How to Create P12 Certificate for iOS Distribution

How to create P12 certificate for iOS distribution

Your private key is generated when you created the signing request in Keychain Access. After the cert is generated and downloaded, double-clicking it will add it to Keychain Access where it will be matched up with the private key. You can then select the cert, and open the arrow to also select the private key and export them together as a .p12 file from Keychain Access.

What is the p12 certificate for iOS and should it be shared?

If you created a Company Developer Account, you shouldn't share your certificates. Instead you should invite your developer to your development team.

Unfortunately, Apple requires you to actually be a Company in order to register a Company account, so it's very common to create a personal Apple Developer account instead.

In this kind of accounts, you rights to develop only for you, so Apple needs to make sure that the one that is developing the apps is the one that paid for the account.

If you want to develop with the same Developer Account in two Macs, you will need to share your p12 certificate and private key with your developer (that's the only way to do it). If you just want to allow development in your developer's Mac, he should create a certificate in his computer, send it to you so you can upload it to the Membership Center at developer.apple.com, create the certificate and send it to your developer back.

More information about this is available at the official Apple documentation.

EDIT 1: Invite People

Here're the steps to invite a developer to your Company Apple Developer account:

1. Login with your Agent account to member center
2. Go to People tab:

3. Go to Invitations section:

4. Select Invite Person:

5. Complete your developer's data and assign him Admin role, so he can create certificates and provisioning profiles:

how to create certificates, keys, .pem and .p12 file without using mac to create an ipa?

This thing will work if you want to generate certificates for creating IPA.

Using a command line window:

1. cd C:\OpenSSL-Win32\bin (or path to where you installed SSL)

if you are a linux user then open terminal with sudo su and start from step 2

2. openssl genrsa -out ios_distribution.key 2048
3. openssl req -new -key ios_distribution.key -out CertificateSigningRequest.certSigningRequest -subj /emailAddress=YOUEMAILADDRESS, CN=YOUR NAME, C=COUNTRYCODE
4. Go to https://developer.apple.com/ios/manage/certificates/team/distribute.action218 and sign in. Go to “certificates” under iOS.
5. Under the Certificates menu on the left, click “All”, and then the “+” button aka: Add
6. Pick either a Development “iOS App Development” or a Production “App Store and Ad Hoc” certificate. Note: You will need to go through the process twice to have a development and a production version of the app.
7. Download the “Wordwide Developer Relations Certificate Authority” (AppleWWDRCA.cer) file from the same page
8. Click Continue until you get to the “Generate your certificate” screen. Upload the .certSigningRequest file you created earlier and click generate. Download the generated ios_development.cer file.
9. Create a Provisioning Profile by clicking on “All” under “Provisioning Profiles” on the left menu, and then clicking the “+” symbol, aka: add.
10. Again, you will need to create both Development and a Distribution (App Store) versions.
11. Create the Provisioning Profile for the App using the new .cer file (ios_development.cer)
12. Download the .mobileprovision file
13. In Command Prompt: openssl x509 -in ios_distribution.cer -inform DER -out ios_distribution.pem -outform PEM
14. openssl pkcs12 -export -inkey ios_distribution.key -in ios_distribution.pem -out ios_distribution.p12 -passout pass:PASSWORD
15. .key, .pem, and .p12 files will be generated

Create distribution profile from .p12 certificate iOS

You cannot create a distribution profile from a certificate and private key. The provisioning profiles are created on Apple's developer site and must reference one or more certificate to be used with the profile.

You will need to either need to have the account owner create / download the profile from the developer site and send it to you, or grant you access as an admin on their team. Also, before you request the iOS distribution profile from your client, make sure you also check that the .p12 file that was sent contains the certificate and the private key for the cert. Without the private key, you won't be able to sign, even if you get the profile.

The 4 key pieces of code signing for iOS are the certificate, the private key for the certificate, the provisioning profile, and the entitlements. If you are missing any of these, or if they are out of sync, you will run into problems. The private key is exactly what it says - private. Apple does not have, nor does it want to store the private key. That is kept by the app owner. Apple will generate and allow you to download your certificate based off that private key (you share with them a cert signing request to generate the cert off of your key). Similarly, you can generate / download existing provisioning profiles from Apple's dev site. Finally, the entitlements in your app must match the entitlements granted on your profile. Those are assigned to your app, and the application's project settings requests access to services - this much match what is requested as part of the app ID / profile on Apple's dev site. So those are the key components; from your question, hopefully you can get your client to send you the provisioning profile. Also, you could potentially run into problems with out of sync entitements, if you need to do anything with additional services, like iCloud, if the client hasn't configured those properly for you.

Convert .cer to .p12

try this:
given you have files as follow:

aps.cer, downloaded from Apple.

app.key, your own private key generated by openssl.

1st, convert the .cer file into .pem format:

openssl x509 -in aps.cer -inform DER -out aps.pem -outform PEM

2nd, use the .pem file and your private .key to generate .p12 file:

openssl pkcs12 -export -out aps.p12 -inkey app.key -in aps.pem

this should prompt to ask a password for this .p12 file.

CF:

aps_developer_identity.cer to p12 without having to export from Key Chain?

Creating a .p12 file

p12 distribution certificate didn't showup in xcode team

But still in xcode > targets > general > signing > team it didn't show the client's team

No, for that you’d have to sign into the Accounts preference pane as a member of that team. The client needs to sign you on at the Member Center as a team member so you can do that. That information doesn’t magically derive from the certificate. Indeed, until you are a team member the certificate is useless to you (as you’ve already discovered).

---

Related Topics