application which attempts to open a network connection in OS X, a firewall warning will always pop-up (in case you don't turn your firwall off) to ask for action like allowing a connection to be opened.

This might be annoying when you open your favourite app and get blocked by this warning everyday. The reason would be clear when you type the following command in Terminal for a check:

$
$ codesign -dvvvv /path to/your application


You probably received a feedback like this:

/path to/your application: code object is not signed at all

Well, it explains itself properly. You favourite app have not signed with a valid certificate. A valid cerficate, whether self-signed or genuine, should let OS X Firewall bypass the restriction and let the app open up network connection without warning.

You should not do the following steps unless you are pretty sure the app works normal and doesn't trigger any malicious activities, i.e., not a malware.

To generate your self-signed certificate, you can use OS X built-in app like "Keychain Access".



  • From the menu "Keychain Access", select item "Certificate Assistant" and then "Create a certificate ...".
  • Type in the name of your certificate in Name field and then select "Code signing" in Certificate Type selection box and then click "Create" button to generate new self-signed certificate. 


You may have to create different certificates for different apps so you can identify each one and revoke the certificate for the app in case you don't like it.

Remember the name of the self-signed certificate you created.

To sign the app you like, there are two options:

For single executable file without framework or plugins, you can try:

$
$ codesign -f -s "name of self-signed cert" /path to/your application


For big application (like *.app) with a set of framework or plugins, you should try adding option like --deep to sign every file recursively within that application:

$
$ codesign --deep -f -s "name of self-signed cert" /path to/your application


To verify the details of code signing for this app, you can re-type a command in Terminal like this:

$
$ codesign -dvvvv /path to/your application

This time you will see those signing attributes like Identifier, Hash type, CDHash, Authority and Signed time showing up properly.

After this, you can try opening your favourite app and this time no more Firewall warning should appear.











Posted by Kenneth Fung at 10:44 AM
Labels: , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)