Video Tutorial: Creating iOS Certificates for Apple App Store Distribution

8 min read

Originally published July 04, 2014

In this video tutorial I walk you through using OpenSSL on a Windows computer to create the necessary certificates, keys, provisioning profiles etc. required for distributing your mobile application on the Apple App store. Enjoy!

Video Transcript

Hello everyone and welcome to another video tutorial. This time I'm going to look at how to create certificates and provisioning profiles for your iOS applications, and specifically how to do that on a Windows computer.

If you want to install your applications onto your iOS device or submit them to the app store, you will need to create these certificates before you do that. It can be a little tricky so I'm going to walk-through how to do that exactly.

First, you will have to be part of the iOS Developer Program – it costs $99/year at the moment. You will need access to their member center before you can do all of this. Once you've joined you can log in through the developer.apple.com website. I'll just leave that there for now and jump into OpenSSL.

This is the other thing you're going to need to do as well to do this from a Windows computer. If you do have a Mac and you're running XCode there's a much easier way to do this – you'll probably want to Google how to go about creating certificates on a Mac. But for Windows you will need to download OpenSSL. Just follow the instructions on this website to get it up and running.

Once you do have that installed, go ahead and run it through the command prompt as an administrator. It's important you run the program as an administrator otherwise some of the commands wont work. Once you've got your command prompt up we're just going to change the directory to OpenSSL which we just installed, so for me that's:

cd c:\OpenSSL-Win64\bin

It may be different for you depending on which version you had to install. What we need to do first is create a private key:

openssl genrsa -out examplekey.key 2048

Once that's generated it will create the file inside of the OpenSSL-Win64\bin folder. I'll just pull that up now so you can take a look at it. You can see that the examplekey.key file is sitting in there now.

What we want to do after that is to use that key to generate a Certificate Signing Request. To do that, we're going to run another command:

openssl req -new -key examplekey.key -out exampleCSR.certSigningRequest -subj "/emailAddress=you@whatever.com, CN=Your Name, C=AU"

So we'll run that and see if it works… and it appears to have. I'll just check in here again that it actually generated and you can see it here now.

Now that has generated I'm going to go to the Apple Developer Portal and go to Certificates, Identifiers & Profiles section. Click on 'Certificates' and now we want to create an iOS development certificate. So we're going to push the plus button here to add one. Choose 'iOS App Development'. If you do want to create a production application to actually submit it through the app store you will follow the same steps but you just choose a 'Distribution' certificate instead of a development one. Click 'Continue'

Now it's going to ask us for that CSR file that we just created. So I'm going to upload that now. Now I've got that loaded I can just click 'Generate'. Wait for it to load… Now just download that and save it into the same directory as the others, in the OpenSSL\bin folder. We don't have to save it in there but it saves having to type out the exact path as you're running the commands so I find it's a lot easier to just save it in that folder straight away.

Ok, so I've just saved that as ios_development.cer in the same folder again. Once that has finished downloading we're going to create an 'Identifier' for your application. You can see I have a lot of junk in here right now but we want to add a new one. We'll call this 'exampleapp' I guess – obviously call it whatever your application is actually called. Create an unique ID for it, so I'll just call that com.joshmorony.exampleapp (use a different ID for your app!). Obviously you're going to want to activate any services you need here. Click 'Continue'. Have a look over everything, make sure it's correct and then click 'Submit'. Now we've finished registering that App ID.

Now we're going to go into 'Devices'. These are the devices of everyone, including yourself, that you want to be able to use the application.  If you try install it on a device that isn't listed here, then it wont work (this is for development profiles only). You're just going to click the add button here, name the device and then it's going to ask for the UDID. That's the unique identifier for the device, to find that you can just plug your phone in, open up iTunes, and then under the device information section you'll see a section called 'Serial' and it'll have a short serial number. That's not the number you need to put in here, but if you click on that  it'll change into 'UDID' which is a 40 character long string. It's a bit of a pain to type out but just put that in here, register the device and then you'll be able to install the application on that device later.

Finally we're going to come down to 'Provisioning Profiles', we want to create a development provisioning profile. As I mentioned before, if you are creating a distribution one obviously create a distribution profile now. So click on add, select iOS App Development, Continue, and now we're going to choose that App ID we just created so I have 'exampleapp' here. Click Continue. Choose the certificate that you just created and click continue. Now select everyone that you want to be able to install that application, so I'll just select all. Give it a name, I'll call it 'example_development'. Once that's ready download it and save it in that same OpenSSL\bin directory.

Ok so I have that downloaded now, it's called example_development.mobileprovision. Now that's ready we're going to jump back into OpenSSL again and run a couple more commands to create the .p12 file. We're going to run:

openssl x509 -in ios_development.cer -inform DER -out example_pem.pem -outform PEM

I don't remember these commands off by heart by the way, I do have these on a list that I pull up whenever I need to do this. Maybe eventually I'll be able to remember it all but obviously that's not really important as long as we can actually create it. So let's check that was created now. Again, I'll pull this over and you can see it there, the 'example_pem.pem' file we just created.

And one final step and that's obviously to create the .p12 file using the file we just created:

openssl pkcs12 -export -inkey examplekey.key -in example_pem.pem -out example_p12.p12

Now it's going to ask us for an export password. I'll just use something really silly like 'test' for now, obviously make this a stronger password. Confirm that. And make sure you remember that password, keep  track of it somewhere. Once you do that the .p12 file should be created over here. Now you can use that to build your application and actually get it on your device.

I hope this tutorial was helpful, as always if you have any questions or comments feel free to leave them in the video or on the blog and I'll try to get back to you. Thanks for watching.