How to Create an iOS Provisioning Profile and P12 with Windows


When I first started developing with Sencha Touch and PhoneGap on my Windows machine I was ecstatic to learn that I could create iOS applications without a Mac and XCode. This enthusiasm would later be crushed when I attempted to actually put the application on my phone, and learned of the various certificates, profiles and other required files that I had never heard of.

I scoured the internet and most of the information I found lead me to believe the only way to to generate these files was with a Mac and XCode, until I came across OpenSSL. I’m going to provide a step by step walk through for creating a provisioning profile and a p12 file using Windows and OpenSSL. I’m assuming you have already registered as an Apple developer and have access to the developer portal.

First up, you’re going to have to install OpenSSL. You can download it and follow the instructions on this website:

1. Generate a certificate signing request

Open up a command terminal (make sure to run it as an administrator)  and change your working directory to the directory of the bin folder of the OpenSSL installation. In my case that is:

cd c:\OpenSSL-Win64\bin

2. Now you can create your private key with the following command:

openssl genrsa -out keyname.key 2048

This will generate a file called keyname.key in the bin folder. You can of course substitute a different name for keyname if you wish. Keep this file where it is for now.

3. Run the following command to create a certificate signing request:

openssl req -new -key keyname.key -out CertificateSigningRequest.certSigningRequest -subj "/[email protected], CN=Your Name, C=AU"

Change the command to suit your details, if you changed the private key to something else make sure to reflect that here. The “C=AU” portion indicates the country code, you could replace this with US if you are from the United States for example.

2. Generate a development or distribution certificate

1. Log into the iOS Developer Portal and go to the Certificates, Identifiers & Profiles section.

2. Under iOS Certificates click the add button and then select iOS App Development (or if you are ready to release, choose the Production App Store and Ad Hoc option).

3. Click continue until you arrive at a page that gives you the option to upload your Certificate Signing Request. This file is located in the bin folder of OpenSSL along with your private key, locate and then upload it.

4. If this is successful you should be given the option to download the resulting iOS Development Certificate. Download the certificate and save it in the OpenSSL bin folder along with the other two files.

3. Create an App ID

1. Go to the App IDs section under Identifiers and click on the add button. Fill out the details in this section and then click continue, your application should now be listed under App IDs.

4. Add Devices

1. Next up you’ll need to add the device or devices you want to install the application on. Go to the Devices section and click on the add button again.

2. Add the name and the UDID of the device(s) you want to install the application on. To get this information you can plug your device into the computer and open up iTunes, open your device in iTunes and locate your Serial Number – this is not the number you need. Once you have located the Serial Number, click on it. This will reveal the UDID of the device.

5. Create a Provisioning Profile

1. Once you have finished adding any devices you want, you can proceed to the Provisioning Profiles section and once again click the add button in the top right.

2. Choose iOS App Development (again, if you are ready to release the app choose the App Store option under distribution instead) and click continue.

3. Choose the certificate you just created and click continue.

4. Now select any devices you want the application to run on and click continue. Name the provisioning profile and click Generate.

6. Create a .p12 file

Congratulations! You can now download your provisioning file, once again save it in the same OpenSSL\bin folder. Now all that is left to do is create the P12 file.

1. Once again, run a command prompt as an administrator, change your directory to OpenSSL\bin and run the following command:

openssl x509 -in developer_certificate.cer -inform DER -out app_pem_file.pem -outform PEM

Replace ‘developer_certificate’ with the name of the certificate you just created and if you wish you can change ‘app_pem_file’ to whatever you wish.

2. Now you’ll need to use the file you just generated to run the following command:

openssl pkcs12 -export -inkey keyname.key -in app_pem_file.pem -out app_p12.p12

You will be prompted for a password, create one and remember or store it somewhere – you’ll need this when you want to sign apps with it.

BONUS CONTENT: Too many commands to remember? Download a command cheat sheet for next time

That’s it!  I hope this helps and if you’re having any trouble feel free to post a comment.

What to watch next...

  • Orindu Azuma

    hello Josh, how are you today,

    kindly assist, I have been able to follow and work through on this tutorial until I got to the last part :openssl pkcs12 -export -inkey keyname.key -in app_pem_file.pem -out app_p12.p12, but am receiving error messages “unable to load certificates” and “unable to write random state”

    The name of the certificate I generated is ios_development while the profile name is Camera_Test.mobileprovision

    maybe am doing something wrong, how do I use the file to run the following command as stated above “openssl pkcs12 -export -inkey keyname.key -in app_pem_file.pem -out app_p12.p12”


    • Joshua Morony

      Hi Orindu,

      Make sure when you open OpenSSL you right click and choose ‘Run as Administrator’. The two files you’ll need are the .key file you generated at the start and the .pem file – make sure both of these are in the bin folder (or otherwise specify the correct paths). Let me know how you go.

      • Orindu Azuma

        Thanks Josh, Its resolved now. I did not run the cmd as administrator.

        now do I have to go through the whole process again for every app I want to build on phonegap-Build?

      • Joshua Morony

        Unfortunately yes, it is easier the second time though. If you are just creating a development build you can reuse one of your old development certificates, but for distribution you will need to create a new one.

  • Orindu Azuma

    hello all,

    I practiced the codes on this tutors( and in respect of accessing device camera. I was able to put them together with sencha touch, and successfully have them built using phonegap-Build. although they displayed very well on the device but were unable to access the device or take any picture. please, can anyone assist..

    • Joshua Morony

      Hi Orindu,

      Just want to make sure you’re using PhoneGap Build correctly. The second post you linked to is using the “full version” of PhoneGap where the project is built on your computer. You don’t need all that for PhoneGap build (e.g. you don’t have the ‘www’ folder etc.). Not sure if you are doing this, just giving a heads up incase.

      That looks like a pretty in depth example. I have a post about using the camera here: perhaps you could try just implementing some simple code first to see if you can get it working.

  • KS

    Hello Joshua,

    it appears that when i generate the CER file from Apple, it has the wrong team id! Does anyone else has the same problem?


    • Joshua Morony

      I’m not sure I’ve ever experienced the problem you’re having. Could you elaborate on what exactly you’ve tried and what errors you are receiving?

  • Imran Khan

    Hello Joshua Morony,

    Thanks for your blog.
    I downloaded and installed openssl-win32 on my windows server 2003 machine then I follow the step which you had mention in your blog but when I am running the command
    openssl genrsa -out keyname.key 2048
    then I am getting a warning i-e
    “Can’t open config file: /usr/local/ssl/openssl.cnf” But the private key has been generated in bin folder.
    After that I run the second command: openssl req -new -key keyname.key -out CertificateSigningRequest.certSigningRequest -subj “/[email protected], CN=Your Name, C=AU” then again I get warning message which show as below.
    “Can’t open config file: /usr/local/ssl/openssl.cnf
    unable to load config info from /usr/local/ssl/openssl.cnf”

    In the above warning message I am not getting a .pem file in bin directory.

    Can you please assist.


    • Joshua Morony

      Hi Imran, are you opening the command prompt as an administrator (Right click > Run as Administrator) before executing these commands?

  • Imran Khan

    Thanks for your prompt reply. I will try with the given link and will get back to you 🙂

    • Imran Khan

      Thanks for the link. It work fine. I had created a certificate.
      Just wanted to know is it necessary to plug device for further action?
      I mean for provision and P12 file.


      • Joshua Morony

        Great. No you don’t need to plug in your device at any point during this process (except for finding out what your UUID is).

  • Imran Khan

    I got provision profile and p12 file.
    And finally I did by your help.
    Thanks for your help.

    • Joshua Morony

      Great, nice work!

      • Imran

        Hi Josh,

        Thanks for your email. I created certificate and tested on register device and its work fine. But now when I am trying to install on other device then its not working. Can you please help me how to make my app to support on all devices?

        Waiting for your kind reply.

      • Joshua Morony

        Hi Imran,

        A development build will only work on the registered devices. To distribute to other devices you must repeat the process but create a distribution certificate instead (simply choose the option).

      • Imran

        Hi Josh,

        Thanks for your reply.
        So you mean, first I have to create production certificate then AppIDs and then distribution provision certificate? Please correct me if I am wrong.

      • Imran

        Hi Josh,

        I repeat all steps for distribution certificate. And now when I am creating PEM file then its giving me an error “ERROR Opening Certificate ios_distribution.cer”. Unable to load certificate.
        Please note: My certificate is in bin folder and I am running the command from bin folder.
        Can you please help or give any suggestion?

      • Imran

        Hi Josh,

        Problem has been rectify. There were some mistake while creating certSigningRequest file.
        I again create the same and its get work.
        Thanks alot.

  • Tom Schreck

    Hi Josh. Thank you very much for this how-to. It worked for me the first time through. Great work!!!!

    • Joshua Morony

      No problem Tom, good to hear!

  • Bams

    Hi Josh,

    Just wanted to thank you, after a lot of other tutorials you’re the one who helped me building the right .p12 !
    Cheers for France, thanks a lot for sharing your knowledge.


  • Pingback: Common Issues When Installing a Sencha Touch + PhoneGap App on a Mobile Device | Sencha Touch Tutorials & Discussion | Josh Morony's Blog()

  • Pingback: Setting up the Pushwoosh Plugin with PhoneGap Build | Sencha Touch, PhoneGap and Mobile Dev Tutorials | Josh Morony's Blog()

  • galih suseno

    Hi Josh,

    Thank you for the articel, so the conclusion is I can deploy my sencha iOS directly (No need to publish in the App Store) to the iPhone / iPad without Mac Os/ Mac Book, or just using windows?

  • Kenny

    I’m getting all the way to the last step then getting an error “no certificate matches private key” Any ideas?

    • Josh Morony

      Hi Kenny, make sure you’re using the same key to generate the .p12 file that you used to generate your certificate signing request in the first steps.

      • Elie

        Hello Josh,

        Please note, I’m getting: no certificate matches private key, I’m sure that I’m entering the exact .key file name
        Any ideas?

        Thank you in advance.

  • Kenny

    Nm, I sorted it.. I was trying to use a dev cert that I had previously created. That’s what I get for being lazy 😛

  • Pingback: Learning the Ionic Framework as a Sencha Touch Developer: Part 5 | Sencha Touch, PhoneGap and Mobile Dev Tutorials | Josh Morony's Blog()

  • Pingback: Top 10 Tools for HTML5 Mobile App Developers | 久艾分享()

  • Pingback: Adobe PhoneGap & Apache Cordova Helpful Links | Avisekh Samanta Blog()

  • Pingback: Video Tutorial: How to Set up PhoneGap Build in Sencha Touch | HTML5 Mobile Tutorials | Ionic, Phaser, Sencha Touch & PhoneGap()

  • Pingback: The Difference Between Building with PhoneGap and PhoneGap Build | HTML5 Mobile Tutorials | Ionic, Phaser, Sencha Touch & PhoneGap()

  • Pingback: Top 10 Tools for HTML5 Mobile App Developers | HTML5 Mobile Tutorials | Ionic, Phaser, Sencha Touch & PhoneGap()

  • although the link to the binaries is dead, this is a great step by step. Thanks for writing this up.

  • a n onymous

    How would using macincloud make this process easier?

  • Anderson Luís Furlan

    Hi! I do that for development and it is ok, but for release throw a error: No certificate matches private key

  • Daniel

    When I run the final step to generate the p12 openssl just hangs forever.

  • Pingback: URL()

  • Pingback: Expensive villas for rent in dominican republic()

  • Pingback: מיזוג אוויר()

  • Pingback: Info Pendaftaran CPNS 2018 di

  • Pingback: pemandangan()

  • Pingback: cosmetic dental specialist in Boynton()

  • Pingback: Bdsm petplay()

  • Pingback: this page()


  • Pingback: Festivales()

  • Pingback: must watch()

  • Pingback: Seputar Olahraga()

  • Pingback: DMPK Services()

  • Pingback: Wedding Planners in Hyderabad()

  • Pingback: 忠誠根本夾埋外傭來搶錢,我請過三個,不停要加幾千換人,唔換又白比錢,三次就止蝕了,Search 下discuss forum...()

  • Pingback: must watch()