Generating Signing Keys for Apple iPhone Phone Gap Builds

When you are building applications that should work across multiple platforms using Phone Gap, you will need to generate a set of signing Keys to work with the different platforms:
Keys

Generating a Key for Apple iOS from MacOS

To manually generate a Certificate, you need a Certificate Signing Request (CSR) file from your Mac. To create a CSR file, follow the instructions below to create one using Keychain Access.

Create a CSR file.

In the Applications folder on your Mac, open the Utilities folder and launch Keychain Access.

Within the Keychain Access drop down menu, select Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority.

  • In the Certificate Information window, enter the following information:
    • In the User Email Address field, enter your email address.
    • In the Common Name field, create a name for your private key (e.g., John Doe Dev Key).
    • The CA Email Address field should be left empty.
    • In the “Request is” group, select the “Saved to disk” option.
  • Click Continue within Keychain Access to complete the CSR generating process.

Generating a Key for Apple iOS from Windows

I have a Windows computer and I found it very hard to generate a key. If you follow the steps below, you might find it easier:

  1. Install Visual C++ 2008 Redistributables
  2. Download Open SSL for Windows. http://slproweb.com/products/Win32OpenSSL.html and install it onto c:OpenSSL-Win32
  3. Make sure the bin folder is installed in c:OpenSSL-Win32bin
  4. Change your PATH variable to have this path:
    • Select Computer from the Start menu
    • Choose System Properties from the context menu
    • Click Advanced system settings > Advanced tab
    • Click on Environment Variables, under System Variables, find PATH, and click on it.
    • In the Edit windows, modify PATH by adding the location of the class to the value for PATH. If you do not have the item PATH, you may select to add a new variable and add PATH as the name and the location of the class as the value.
  5. The first thing you need to do is generate a private key. Go to the command line and navigate to whatever directory you want to store the generated files in. Then type in the following to generate the key:
    openssl genrsa -des3 -out ios.key 2048

    Keys2
    The result will be a new file called “ios.key” in this folder.

  6. Next you need to generate a Certificate Signing Request or CSR file. You can do this by running the following command, which uses the ios.key file generated earlier:
    openssl req -new -key ios.key -out ios.csr -subj "/emailAddress=contact@carra-lucia-ltd.co.uk, CN=CARRA-LUCIA-LTD, C=UK"

    Change the items in red to match your needs.
    Keys3

  7. Now you need to go to your Apple Developer iOS Provisioning Portal in order to generate an iOS Development Certificate, using the ios.csr file you’ve just generated. Click on “Certificates” in the left hand side, and then “Request”.
    iOSCertificatesAdd Ios Certificate

    You will be prompted to upload a .csr file, and then wait for the certificate to be issued, which it will quite quickly, refresh the browser if you need to.
    csr file

  8. Now download the development certificate that was issued and save it in the same directory where the other generated files are.
    app_distribution
  9. You now need to convert it to a PEM file which you can do with:
    openssl x509 -in ios_distribution.cer -inform DER -out ios_distribution.pem -outform PEM

    Where ios_development.cer is the name of the development certificate created on the Apple Provisioning Portal and ios_development.pem is the PEM file that we want to generate.

  10. Next file is the P12 file, which uses both our private key (ios.key) and the iOS distribution certificate (ios_distribution.pem):
    openssl pkcs12 -export -inkey ios.key -in ios_distribution.pem -out ios_distribution.p12

    You will be asked to enter the access phrase for the ios.key file (which you noted from earlier) and you will need to generate an export password for the P12 file and verify it. The ios_distribution.p12 file is then generated.
    keys4

  11. The last file you need to generate is the provisioning profile, which again requires you to return to the Apple Provisioning Portal.
    iOsProvisioning
  12. If you plan to use services such as Game Center, In-App Purchase, and Push Notifications, or want a Bundle ID unique to a single app, use an explicit App ID. If you want to create one provisioning profile for multiple apps or don’t need a specific Bundle ID, select a wildcard App ID. Wildcard App IDs use an asterisk (*) as the last digit in the Bundle ID field. Please note that iOS App IDs and Mac App IDs cannot be used interchangeably.
  13. Select the certificates you wish to include in this provisioning profile. To use this profile to install an app, the certificate the app was signed with must be included.
  14. Bear in mind that such certificates need to be tied to your iOS testing devices via their UDIDs, and again there is documentation on how to do this.
    provisioning profile
    Once the provisioning profile is generated, download it (e.g. iOS_Development.mobileprovision) and save it in the same place as the other files. This file will also need to be installed on each of your iOS testing devices.

You should now have everything that you need to generate an iOS signing key for PhoneGap Build:

  • P12 certificate file
  • provisioning profile
  • certificate password

These steps can also be used to generate a distribution key for the iTunes Store.

Advertisements