Now that you have your developer account, you need to create certificates that are used to sign your Apps when you submit them. Applying your certificates to the App links the App to your account for proper accounting purposes.
The following steps require a computer running Macintosh OSX
- Go to http://developer.apple.com/
- Click on "iOS Dev Center". (http://developer.apple.com/devcenter/ios/index.action)
- In the right column, click "iOS Provisioning Portal". (http://developer.apple.com/ios/manage/overview/index.action)
Generating a Certificate Signing Request
To request an iOS Distribution Certificate, you first need to generate a Certificate Signing Request (CSR) utilizing the Keychain Access application in Mac OS X Leopard. The creation of a CSR will prompt Keychain Access to simultaneously generate your public and private key pair establishing your iOS Developer identity. Your private key is stored in the login Keychain by default and can be viewed in the Keychain Access application under the "Keys" category. To generate a CSR:
- In your Applications folder, open the Utilities folder and launch Keychain Access.
- In the Preferences menu, set Online Certificate Status Protocol (OSCP) and Certificate Revocation List (CRL) to "Off".
- Choose Keychain Access -> Certificate Assistant -> Request a Certificate from a Certificate Authority. Note: If you have a noncompliant private key highlighted in the Keychain during this process, the resulting Certificate Request will not be accepted by the Provisioning Portal. Confirm that you are selecting "Request a Certificate From a Certificate Authority..." and not selecting "Request a Certificate From a Certificate Authority with
…"
- In the User Email Address field, enter your email address. Please ensure that the email address entered matches the information that was submitted when you registered as an iOS Developer.
- In the Common Name field enter your name. Please ensure that the name entered matches the information that was submitted when you registered as an iOS Developer.
- No CA (Certificate Authority) Email Address is required. The "Required" message will be removed after completing the following step.
- Select the "Saved to Disk" radio button and if prompted, select "Let me specify key pair information" and click "Continue".
- If "Let me specify key pair" was selected, specify a file name and click "Save". In the following screen select "2048 bits" for the Key Size and "RSA" for the Algorithm. Click "Continue".
- The Certificate Assistant will create a CSR file on your desktop.
Submitting a Certificate Signing Request for Approval
- After creating a CSR, log in to the iOS Developer Program Portal and navigate to "Certificates" -> "Distribution" and click the"Request Certificate" button.
- Click the Upload file button, select your CSR and click "Submit". If the Key Size was not set to 2048 bits during the CSR creation process, the Portal will reject the CSR.
- Approve your iOS Distribution Certificate. The Apple Portal may not prompt you to approve your certificate. Switching to another tab and back should allow you to approve your pending certificate.
Downloading and Installing Distribution Certificates
- In the Certificates -> Distribution tab of the Program Portal, click on the name of the iOS Distribution Certificate to download.
- On your local machine, double-click the downloaded .cer file to launch Keychain Access and install your certificate.
Saving your Private Key and Transferring to Other Systems
It is critical that you save your private key somewhere safe in the event that you need to build your application on multiple Macs or decide to reinstall your system OS. Without your private key, you cannot sign binaries in Xcode and then you will be unable to upload your application to the App Store or install your application on any Apple device. When a CSR is generated, the Keychain Access application creates a private key on your login keychain. This private key is tied to your user account and cannot be reproduced if lost due to an OS reinstall. If you plan to do development and testing on multiple systems, you will need to import your private key onto all of the systems you’ll be doing work on.
- To export your private key and certificate for safe-keeping, open up the Keychain Access Application and select the "Keys" category.
- Highlight the private key associated with your iOS Distribution Certificate and select "Export Items" from the "File" menu. Save your key in the Personal Information Exchange (.p12) file format.
- You will be prompted to create a password which will be used when you attempt to import this key on another computer.
- You can now transfer this .p12 file between systems. Double-click on the .p12 to install on a system. You will be prompted for the password you first entered above.