Generating iOS P12 / certs without Mac OSX Keychain (on linux, windows, etc)

Readme.txt

1) Generate a private key and certificate signing request:

openssl genrsa -out ios_distribution.key 2048
openssl req -new -key ios_distribution.key -out ios_distribution.csr -subj '/emailAddress=me@example.com, CN=Example, C=US'

2) Upload CSR to apple at: https://developer.apple.com/account/ios/certificate/create
   - choose Production -> App Store and Ad Hoc

3) Download the resulting ios_distribution.cer, and convert it to .pem format:

openssl x509 -inform der -in ios_distribution.cer -out ios_distribution.

4) Download Apple's Worldwide developer cert (from portal) and convert it to pem:

openssl x509 -in AppleWWDRCA.cer -inform DER -out AppleWWDRCA.pem -outform PEM

6) Convert your cert plus Apple's cert to p12 format (choose a password for the .p12):

openssl pkcs12 -export -out ios_distribution.p12 -inkey ios_distribution.key -in ios_distribution.pem -certfile AppleWWDRCA.pem

Finally, update any provisioning profiles with the new cert, and download from dev portal.

Storing_in_a_repo.txt

If you like to GPG your certs and store them in your repo:

tar -cf ios_distribution.tar ios_distribution.* *.mobileprovision Apple*
gpg -c ios_distribution.tar

Decrypt and untar using:

gpg --decrypt ios_distribution.tar | tar -x

Here's a .gitignore that ignores everything in the directory (aka, certs and
keys, which you don't want to check in) except the .gpg file and itself:

*
!*.gpg
!.gitignore