Skip to content

Instantly share code, notes, and snippets.

@tony1223
Forked from jcward/Readme.txt
Created June 8, 2018 06:59
Show Gist options
  • Save tony1223/1720ed82007f9137ca95069f5bad01a8 to your computer and use it in GitHub Desktop.
Save tony1223/1720ed82007f9137ca95069f5bad01a8 to your computer and use it in GitHub Desktop.
Generating iOS P12 / certs without Mac OSX Keychain (on linux, windows, etc)
1) Generate a private key and certificate signing request:
openssl genrsa -out ios_distribution.key 2048
openssl req -new -key ios_distribution.key -out ios_distribution.csr -subj '/[email protected], CN=Example, C=US'
2) Upload CSR to apple at: https://developer.apple.com/account/ios/certificate/create
- choose Production -> App Store and Ad Hoc
3) Download the resulting ios_distribution.cer, and convert it to .pem format:
openssl x509 -inform der -in ios_distribution.cer -out ios_distribution.
4) Download Apple's Worldwide developer cert (from portal) and convert it to pem:
openssl x509 -in AppleWWDRCA.cer -inform DER -out AppleWWDRCA.pem -outform PEM
6) Convert your cert plus Apple's cert to p12 format (choose a password for the .p12):
openssl pkcs12 -export -out ios_distribution.p12 -inkey ios_distribution.key -in ios_distribution.pem -certfile AppleWWDRCA.pem
Finally, update any provisioning profiles with the new cert, and download from dev portal.
If you like to GPG your certs and store them in your repo:
tar -cf ios_distribution.tar ios_distribution.* *.mobileprovision Apple*
gpg -c ios_distribution.tar
Decrypt and untar using:
gpg --decrypt ios_distribution.tar | tar -x
Here's a .gitignore that ignores everything in the directory (aka, certs and
keys, which you don't want to check in) except the .gpg file and itself:
*
!*.gpg
!.gitignore
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment