Skip to content

Instantly share code, notes, and snippets.

@scips
Forked from jcward/Readme.txt
Created February 7, 2019 17:24
Show Gist options
  • Save scips/04c86f1696b88a2cd0faee05a4645dac to your computer and use it in GitHub Desktop.
Save scips/04c86f1696b88a2cd0faee05a4645dac to your computer and use it in GitHub Desktop.
Generating iOS P12 / certs without Mac OSX Keychain (on linux, windows, etc)
1) Generate a private key and certificate signing request:
openssl genrsa -out ios_distribution.key 2048
openssl req -new -key ios_distribution.key -out ios_distribution.csr -subj '/[email protected], CN=Example, C=US'
2) Upload CSR to apple at: https://developer.apple.com/account/ios/certificate/create
- choose Production -> App Store and Ad Hoc
3) Download the resulting ios_distribution.cer, and convert it to .pem format:
openssl x509 -inform der -in ios_distribution.cer -out ios_distribution.
4) Download Apple's Worldwide developer cert (from portal) and convert it to pem:
openssl x509 -in AppleWWDRCA.cer -inform DER -out AppleWWDRCA.pem -outform PEM
6) Convert your cert plus Apple's cert to p12 format (choose a password for the .p12):
openssl pkcs12 -export -out ios_distribution.p12 -inkey ios_distribution.key -in ios_distribution.pem -certfile AppleWWDRCA.pem
Finally, update any provisioning profiles with the new cert, and download from dev portal.
If you like to GPG your certs and store them in your repo:
tar -cf ios_distribution.tar ios_distribution.* *.mobileprovision Apple*
gpg -c ios_distribution.tar
Decrypt and untar using:
gpg --decrypt ios_distribution.tar | tar -x
Here's a .gitignore that ignores everything in the directory (aka, certs and
keys, which you don't want to check in) except the .gpg file and itself:
*
!*.gpg
!.gitignore
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment