How to create apple distribution certificate

Creating and Managing Apple Developer Certificates

How to create and manage signing certificates and provision profiles without XCode.

This is one of the few topics developers rarely want to discuss. When they do, here’s what the dialog looks like.

Part of the challenge is that the entire process is excruciatingly confusing. The Apple documentation could be better but it’s not so here’s my attempt to streamline the steps.

Streamlining the Process

This article is unique in that I am intentionally not going to use XCode to complete the provisioning process. The main reason is because I work with teams from all over the world and some prefer to develop apps using Hackintosh computers. These steps therefore will show you, an administrator, how to manage your apps and certificates without relying on XCode.

Note: This article is for developers interested in building apps, not beta testers. If you’re trying to use TestFlight, that’s a whole other topic which will not be covered here.

Overview

Here is a high-level overview of the steps required to create an Apple Provision Profile.

1. Gather the device UUID’s you’ll be using to test your app.
2. Add the UUID’s to Apple’s device portal.
3. Create a Signing Certificate Request on my local machine.
4. Request a Signing Certificate from Apple’s portal.
5. Create an App ID from Apple’s App ID portal.
6. Create a Provisioning Profile from Apple’s Provisioning Profile portal.

Step 0 — Create an account

You’ll need an Apple Developer account. You can access it by visiting http://developer.apple.com.

Step 1 — Get Your Phone’s Device ID

There are a few different ways to get your phone’s device ID. I suggest reading this article first. I promise, it won’t take you more than 3 minutes to read.

Step 2 — Visit iOS Certificate Portal

Let’s first go to our Account Overview. This is where we set up devices and get the files you need to compile an app.

Step 3 — Add a Device

You will need to add an actual device for testing purposes.

Substep A — Go to Devices

Substep B — Add a Device

Substep C — Complete Form

Step 4 — Create a Signing Certificate Request

A Signing Certificate Request is sort of like an administrative application. This application is what you will send to Apple for an official Signing Certificate.

You can start your application by first opening Keychain Access.

Substep — A — Open Keychain Access

Substep — B — Create a Signing Certificate Request from the CA

The purpose of this step is not to create a certificate but to create a certificate request. This request is sort of like an application you will later send to Apple for an official Signing Certificate.

Substep — C — Complete the Certificate Request Form

It’s important to get this right. I recommend using the email and organization name you used to create your Apple Developer Account.

Substep — D — Download your Signing Certificate Request Application

Download the file.

Step 5 — Request an Official Signing Certificate from Apple

This is the step where you will submit your Signing Certificate Request to Apple. If things work out, you will be granted an official Signing Certificate.

Substep — A — Request a Signing Certificate

Visit the Apple Certificate Portal and select «Request Certificates Manually». This will initiate a signing certificate request.

Substep — B — Upload your Signing Certificate Request

The last step is to upload the signing request.

Substep — C — Success

If you do this correctly, you will get a pretty «Download» button with your actual Signing Certificate.

Substep — D — Repeat

At some point you will want to repeat this process to create a Distribution Certificate. This is the cert you will need to later publish to TestFlight.

Let’s Take a Break

Phew, that’s a lot of steps.

If you’ve followed each of the steps above, you should now have three files.

Step 6 — Create an App ID

The Apple ID is the unique ID you will use within the Apple Store Marketplace. Think of the App ID as your website domain name, there is only one in the world and you will never be able to change it.

Substep A — Go to App ID’s

Substep B — Create a new App ID

Substep C — Complete App ID Form

Most companies prefer to use a pattern called reverse domain name notation to create a bundle id. This will often prevent naming conflicts.

If you want to create multiple apps for testing purposes, then it makes more sense to select «Wildcard App ID». This will save you time from having to complete multiple form applications.

Step 7 — Generate Mobile Provisioning Profile

Woo Hoo! We’re at the home stretch. Let’s finish.

Now that you’ve created an App ID, you can now create a mobile provisioning profile.

Substep A — Go to Provision Profiles

Substep B — Manually Generate a Profile

Substep C — Pick a Profile Type

Substep D — Select an App ID

Pick the app you want to start developing.

Substep E — Select a Signing Certificate

Substep F — Select Devices

This is where you select the hardware devices you added earlier.

Substep G — Name Your Provision Profile

Substep H — Download Your Provision Profile

Substep I — Repeat

You will want to create another provision profile for «AD Hoc» (aka TestFlight) and actual «App Store» distribution.

We did it! Woot woot! Congratulate yourself on a provision well done.

Troubleshooting

Create a Windows Signing Certificate Request

If you’re on a Windows machine, I cannot help you. All I know is that you’ll probably need to:

1. Download and install OpenSSL.
2. Generate some sort of private key.

1. Use that key to create to a signing certificate.

Источник

Certificates

Apple Developer Program membership is required to request, download, and use signing certificates issued by Apple.

Using certificates

In most cases, Xcode is the preferred method to request and install digital certificates. However, to request certificates for services such as Apple Pay, the Apple Push Notification service, Apple Wallet, and Mobile Device Management, you’ll need to request and download them from Certificates, Identifiers & Profiles in your developer account. Distribution certificates can be requested only by Account Holders and Admins.

For more information on how to use signing certificates, review Xcode Help.

Protecting your account and certificates

Your Apple ID, authentication credentials, and related account information and materials (such as Apple Certificates used for distribution or submission to the App Store) are sensitive assets that confirm your identity.

• Keep your Apple ID and authentication credentials secure and do not share them with anyone. To learn more, see Security and your Apple ID .
• Do not share Apple Certificates outside of your organization. To learn how to securely share them with trusted team members within your organization, see Maintain Signing Assets in Xcode Help.

Expired or revoked certificates

• Apple Push Notification Service Certificate
  You can no longer send push notifications to your app.
• Apple Pay Payment Processing Certificate
  Apple Pay transactions in your apps and on your websites will fail.
• Apple Pay Merchant Identity Certificate
  Apple Pay transactions on your websites will fail.
• Pass Type ID Certificate (Wallet)
  If your certificate expires, passes that are already installed on users’ devices will continue to function normally. However, you’ll no longer be able to sign new passes or send updates to existing passes. If your certificate is revoked, your passes will no longer function properly.
• iOS Distribution Certificate (App Store)
  If your Apple Developer Program membership is valid, your existing apps on the App Store won’t be affected. However, you’ll no longer be able to upload new apps or updates signed with the expired or revoked certificate to the App Store.
• iOS Distribution Certificate (in-house, internal-use apps)
  Users will no longer be able to run apps that have been signed with this certificate. You must distribute a new version of your app that is signed with a new certificate.
• Mac App Distribution Certificate and Mac Installer Distribution Certificate (Mac App Store)
  If your Apple Developer Program membership is valid, your existing apps on the Mac App Store won’t be affected. However, you’ll no longer be able to upload new apps or updates signed with the expired or revoked certificate to the Mac App Store.
• Developer ID Application Certificate (Mac applications)
  If your certificate expires, users can still download, install, and run versions of your Mac applications that were signed with this certificate. However, you’ll need a new certificate to sign updates and new applications. If your certificate is revoked, users will no longer be able to install applications that have been signed with this certificate. If your Mac application utilizes a Developer ID provisioning profile to take advantage of advanced capabilities such as CloudKit and push notifications, you must ensure your Developer ID provisioning profile is valid in order for installed versions of your application to run. Read more.
• Developer ID Installer Certificate (Mac applications)
  If your certificate expires, users can no longer launch installer packages for your Mac applications that were signed with this certificate. Previously installed apps will continue to run however new installations won’t be possible until you have re-signed your installer package with a valid Developer ID Installer certificate. If your certificate is revoked, users will no longer be able to install applications that have been signed with this certificate.
• Apple Worldwide Developer Relations Certification Intermediate Certificate
  The Apple Worldwide Developer Relations Certificate Authority issues certificates used by developers for signing third-party apps and Safari Extensions, and for using Apple Wallet and Apple Push Notification services.

The current Apple Worldwide Developer Relations Certification Intermediate Certificate is set to expire on February 7, 2023. The renewed certificate will be used to sign new iOS Distribution Certificates issued after September 2, 2020 for the Apple Developer Enterprise Program. Remaining certificates for all program types will be updated in the future and this page will be updated to reflect additional certificate changes. Read more.

Note: Apple can revoke digital certificates at any time at its sole discretion. For more information, read the Apple Developer Program License Agreement in your developer account.

Compromised certificates

If you suspect that your Pass Type ID certificate or Developer ID certificate and private key have been compromised, and would like to request revocation of the certificate, send an email to product-security@apple.com. You can continue to develop and distribute passes by requesting an additional certificate in your developer account.

I received an error message saying, «Xcode could not find a valid private-key/certificate pair for this profile in your keychain.»

This error message indicates that your system’s keychain is missing either the public or private key for the certificate you’re using to sign your application.

This often happens when you’re trying to sign and build your application from a different system than the one you originally used to request your code signing certificate. It can also happen if your certificate has expired or has been revoked. Ensure that your app’s provisioning profile contains a valid code signing certificate, and that your system’s Keychain contains that certificate, the private key originally used to generate that certificate, and the WWDR Intermediate Certificate.

For instructions on how to resolve this error, review the Code Signing support page.

What happens to my applications signed with Developer ID if my Apple Developer Program membership expires?

If your membership expires, users can still download, install, and run your applications that are signed with Developer ID. However, once your Developer ID certificate expires, you must be an Apple Developer Program member to get new Developer ID certificates to sign updates and new applications.

Feedback Assistant

Submit bug reports and request enhancements to APIs and developer tools.

Send us feedback

Developer Forums

Ask questions and find answers by Apple engineers and other developers.

Contact Us

Tell us how we can help and we’ll find a solution by phone or email.

Источник