Signing certificates securely store your credentials so you can easily reference them when building your app in the cloud.
You'll need two sets of Apple certificates when your app goes to production, which means you'll eventually need two signing certificates: one for development and one for production.
We'll guide you through creating a development signing certificate with the credentials that you need for the desired platform below.
The Android keystore, used for signing apps, can be generated using keytool, which is included in the
Java JDK. Change
MY_ALIAS_NAME to be relevant to your app. The tool will ask you to enter a keystore password and a key password.
$ keytool -genkey -v -keystore MY-RELEASE-KEY.keystore -alias MY_ALIAS_NAME -keyalg RSA -keysize 2048 -validity 10000 -storetype jks
You'll need an Apple Developer account (Individual or Organization). See comparing memberships.
Every app must register an ID with Apple.
- Navigate to Certificates, IDs & Profiles › Identifiers in the Apple Developer Center and register a new App ID.
- Under Explicit App ID, set the Bundle ID to the ID you've specified in your app's
config.xmlfile. iOS Bundle IDs are represented as a reversed address, such as
Devices must be explicitly registered with Apple for development.
- Navigate to Certificates, IDs & Profiles › Devices in the Apple Developer Center and register a new Device.
- Give your device a name and enter the device's UDID. Find your UDID.
Before you can get a certificate from Apple, you'll need to generate a certificate signing request file. It can be created on Mac OSX by using Keychain Access and on other platforms by using OpenSSL.
- Navigate to Keychain Access › Certificate Assistant › Request a Certificate From a Certificate Authority on your Mac.
- Enter your name and email address. Leave the CA Email blank.
- Select Saved to disk and hit continue. This will generate your
- Generate a private RSA key file.
$ openssl genrsa -out keyname.key 2048
- Create the certificate signing request file by filling out the interactive form.
$ openssl req -new -key keyname.key -out CertificateSigningRequest.certSigningRequest
Before you can generate App Certificates & Provisioning Profiles, you'll need to
register your app and any devices, and obtain a
App Certificates & Provisioning Profiles are for signing your app and giving it access to certain devices.
There are two types of Apple certificates: development and production. We'll guide you through generating signing certificates with a development certificate.
- Navigate to Certificates, IDs & Profiles › Certificates in the Apple Developer Center and create a new certificate. Under Development, select iOS App Development.
- Step through the steps. Upload the
.certSigningRequestyou created to generate a certificate. Then, download your certificate. It should be a
Next, we'll need to convert the certificate from a
.cer file to a
.p12 file. It can be converted on Mac OSX by using Keychain Access and on other platforms by using OpenSSL.
- Drag your
.cerfile into your login keychain.
- Right click on your imported certificate and click Export.
- Select Personal Information Exchange (.p12) for File Format.
- Save the certificate, giving it a strong password.
- Download your iOS certificate to the same directory as your private RSA key.
- Change the format of the iOS certificate to PEM.
$ openssl x509 -inform DER -outform PEM -in ios_development.cer -out ios_development.cer.pem
- Export the certificate as a
.p12file, giving it a strong password.
$ openssl pkcs12 -export -inkey keyname.key -in ios_development.cer.pem -out Certificates.p12
Provisioning profiles give your app access to be installed, or provisioned, on specific devices. For iOS App Development provisioning profiles, devices are selected manually.
- Navigate to Certificates, IDs & Profiles › Profiles in the Apple Developer Center and create a new provisioning profile.
- Under Development, select iOS App Development.
- Select the correct App ID (with the Bundle ID matching your app's
- Select the certificate you generated.
- Select any and all development devices.
- Download the
.mobileprovisionfile, which is your provisioning profile file.
For apps that have extensions and require multiple provisioning profiles (apps with watch apps for example), these are the requirements to build them in AppFlow:
- Multiple profiles are only supported for Capacitor apps
- That there is one project, one workspace, and one scheme that are all named the same
- One certificate is used for all provisioning profiles (and that is the certificate for the app in Appflow)
- Each extension is a separate target
- WidgetKit for app widgets is only supported on Xcode 12 or newer