diff --git a/.gitea/workflows/test-macos-build.yml b/.gitea/workflows/test-macos-build.yml
index aaa10cbe..124fcb8a 100644
--- a/.gitea/workflows/test-macos-build.yml
+++ b/.gitea/workflows/test-macos-build.yml
@@ -116,13 +116,19 @@ jobs:
           curl -s -o AppleWWDRCAG3.cer https://www.apple.com/certificateauthority/AppleWWDRCAG3.cer
           curl -s -o DeveloperIDG2.cer https://www.apple.com/certificateauthority/DeveloperIDG2.cer
           
+          # Check certificate formats - for debugging
+          echo "Certificate formats:"
+          file AppleWWDRCAG3.cer
+          file DeveloperIDG2.cer
+          file certificate.p12
+          
           # Import Apple root certificates properly
-          # Use -T to restrict access to codesign instead of -A (which is insecure)
+          # Apple DER certificates need to be imported with -f der flag
           echo "Importing Apple WWDRCA certificate..."
-          security import AppleWWDRCAG3.cer -k "$KEYCHAIN_PATH" -T /usr/bin/codesign -f openssl
+          security import AppleWWDRCAG3.cer -k "$KEYCHAIN_PATH" -T /usr/bin/codesign -f der
           
           echo "Importing Developer ID certificate..."
-          security import DeveloperIDG2.cer -k "$KEYCHAIN_PATH" -T /usr/bin/codesign -f openssl 
+          security import DeveloperIDG2.cer -k "$KEYCHAIN_PATH" -T /usr/bin/codesign -f der
           
           # Import developer certificate with proper parameters
           echo "Importing developer certificate..."