Generating a Key for Apple iOS from MacOS
To manually generate a Certificate, you need a Certificate Signing Request (CSR) file from your Mac. To create a CSR file, follow the instructions below to create one using Keychain Access.
Create a CSR file.
In the Applications folder on your Mac, open the Utilities folder and launch Keychain Access.
Within the Keychain Access drop down menu, select Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority.
- In the Certificate Information window, enter the following information:
- In the User Email Address field, enter your email address.
- In the Common Name field, create a name for your private key (e.g., John Doe Dev Key).
- The CA Email Address field should be left empty.
- In the “Request is” group, select the “Saved to disk” option.
- Click Continue within Keychain Access to complete the CSR generating process.
Generating a Key for Apple iOS from Windows
I have a Windows computer and I found it very hard to generate a key. If you follow the steps below, you might find it easier:
- Install Visual C++ 2008 Redistributables
- Download Open SSL for Windows. http://slproweb.com/products/Win32OpenSSL.html and install it onto c:OpenSSL-Win32
- Make sure the bin folder is installed in c:OpenSSL-Win32bin
- Change your PATH variable to have this path:
- Select Computer from the Start menu
- Choose System Properties from the context menu
- Click Advanced system settings > Advanced tab
- Click on Environment Variables, under System Variables, find PATH, and click on it.
- In the Edit windows, modify PATH by adding the location of the class to the value for PATH. If you do not have the item PATH, you may select to add a new variable and add PATH as the name and the location of the class as the value.
- The first thing you need to do is generate a private key. Go to the command line and navigate to whatever directory you want to store the generated files in. Then type in the following to generate the key:
openssl genrsa -des3 -out ios.key 2048
- Next you need to generate a Certificate Signing Request or CSR file. You can do this by running the following command, which uses the ios.key file generated earlier:
openssl req -new -key ios.key -out ios.csr -subj "/emailAddressfirstname.lastname@example.org, CN=CARRA-LUCIA-LTD, C=UK"
- Now you need to go to your Apple Developer iOS Provisioning Portal in order to generate an iOS Development Certificate, using the
ios.csrfile you’ve just generated. Click on “Certificates” in the left hand side, and then “Request”.
- Now download the development certificate that was issued and save it in the same directory where the other generated files are.
- You now need to convert it to a PEM file which you can do with:
openssl x509 -in ios_distribution.cer -inform DER -out ios_distribution.pem -outform PEM
Where ios_development.cer is the name of the development certificate created on the Apple Provisioning Portal and ios_development.pem is the PEM file that we want to generate.
- Next file is the P12 file, which uses both our private key (ios.key) and the iOS distribution certificate (ios_distribution.pem):
openssl pkcs12 -export -inkey ios.key -in ios_distribution.pem -out ios_distribution.p12
You will be asked to enter the access phrase for the ios.key file (which you noted from earlier) and you will need to generate an export password for the P12 file and verify it. The ios_distribution.p12 file is then generated.
- The last file you need to generate is the provisioning profile, which again requires you to return to the Apple Provisioning Portal.
- If you plan to use services such as Game Center, In-App Purchase, and Push Notifications, or want a Bundle ID unique to a single app, use an explicit App ID. If you want to create one provisioning profile for multiple apps or don’t need a specific Bundle ID, select a wildcard App ID. Wildcard App IDs use an asterisk (*) as the last digit in the Bundle ID field. Please note that iOS App IDs and Mac App IDs cannot be used interchangeably.
- Select the certificates you wish to include in this provisioning profile. To use this profile to install an app, the certificate the app was signed with must be included.
- Bear in mind that such certificates need to be tied to your iOS testing devices via their UDIDs, and again there is documentation on how to do this.
Once the provisioning profile is generated, download it (e.g. iOS_Development.mobileprovision) and save it in the same place as the other files. This file will also need to be installed on each of your iOS testing devices.
You should now have everything that you need to generate an iOS signing key for PhoneGap Build:
- P12 certificate file
- provisioning profile
- certificate password
These steps can also be used to generate a distribution key for the iTunes Store.