diff --git a/admin/osx/sign_app.sh b/admin/osx/sign_app.sh
index e495fe1053..57e29cc954 100755
--- a/admin/osx/sign_app.sh
+++ b/admin/osx/sign_app.sh
@@ -6,14 +6,14 @@ src_app="$1"
 identity="$2"
 team_identifier="$3"
 
-codesign -s "$identity" --force --preserve-metadata=entitlements --verbose=4 --deep "$src_app"
+codesign -s "$identity" --force --preserve-metadata=entitlements --verbose=4 --options runtime --deep "$src_app"
 
 # Verify the signature
 codesign -dv $src_app
-codesign --verify -v $src_app
+codesign --verify -v --strict $src_app
 spctl -a -t exec -vv $src_app
 
 # Validate that the key used for signing the binary matches the expected TeamIdentifier
 # needed to pass the SocketApi through the sandbox
 codesign -dv $src_app 2>&1 | grep "TeamIdentifier=$team_identifier"
-exit $?
\ No newline at end of file
+exit $?