Skip to main content

Apple Certificates Overview

Certificate files can be in .p12 file format as a private-public key pair. There are 2 main types of iOS certificates:

1. Apple Development: Used for development and testing.

The development certificates allow deploying apps to the developer devices (connected physically for testing and debugging) during the actual development process on Xcode.

The common practice is to generate this certificate automatically on Xcode, although manual generation is also available. Binaries built with a development certificate cannot be distributed.

2. Apple Distribution: Used for submitting applications to the App Store, or for Ad Hoc and Enterprise distribution. (Refer to the provisioning profiles section for the differences between these distribution types.)

In most cases, you will be using a distribution certificate with the combination of a provisioning profile to build and distribute apps in Appcircle.

There is a one-to-many relationship between certificates and provisioning profiles, so you may have multiple provisioning profiles associated with a single certificate.

info

For app builds, signing identities are not mandatory. For example, you can use unsigned apps to run on the simulator or on third-party platforms that resign your app, such as AWS Device Farm.

However, unsigned binaries cannot be installed on actual devices; therefore they cannot be used in the Appcircle Testing Distribution.

You can obtain your developer certificates and provisioning profiles from the Apple Developer Portal:

Code Signing Resources | Apple Developer Forums
No description available
developer.apple.com
Preview of Code Signing Resources | Apple Developer Forums

Using Appcircle Signing Identity module for Apple Certificates

Creating an Apple Certificate

With Appcircle’s advanced Signing Identity module, you can easily generate certificates without logging into your Apple Developer account and securely store these certificates in .P12 format within the Appcircle.

  • To do this, navigate to the Apple Certificates section within the Signing Identity module. Then, using the Add New button, you can create a certificate.
Screenshot
  • In the opened window, continue by selecting the “Create an Apple Certificate” step.
Screenshot
  • Appcircle requires an App Store Connect API Key associated with your account to create a certificate. If the API Key is not added to your Appcircle organization, you cannot proceed with the certificate creation process. For more information, please refer to the App Store Connect API Key documentation.
Screenshot
  • After selecting the appropriate API Key, Appcircle requires a CSR (Certificate Signing Request) file to create an Apple certificate. With the options provided by Appcircle, you can either upload an existing CSR file from your local environment or select one created on Appcircle from the list. For more detailed information about the CSR creation process, please refer to the Generate Signing Request to Create Certificate section.
Screenshot

Create Certificate with Uploading CSR

To create a certificate by uploading an existing CSR file, proceed by selecting the Upload Certificate Signing Request option. You must upload the CSR file you intend to use and specify the type of certificate you want to generate.

Screenshot

After selecting the type of certificate you want to create, you will see a password field. This field is optional and is used to encrypt the P12 file that will be exported after the certificate is created. You can manually enter a password in this field, or you can choose the Automatically Generate Password option to have the password generated automatically.

Generating Password

Adding a password during P12 export is completely optional. If you do not specify a password, the P12 file will be created without one. However, if you prefer for automatic password generation, be sure to record the password generated by Appcircle. Otherwise, you may encounter issues when using the provisioning file.

Screenshot

Create Certificate with Existing CSR

If you want to create a certificate by selecting an existing CSR file in Appcircle, you can proceed by using the Select Certificate Signing Request from List option.

When this option is selected, all existing CSR files in Appcircle will be listed, prompting you to choose one. After selecting the relevant CSR file, the desired certificate type must be chosen. Optionally, a password can be specified, or the Auto Generate Password feature can be used to generate one automatically.

Generating Password

Adding a password during P12 export is completely optional. If you do not specify a password, the P12 file will be created without one. However, if you prefer for automatic password generation, be sure to record the password generated by Appcircle. Otherwise, you may encounter issues when using the provisioning file.

Screenshot

Creating Certificate Signing Request File

The Certificate Signing Request (CSR) file is required by Apple when creating a certificate. This file allows the user to generate a certificate, so it must be created in advance and provided as needed. Since this file can only be generated on a macOS operating system, it is unlikely to be created on other systems. Therefore, you can easily generate a CSR file using Appcircle’s Generate Signing Request to Create Certificates feature.

Screenshot

By correctly filling in the required parameters such as name, email, and country you can generate this file without needing a macOS operating system.

Generating CSR File

It is important that the information provided is accurate. Any errors in these details may prevent Apple from allowing the certificate generation process.

Screenshot

Creating P12 File Without Mac

Screenshot

To generate your iOS certificates, simply fill in your details and Appcircle will provide a CSR (certificate signing request) which you can use on Apple Developer Portal to generate your signing certificate.

  • Create a CSR File
Screenshot

  • Download your CSR file

  • Go to the Apple Developer Portal and select "Certificates, IDs & Profiles" from the left menu, then click on "Certificates."

    Screenshot

  • Select the type of certificate you want to create. If you want to distribute to TestFlight, Ad-hoc or AppStore, you should select Apple Distribution. If you're creating a certificate for local development environment, you should select Apple Development.

Screenshot
  • Upload the CSR file you have created on Appcircle
Screenshot

  • Download your generated CER file from the Apple Developer portal

  • Upload the CER file to the signing identities module by clicking on the upload button next to the CSR file.

Screenshot Screenshot
  • Your CSR will now be converted to a P12 file as an iOS signing certificate. (Please note that the P12 file comes with an empty password.)

Uploading P12 Certificate

To upload your Apple Certificate, select "Upload Certificate Bundle (.p12)" button and upload your pre-obtained Apple Certificate file.

Screenshot

You can see a list of your created or uploaded certificates. Each certificate will display the certificate name, certificate type (development, ad-hoc, in-house, or app store distribution) along with expiration dates.

caution

If your password contains special characters such as $ and #, your workflow may fail with MAC verification failed during PKCS12 import message. If you receive such an error, please export your P12 file by removing that symbol.

Screenshot

Deleting a Certificate

To delete an Apple Certificate, click the ... button and select the Delete option.

info

Certificates deleted on Appcircle will only be removed from Appcircle and will not affect those on Apple Developer account.

Screenshot