-
Create a new directory; mkdir Apple\ Enterprise cd Apple\ Enterprise
-
Generate a certificate signing request openssl req -nodes -newkey rsa:2048 -keyout ios_enterprise.key -out CertificateSigningRequest.certSigningRequest
-
With the information like so (ensure you give it a password): Country Name (2 letter code) [AU]:GB State or Province Name (full name) [Some-State]:London Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]:Total Onion Ltd Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:Total Onion Enterprise Email Address []:
-
Login to developer.apple.com, go to: "Member Center" -> "Manage your certificates, App IDs, devices, and provisioning profiles." -> "Certificates" -> "Add"
-
Go through the wizard, selecting the certificate type, and uploading the .csr.
-
Download the .cer file, saving it to the folder created in step 1
-
Convert the .cer file to a .pem file: openssl x509 -in ios_enterprise.cer -inform DER -out ios_enterprise.pem -outform PEM
-
Convert the .pem to a .p12: openssl pkcs12 -export -inkey ios_enterprise.key -in ios_enterprise.pem -out ios_enterprise.p12
-
You can now create a "Provisioning Profile" in the "Member Center" on developer.apple.com using the certificate you made in step 4
If you are using a build system like Ionic Appflow and receive an error like this one:
security: SecKeychainItemImport: MAC verification failed during PKCS12 import (wrong password?)
It's because "OpenSSL 3.x changed its default algorithm in pkcs12. Which is not compatible with embedded Security frameworks in macOS/iOS. You could alternatively use OpenSSL 1.x."
Add the -legacy flag in step 8. See here for more info. Massive thanks to i_82 and Jarrod Moldrich.