-
-
Save jcward/d08b33fc3e6c5f90c18437956e5ccc35 to your computer and use it in GitHub Desktop.
| 1) Generate a private key and certificate signing request: | |
| openssl genrsa -out ios_distribution.key 2048 | |
| openssl req -new -key ios_distribution.key -out ios_distribution.csr -subj '/[email protected], CN=Example, C=US' | |
| 2) Upload CSR to apple at: https://developer.apple.com/account/ios/certificate/create | |
| - choose Production -> App Store and Ad Hoc | |
| 3) Download the resulting ios_distribution.cer, and convert it to .pem format: | |
| openssl x509 -inform der -in ios_distribution.cer -out ios_distribution. | |
| 4) Download Apple's Worldwide developer cert (from portal) and convert it to pem: | |
| openssl x509 -in AppleWWDRCA.cer -inform DER -out AppleWWDRCA.pem -outform PEM | |
| 6) Convert your cert plus Apple's cert to p12 format (choose a password for the .p12): | |
| openssl pkcs12 -export -out ios_distribution.p12 -inkey ios_distribution.key -in ios_distribution.pem -certfile AppleWWDRCA.pem | |
| Finally, update any provisioning profiles with the new cert, and download from dev portal. |
| If you like to GPG your certs and store them in your repo: | |
| tar -cf ios_distribution.tar ios_distribution.* *.mobileprovision Apple* | |
| gpg -c ios_distribution.tar | |
| Decrypt and untar using: | |
| gpg --decrypt ios_distribution.tar | tar -x | |
| Here's a .gitignore that ignores everything in the directory (aka, certs and | |
| keys, which you don't want to check in) except the .gpg file and itself: | |
| * | |
| !*.gpg | |
| !.gitignore |
Step 4 says:
Download Apple's Worldwide developer cert (from portal) and convert it to pem:
My question is what portal? I didn't find how to download it.
Download Apple's Worldwide developer cert https://developer.apple.com/certificationauthority/AppleWWDRCA.cer
Some payment is required for section 2?
Hi
I try to access to : https://developer.apple.com/account/ios/certificate/create
But is redirecting me to this new url :
https://developer.apple.com/account/#/welcome
Some payment is required? Or only users with an ios mobile or mac laptop can access to :
https://developer.apple.com/account/ios/certificate/create
Thanks
U will have to enroll in the apple developer program thingy
Tested from Ubuntu 20 to create a .p12 for bitrise : sadly it didn't work :
AppleWWDRCA.cer
Download Apple's Worldwide developer cert https://developer.apple.com/certificationauthority/AppleWWDRCA.cer
This one expired in February 2023. See https://developer.apple.com/support/expiration/ for details.
I was getting an error in the Unity Developer console when trying to create a build target:
Failed to update credentials. The .p12 file failed validation against Apple CA chain
By trial and error I discovered that the fix was to use -CAfile instead of -certfile in the openssl pkcs12 -export command. I hope this helps somebody!
openssl x509 -inform der -in ios_distribution.cer -out ios_distribution.
There is missing extension at the end. It should be:
openssl x509 -inform der -in ios_distribution.cer -out ios_distribution.pem