To install a privately signed DMG on a Mac, you first mount the disk image, drag the application to your Applications folder, and then potentially override the macOS security settings (Gatekeeper) the first time you launch the app.
Standard Installation Process
Double-click the downloaded DMG file to mount it as a virtual disk. A window will typically open showing the contents.
Drag the application icon from the DMG window into the Applications folder shortcut (usually provided in the same window). You may need to enter your administrator password to complete the copy process.
Eject the DMG file by clicking the eject button next to its name in the Finder sidebar.
Open the app from your Applications folder.
Handling Security Prompts (Gatekeeper)
If the DMG is signed with a private certificate (not a Developer ID certificate recognized by Apple’s Gatekeeper service), you will likely see a warning message when you first try to open the application, stating that it’s from an “unidentified developer” or is “damaged”.
To bypass this on a per-app basis:
When the warning appears, click Cancel or OK to close the prompt.
Open System Settings (or System Preferences in older macOS versions) from the Apple menu > Privacy & Security.
Scroll down to the Security section. You should see a message about the app you just tried to open, with an Open Anyway button.
Click Open Anyway, and confirm your choice when prompted for your login password.
The app will then launch, and you shouldn’t be prompted with this warning for this specific app again.
[Only works on some macs:] Alternatively, you can control-click (right-click) the app icon in the Applications folder and select Open from the contextual menu to get an “Open” confirmation dialogue that allows you to bypass the warning for the first run.