- Install openssl via choco:
choco install openssl -y- Generate a private key and certificate signing request:
openssl genrsa -out ios_distribution.key 2048
openssl req -new -key ios_distribution.key -out ios_distribution.csr -subj '/emailAddress=me@example.com, CN=Example, C=US'- Upload CSR to apple at: https://developer.apple.com/account/ios/certificate/create
- Choose Production -> App Store and Ad Hoc
- Download the resulting
ios_distribution.cer, and convert it to.pemformat:
openssl x509 -inform der -in ios_distribution.cer -out ios_distribution.pem- Download Apple's Worldwide developer cert (from portal) and convert it to pem:
openssl x509 -in AppleWWDRCA.cer -inform DER -out AppleWWDRCA.pem -outform PEM- Convert your cert plus Apple's cert to p12 format (choose a password for the .p12):
openssl pkcs12 -export -out ios_distribution.p12 -inkey ios_distribution.key -in ios_distribution.pem -certfile AppleWWDRCA.pemFinally, update any provisioning profiles with the new certificate, and download from Apple Dev portal.
If you like to GPG (cryptographic tool) your certificates and store them in your repo:
tar -cf ios_distribution.tar ios_distribution.* *.mobileprovision Apple*
gpg -c ios_distribution.tarDecrypt and untar using:
gpg --decrypt ios_distribution.tar | tar -xHere's a .gitignore that ignores everything in the directory (aka, certs and keys, which you don't want to check in) except the .gpg file and itself:
*
!*.gpg
!.gitignore