diff --git a/.ci/compile.sh b/.ci/compile.sh
index 19777aa94..ee846897b 100755
--- a/.ci/compile.sh
+++ b/.ci/compile.sh
@@ -218,6 +218,21 @@ if [[ $RUNNER_OS == macOS ]]; then
     echo "::endgroup::"
   fi
 
+  echo "::group::Signing Certificate"
+  if [[ -n "$MACOS_CERTIFICATE_NAME" ]]; then
+    echo "$MACOS_CERTIFICATE" | base64 --decode >"certificate.p12"
+    security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
+    security default-keychain -s build.keychain
+    security set-keychain-settings -t 3600 -l build.keychain
+    security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
+    security import certificate.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign
+    security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CI_KEYCHAIN_PWD" build.keychain
+    echo "macOS signing certificate successfully imported and keychain configured."
+  else
+    echo "No signing certificate configured. Skipping set up of keychain in macOS environment."
+  fi
+  echo "::endgroup::"
+
   if [[ $MAKE_PACKAGE ]]; then
     # Workaround https://github.com/actions/runner-images/issues/7522
     # have hdiutil repeat the command 10 times in hope of success
diff --git a/.ci/sign_macos_bundle.sh b/.ci/sign_macos_bundle.sh
index 60ac7b3c7..e645d6119 100755
--- a/.ci/sign_macos_bundle.sh
+++ b/.ci/sign_macos_bundle.sh
@@ -28,22 +28,6 @@ if [[ ! -e "$APP_BUNDLE_PATH" ]]; then
   exit 1
 fi
 
-# Configure keychain
-if [[ -n "$MACOS_CERTIFICATE" ]]; then
-  echo "::group::Import certificate"
-  echo "$MACOS_CERTIFICATE" | base64 --decode >"certificate.p12"
-  security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
-  security default-keychain -s build.keychain
-  security set-keychain-settings -t 3600 -l build.keychain
-  security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
-  security import certificate.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign
-  security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CI_KEYCHAIN_PWD" build.keychain
-  echo "::endgroup::"
-else
-  echo "::error file=$0::MACOS_CERTIFICATE not set. Can not configure keychain."
-  exit 1
-fi
-
 # Sign app bundle
 if [[ -n "$MACOS_CERTIFICATE_NAME" ]]; then
   echo "::group::Sign app bundle"
diff --git a/.github/workflows/desktop-build.yml b/.github/workflows/desktop-build.yml
index b6c7b9fe4..17a85529f 100644
--- a/.github/workflows/desktop-build.yml
+++ b/.github/workflows/desktop-build.yml
@@ -444,6 +444,10 @@ jobs:
           CMAKE_GENERATOR: ${{ matrix.cmake_generator }}
           CMAKE_GENERATOR_PLATFORM: ${{ matrix.cmake_generator_platform }}
           DEVELOPER_DIR: '/Applications/Xcode_${{ matrix.xcode }}.app/Contents/Developer'
+          MACOS_CERTIFICATE: ${{ secrets.PROD_MACOS_CERTIFICATE }}
+          MACOS_CERTIFICATE_NAME: ${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}
+          MACOS_CERTIFICATE_PWD: ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }}
+          MACOS_CI_KEYCHAIN_PWD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }}
           MAKE_PACKAGE: ${{ matrix.make_package }}
           PACKAGE_SUFFIX: ${{ matrix.package_suffix }}
           TARGET_MACOS_VERSION: ${{ matrix.override_target }}
@@ -475,9 +479,7 @@ jobs:
         if: matrix.os == 'macOS'
         shell: bash
         env:
-          MACOS_CERTIFICATE: ${{ secrets.PROD_MACOS_CERTIFICATE }}
           MACOS_CERTIFICATE_NAME: ${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}
-          MACOS_CERTIFICATE_PWD: ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }}
           MACOS_CI_KEYCHAIN_PWD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }}
           MACOS_NOTARIZATION_APPLE_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }}
           MACOS_NOTARIZATION_PWD: ${{ secrets.PROD_MACOS_NOTARIZATION_PWD }}