Chris Mendez in Swift, For Developers

Creating and Managing Apple Developer Certificates

This is one of the few topics developers rarely want to discuss. When they do, here's what the dialog looks like.


Dev: "Hey, the app isn't publishing to TestFlight because XCode isn't working.... something about the certificates."

PM: "OK. What do we do?"

Dev: "Let me just mess with it and see if I can get it to work."

30 minutes later....

PM: "Hey, did you figure it out?"

Dev: "Ya, for now."

PM: "What did you do?"

Dev: "I have no idea I just pushed some buttons on XCode and it works."

PM: "OK. Cool."

Part of the challenge is that the entire process is excruciatingly confusing. The Apple documentation could be better but it's not so here's my attempt to streamline the steps.

Streamlining the Process

This article is unique in that I am intentionally not going to use XCode to complete the provisioning process. The main reason is because I work with teams from all over the world and some prefer to develop apps using Hackintosh computers. These steps therefore will show you, an administrator, how to manage your apps and certificates without relying on XCode.

Note: This article is for developers interested in building apps, not beta testers. If you're trying to use TestFlight, that's a whole other topic which will not be covered here.


Overview

Here is a high-level overview of the steps required to create an Apple Provision Profile.

  1. Gather the device UUID's you'll be using to test your app.
  2. Add the UUID's to Apple's device portal.
  3. Create a Signing Certificate Request on my local machine.
  4. Request a Signing Certificate from Apple's portal.
  5. Create an App ID from Apple's App ID portal.
  6. Create a Provisioning Profile from Apple's Provisioning Profile portal.

Step 0 - Create an account

You'll need an Apple Developer account. You can access it by visiting http://developer.apple.com.

Step 1 - Get Your Phone's Device ID

There are a few different ways to get your phone's device ID. I suggest reading this article first. I promise, it won't take you more than 3 minutes to read.

READ NOW

Step 2 - Visit iOS Certificate Portal

Let's first go to our Account Overview. This is where we set up devices and get the files you need to compile an app.

provisioning-portal

Step 3 - Add a Device

You will need to add an actual device for testing purposes.

Substep A - Go to Devices

select-add-device

Substep B - Add a Device

add-device

Substep C - Complete Form

input-device-name-and-uuid

Here's how to find your device id also known as your UUID.

Step 4 - Create a Signing Certificate Request

A Signing Certificate Request is sort of like an administrative application. This application is what you will send to Apple for an official Signing Certificate.

You can start your application by first opening Keychain Access.

Substep - A - Open Keychain Access

keychain-access

Substep - B - Create a Signing Certificate Request from the CA

The purpose of this step is not to create a certificate but to create a certificate request. This request is sort of like an application you will later send to Apple for an official Signing Certificate.

request-a-certificate

Substep - C - Complete the Certificate Request Form

It's important to get this right. I recommend using the email and organization name you used to create your Apple Developer Account.

complete-signing-cert-form

Substep - D - Download your Signing Certificate Request Application

Download the file.

download-signing-cert

Step 5 - Request an Official Signing Certificate from Apple

This is the step where you will submit your Signing Certificate Request to Apple. If things work out, you will be granted an official Signing Certificate.

Substep - A - Request a Signing Certificate

Visit the Apple Certificate Portal and select "Request Certificates Manually". This will initiate a signing certificate request.

request-ios-certificates-manually

create-cert-app-development

Substep - B - Upload your Signing Certificate Request

The last step is to upload the signing request.

upload-your-signing-cert

Substep - C - Success

If you do this correctly, you will get a pretty "Download" button with your actual Signing Certificate.

certificate-success

Substep - D - Repeat

At some point you will want to repeat this process to create a Distribution Certificate. This is the cert you will need to later publish to TestFlight.

create-cert-app-store-adhoc


Let's Take a Break

Phew, that's a lot of steps.

If you've followed each of the steps above, you should now have three files.

3-cert-files


Step 6 - Create an App ID

The Apple ID is the unique ID you will use within the Apple Store Marketplace. Think of the App ID as your website domain name, there is only one in the world and you will never be able to change it.

Substep A - Go to App ID's

app-id-go-to

Substep B - Create a new App ID

app-id-create

Substep C - Complete App ID Form

Most companies prefer to use a pattern called reverse domain name notation to create a bundle id. This will often prevent naming conflicts.

complete-app-id-form

If you want to create multiple apps for testing purposes, then it makes more sense to select "Wildcard App ID". This will save you time from having to complete multiple form applications.

app-id-wildcard

wildcard

Step 7 - Generate Mobile Provisioning Profile

Woo Hoo! We're at the home stretch. Let's finish....

Now that you've created an App ID, you can now create a mobile provisioning profile.

Substep A - Go to Provision Profiles

provisioning-profile-go-to

Substep B - Manually Generate a Profile

manually-generate-profiles-w-box

Substep C - Pick a Profile Type

pick-a-provisioning-profile

Substep D - Select an App ID

Pick the app you want to start developing.

select-an-app-id

Substep E - Select a Signing Certificate

select-a-certificate

Substep F - Select Devices

This is where you select the hardware devices you added earlier.

select-devices

Substep G - Name Your Provision Profile

name-provisioning-profile

Substep H - Download Your Provision Profile

Screen-Shot-2018-04-04-at-9.56.09-AM

Substep I - Repeat

You will want to create another provision profile for "AD Hoc" (aka TestFlight) and actual "App Store" distribution.


DONE!

We did it! Woot woot! Congratulate yourself on a provision well done.


Troubleshooting

Create a Windows Signing Certificate Request

If you're on a Windows machine, I cannot help you. All I know is that you'll probably need to:

  1. Download and install OpenSSL.
  2. Generate some sort of private key.
set RANDFILE=.rnd
genrsa -out myprivkey.key 2048
  1. Use that key to create to a signing certificate.
openssl req -new -key myprivkey.key -out CertificateSigningRequest.certSigningRequest  -subj "/emailAddress=yourAddress@example.com, CN=John Doe, C=US"

Source


Resources