- Create a new directory;
mkdir Apple\ Enterprise
cd Apple\ Enterprise
- Generate a certificate signing request
openssl req -nodes -newkey rsa:2048 -keyout ios_enterprise.key -out CertificateSigningRequest.certSigningRequest
- With the information like so (ensure you give it a password):
Country Name (2 letter code) [AU]:GB
State or Province Name (full name) [Some-State]:London
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Total Onion Ltd
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:Total Onion Enterprise
Email Address []:
- Login to developer.apple.com, go to:
"Member Center" -> "Manage your certificates, App IDs, devices, and provisioning profiles." -> "Certificates" -> "Add"
-
Go through the wizard, selecting the certificate type, and uploading the .csr.
-
Download the .cer file, saving it to the folder created in step 1
-
Convert the .cer file to a .pem file:
openssl x509 -in ios_enterprise.cer -inform DER -out ios_enterprise.pem -outform PEM
- Convert the .pem to a .p12:
openssl pkcs12 -export -inkey ios_enterprise.key -in ios_enterprise.pem -out ios_enterprise.p12
- You can now create a "Provisioning Profile" in the "Member Center" on developer.apple.com using the certificate you made in step 4
If you are using a build system like Ionic Appflow and receive an error like this one:
security: SecKeychainItemImport: MAC verification failed during PKCS12 import (wrong password?)
It's because "OpenSSL 3.x changed its default algorithm in pkcs12. Which is not compatible with embedded Security frameworks in macOS/iOS. You could alternatively use OpenSSL 1.x."
Add the -legacy flag in step 8. See here for more info. Massive thanks to i_82 and Jarrod Moldrich.
I tried. The step 7, but my file was called development.cer, so I had to change the name.