-
-
Save jcward/d08b33fc3e6c5f90c18437956e5ccc35 to your computer and use it in GitHub Desktop.
1) Generate a private key and certificate signing request: | |
openssl genrsa -out ios_distribution.key 2048 | |
openssl req -new -key ios_distribution.key -out ios_distribution.csr -subj '/emailAddress=me@example.com, CN=Example, C=US' | |
2) Upload CSR to apple at: https://developer.apple.com/account/ios/certificate/create | |
- choose Production -> App Store and Ad Hoc | |
3) Download the resulting ios_distribution.cer, and convert it to .pem format: | |
openssl x509 -inform der -in ios_distribution.cer -out ios_distribution. | |
4) Download Apple's Worldwide developer cert (from portal) and convert it to pem: | |
openssl x509 -in AppleWWDRCA.cer -inform DER -out AppleWWDRCA.pem -outform PEM | |
6) Convert your cert plus Apple's cert to p12 format (choose a password for the .p12): | |
openssl pkcs12 -export -out ios_distribution.p12 -inkey ios_distribution.key -in ios_distribution.pem -certfile AppleWWDRCA.pem | |
Finally, update any provisioning profiles with the new cert, and download from dev portal. |
If you like to GPG your certs and store them in your repo: | |
tar -cf ios_distribution.tar ios_distribution.* *.mobileprovision Apple* | |
gpg -c ios_distribution.tar | |
Decrypt and untar using: | |
gpg --decrypt ios_distribution.tar | tar -x | |
Here's a .gitignore that ignores everything in the directory (aka, certs and | |
keys, which you don't want to check in) except the .gpg file and itself: | |
* | |
!*.gpg | |
!.gitignore |
Download Apple's Worldwide developer cert https://developer.apple.com/certificationauthority/AppleWWDRCA.cer
Some payment is required for section 2?
Hi
I try to access to : https://developer.apple.com/account/ios/certificate/create
But is redirecting me to this new url :
https://developer.apple.com/account/#/welcome
Some payment is required? Or only users with an ios mobile or mac laptop can access to :
https://developer.apple.com/account/ios/certificate/create
Thanks
AppleWWDRCA.cer
Download Apple's Worldwide developer cert https://developer.apple.com/certificationauthority/AppleWWDRCA.cer
This one expired in February 2023. See https://developer.apple.com/support/expiration/ for details.
I was getting an error in the Unity Developer console when trying to create a build target:
Failed to update credentials. The .p12 file failed validation against Apple CA chain
By trial and error I discovered that the fix was to use -CAfile
instead of -certfile
in the openssl pkcs12 -export
command. I hope this helps somebody!
Step 4 says:
Download Apple's Worldwide developer cert (from portal) and convert it to pem:
My question is what portal? I didn't find how to download it.