diff --git a/deploy/PrivacyTechAppleCert.p12 b/deploy/PrivacyTechAppleCert.p12
deleted file mode 100644
index f8b919574..000000000
Binary files a/deploy/PrivacyTechAppleCert.p12 and /dev/null differ
diff --git a/deploy/PrivacyTechAppleCertDeveloperId.p12 b/deploy/PrivacyTechAppleCertDeveloperId.p12
new file mode 100755
index 000000000..a04ec85a0
Binary files /dev/null and b/deploy/PrivacyTechAppleCertDeveloperId.p12 differ
diff --git a/deploy/PrivacyTechAppleCertInstallerId.p12 b/deploy/PrivacyTechAppleCertInstallerId.p12
new file mode 100755
index 000000000..ee9a34e90
Binary files /dev/null and b/deploy/PrivacyTechAppleCertInstallerId.p12 differ
diff --git a/deploy/WWDRCA.cer b/deploy/WWDRCA.cer
new file mode 100644
index 000000000..d2bb1da64
Binary files /dev/null and b/deploy/WWDRCA.cer differ
diff --git a/deploy/build_macos.sh b/deploy/build_macos.sh
old mode 100644
new mode 100755
index ecd31833a..2671a5171
--- a/deploy/build_macos.sh
+++ b/deploy/build_macos.sh
@@ -29,15 +29,9 @@ QMAKE_STASH_FILE=$PROJECT_DIR/.qmake_stash
 TARGET_FILENAME=$PROJECT_DIR/$APP_NAME.dmg
 
 # Seacrh Qt
-echo "Brew Qt version $(brew --prefix qt)"
-
-
-#if [ -f $(brew --prefix qt)/clang_64/bin/qmake ]; then QT_BIN_DIR=$(brew --prefix qt)/clang_64/bin;
-#else QT_BIN_DIR=$HOME/Qt/5.14.2/clang_64/bin; fi
+if [ -z "${QT_VERSION+x}" ]; then export QT_VERSION=5.14.2; fi
 
 QT_BIN_DIR=$HOME/Qt/$QT_VERSION/clang_64/bin
-
-#QIF_BIN_DIR=$HOME/Qt/Tools/QtInstallerFramework/4.0/bin
 QIF_BIN_DIR=$QT_BIN_DIR/../../../Tools/QtInstallerFramework/4.0/bin
 
 echo "Using Qt in $QT_BIN_DIR"
@@ -73,6 +67,30 @@ $QT_BIN_DIR/macdeployqt $OUT_APP_DIR/$APP_FILENAME -always-overwrite
 cp -av $RELEASE_DIR/service/server/$APP_NAME-service.app/Contents/macOS/$APP_NAME-service $BUNDLE_DIR/Contents/macOS
 cp -Rv $PROJECT_DIR/deploy/data/macos/* $BUNDLE_DIR/Contents/macOS
 
+if [ "${MAC_CERT_PW+x}" ]; then
+
+CERTIFICATE_P12=$SCRIPT_DIR/PrivacyTechAppleCertDeveloperId.p12
+WWDRCA=$SCRIPT_DIR/WWDRCA.cer
+KEYCHAIN=build.keychain
+TEMP_PASS=tmp_pass
+
+if [ -z "$(security list-keychains | grep $KEYCHAIN)" ]; then
+security create-keychain -p $TEMP_PASS $KEYCHAIN
+security list-keychains
+security default-keychain -s $KEYCHAIN
+security unlock-keychain -p $TEMP_PASS $KEYCHAIN
+security import $WWDRCA -k $KEYCHAIN -T /usr/bin/codesign
+security import $CERTIFICATE_P12 -k $KEYCHAIN -P $MAC_CERT_PW -T /usr/bin/codesign
+fi
+
+security find-identity -p codesigning
+
+codesign --deep --force --verbose -o runtime --sign "Developer ID Application: Privacy Technologies OU (X7UJ388FXK)" $BUNDLE_DIR
+codesign --verify -vvvv $BUNDLE_DIR
+spctl -a -vvvv $BUNDLE_DIR
+
+fi
+
 
 mkdir -p $INSTALLER_DATA_DIR
 cp -av $PROJECT_DIR/deploy/installer $RELEASE_DIR
@@ -90,5 +108,9 @@ cd $RELEASE_DIR/installer
 $QIF_BIN_DIR/binarycreator --offline-only -v -c config/macos.xml -p packages -f $APP_NAME
 hdiutil create -volname $APP_NAME -srcfolder $APP_NAME.app -ov -format UDZO $TARGET_FILENAME
 
+if [ "${MAC_CERT_PW+x}" ]; then
+codesign --deep --force --verbose --sign "Developer ID Application: Privacy Technologies OU (X7UJ388FXK)" $TARGET_FILENAME
+#xcrun altool --notarize-app -f $TARGET_FILENAME -t osx --primary-bundle-id $APP_DOMAIN
+fi
 
 echo "Finished, artifact is $PROJECT_DIR/$APP_NAME.dmg"