- Install openssl via choco:
choco install openssl -y
- Generate a private key and certificate signing request:
openssl genrsa -out ios_distribution.key 2048
openssl req -new -key ios_distribution.key -out ios_distribution.csr -subj '/emailAddress=me@example.com, CN=Example, C=US'
- Upload CSR to apple at: https://developer.apple.com/account/ios/certificate/create
- Choose Production -> App Store and Ad Hoc
- Download the resulting
ios_distribution.cer
, and convert it to.pem
format:
openssl x509 -inform der -in ios_distribution.cer -out ios_distribution.pem
- Download Apple's Worldwide developer cert (from portal) and convert it to pem:
openssl x509 -in AppleWWDRCA.cer -inform DER -out AppleWWDRCA.pem -outform PEM
- Convert your cert plus Apple's cert to p12 format (choose a password for the .p12):
openssl pkcs12 -export -out ios_distribution.p12 -inkey ios_distribution.key -in ios_distribution.pem -certfile AppleWWDRCA.pem
Finally, update any provisioning profiles with the new certificate, and download from Apple Dev portal.
If you like to GPG (cryptographic tool) your certificates and store them in your repo:
tar -cf ios_distribution.tar ios_distribution.* *.mobileprovision Apple*
gpg -c ios_distribution.tar
Decrypt and untar using:
gpg --decrypt ios_distribution.tar | tar -x
Here's a .gitignore
that ignores everything in the directory (aka, certs and keys, which you don't want to check in) except the .gpg
file and itself:
*
!*.gpg
!.gitignore