-
-
Save jcward/d08b33fc3e6c5f90c18437956e5ccc35 to your computer and use it in GitHub Desktop.
1) Generate a private key and certificate signing request: | |
openssl genrsa -out ios_distribution.key 2048 | |
openssl req -new -key ios_distribution.key -out ios_distribution.csr -subj '/emailAddress=me@example.com, CN=Example, C=US' | |
2) Upload CSR to apple at: https://developer.apple.com/account/ios/certificate/create | |
- choose Production -> App Store and Ad Hoc | |
3) Download the resulting ios_distribution.cer, and convert it to .pem format: | |
openssl x509 -inform der -in ios_distribution.cer -out ios_distribution. | |
4) Download Apple's Worldwide developer cert (from portal) and convert it to pem: | |
openssl x509 -in AppleWWDRCA.cer -inform DER -out AppleWWDRCA.pem -outform PEM | |
6) Convert your cert plus Apple's cert to p12 format (choose a password for the .p12): | |
openssl pkcs12 -export -out ios_distribution.p12 -inkey ios_distribution.key -in ios_distribution.pem -certfile AppleWWDRCA.pem | |
Finally, update any provisioning profiles with the new cert, and download from dev portal. |
If you like to GPG your certs and store them in your repo: | |
tar -cf ios_distribution.tar ios_distribution.* *.mobileprovision Apple* | |
gpg -c ios_distribution.tar | |
Decrypt and untar using: | |
gpg --decrypt ios_distribution.tar | tar -x | |
Here's a .gitignore that ignores everything in the directory (aka, certs and | |
keys, which you don't want to check in) except the .gpg file and itself: | |
* | |
!*.gpg | |
!.gitignore |
Hi
I try to access to : https://developer.apple.com/account/ios/certificate/create
But is redirecting me to this new url :
https://developer.apple.com/account/#/welcome
Some payment is required? Or only users with an ios mobile or mac laptop can access to :
https://developer.apple.com/account/ios/certificate/create
Thanks
Seems that if you don't have any Apple device (iPhone, iPad or Mac) then you're not able to access the section of the website in which you can submit your request for a certificate, am I correct?
openssl x509 -inform der -in ios_distribution.cer -out ios_distribution.
There is missing extension at the end. It should be:
openssl x509 -inform der -in ios_distribution.cer -out ios_distribution.pem
Step 4 says:
Download Apple's Worldwide developer cert (from portal) and convert it to pem:
My question is what portal? I didn't find how to download it.
Download Apple's Worldwide developer cert https://developer.apple.com/certificationauthority/AppleWWDRCA.cer
Some payment is required for section 2?
Hi
I try to access to : https://developer.apple.com/account/ios/certificate/create
But is redirecting me to this new url :
https://developer.apple.com/account/#/welcome
Some payment is required? Or only users with an ios mobile or mac laptop can access to :
https://developer.apple.com/account/ios/certificate/create
Thanks
AppleWWDRCA.cer
Download Apple's Worldwide developer cert https://developer.apple.com/certificationauthority/AppleWWDRCA.cer
This one expired in February 2023. See https://developer.apple.com/support/expiration/ for details.
I was getting an error in the Unity Developer console when trying to create a build target:
Failed to update credentials. The .p12 file failed validation against Apple CA chain
By trial and error I discovered that the fix was to use -CAfile
instead of -certfile
in the openssl pkcs12 -export
command. I hope this helps somebody!
Thats a most needed one :) Thank you for the write up.