Created
April 14, 2017 15:08
-
-
Save jcward/d08b33fc3e6c5f90c18437956e5ccc35 to your computer and use it in GitHub Desktop.
Generating iOS P12 / certs without Mac OSX Keychain (on linux, windows, etc)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1) Generate a private key and certificate signing request: | |
openssl genrsa -out ios_distribution.key 2048 | |
openssl req -new -key ios_distribution.key -out ios_distribution.csr -subj '/[email protected], CN=Example, C=US' | |
2) Upload CSR to apple at: https://developer.apple.com/account/ios/certificate/create | |
- choose Production -> App Store and Ad Hoc | |
3) Download the resulting ios_distribution.cer, and convert it to .pem format: | |
openssl x509 -inform der -in ios_distribution.cer -out ios_distribution. | |
4) Download Apple's Worldwide developer cert (from portal) and convert it to pem: | |
openssl x509 -in AppleWWDRCA.cer -inform DER -out AppleWWDRCA.pem -outform PEM | |
6) Convert your cert plus Apple's cert to p12 format (choose a password for the .p12): | |
openssl pkcs12 -export -out ios_distribution.p12 -inkey ios_distribution.key -in ios_distribution.pem -certfile AppleWWDRCA.pem | |
Finally, update any provisioning profiles with the new cert, and download from dev portal. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
If you like to GPG your certs and store them in your repo: | |
tar -cf ios_distribution.tar ios_distribution.* *.mobileprovision Apple* | |
gpg -c ios_distribution.tar | |
Decrypt and untar using: | |
gpg --decrypt ios_distribution.tar | tar -x | |
Here's a .gitignore that ignores everything in the directory (aka, certs and | |
keys, which you don't want to check in) except the .gpg file and itself: | |
* | |
!*.gpg | |
!.gitignore |
AppleWWDRCA.cer
Download Apple's Worldwide developer cert https://developer.apple.com/certificationauthority/AppleWWDRCA.cer
This one expired in February 2023. See https://developer.apple.com/support/expiration/ for details.
I was getting an error in the Unity Developer console when trying to create a build target:
Failed to update credentials. The .p12 file failed validation against Apple CA chain
By trial and error I discovered that the fix was to use -CAfile
instead of -certfile
in the openssl pkcs12 -export
command. I hope this helps somebody!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Tested from Ubuntu 20 to create a .p12 for bitrise : sadly it didn't work :