Skip to content

Instantly share code, notes, and snippets.

@boodle
Last active August 16, 2024 19:23
Show Gist options
  • Save boodle/77436b2d9facb8e938ad to your computer and use it in GitHub Desktop.
Save boodle/77436b2d9facb8e938ad to your computer and use it in GitHub Desktop.
Making Apple Developer certificates on Linux
  1. Create a new directory;
mkdir Apple\ Enterprise
cd Apple\ Enterprise
  1. Generate a certificate signing request
openssl req -nodes -newkey rsa:2048 -keyout ios_enterprise.key -out CertificateSigningRequest.certSigningRequest
  1. With the information like so (ensure you give it a password):
	Country Name (2 letter code) [AU]:GB
	State or Province Name (full name) [Some-State]:London
	Locality Name (eg, city) []:
	Organization Name (eg, company) [Internet Widgits Pty Ltd]:Total Onion Ltd
	Organizational Unit Name (eg, section) []:
	Common Name (e.g. server FQDN or YOUR name) []:Total Onion Enterprise
	Email Address []:
  1. Login to developer.apple.com, go to:
"Member Center" -> "Manage your certificates, App IDs, devices, and provisioning profiles." -> "Certificates" -> "Add"
  1. Go through the wizard, selecting the certificate type, and uploading the .csr.

  2. Download the .cer file, saving it to the folder created in step 1

  3. Convert the .cer file to a .pem file:

	openssl x509 -in ios_enterprise.cer -inform DER -out ios_enterprise.pem -outform PEM
  1. Convert the .pem to a .p12:
	openssl pkcs12 -export -inkey ios_enterprise.key -in ios_enterprise.pem -out ios_enterprise.p12
  1. You can now create a "Provisioning Profile" in the "Member Center" on developer.apple.com using the certificate you made in step 4

Notes:

If you are using a build system like Ionic Appflow and receive an error like this one:

security: SecKeychainItemImport: MAC verification failed during PKCS12 import (wrong password?)

It's because "OpenSSL 3.x changed its default algorithm in pkcs12. Which is not compatible with embedded Security frameworks in macOS/iOS. You could alternatively use OpenSSL 1.x."

Add the -legacy flag in step 8. See here for more info. Massive thanks to i_82 and Jarrod Moldrich.

@funder7
Copy link

funder7 commented Nov 25, 2020

Very nice! Thanks!!

@devguerrero
Copy link

Thank you, that was very helpfull!

@artmatsak
Copy link

Thanks! Note: If you want to password-protect the .pem key, ditch the -nodes switch on step 2:

openssl req -newkey rsa:2048 -keyout ios_enterprise.key -out CertificateSigningRequest.certSigningRequest

@JonathonPenberthy
Copy link

Great work o7

@jtqfaire
Copy link

Thanks :)

@quantumass
Copy link

I LOVE YOU

@rlanyi
Copy link

rlanyi commented Aug 6, 2022

saved my day :-)

@lesimoes
Copy link

lesimoes commented Aug 4, 2023

I Came Looking For Copper And I Found Gold

@zam157
Copy link

zam157 commented Oct 19, 2023

Thanks a lot!!!

@Luise8
Copy link

Luise8 commented Nov 2, 2023

I tried. The step 7, but my file was called development.cer, so I had to change the name.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment