Apple: Distributions and Certificates

Published in

Ideas by Idean

5 min readOct 10, 2019

Apple’s requirements

Apple requires that every iOS application must be be certified, secure and can only downloaded from its Apple store. To be downloaded on an Apple terminal (iPhone, iPad, etc.) an application must have a “certificate”, an “identifier” and a “profile”.

There are two types of “profiles”

Development profiles

This configuration is linked to the development of an application. This development configuration allows you to install an application on specific terminals (for development, testing, etc.). The file used to specify the authorized media is called a provisioning profile.

In order to generate a “provisioning profile” it is necessary to have:

an App ID which is a two-part channel used to identify the application.
a Development Certificate which is the certificate associated with the account of the developper or company who wishes to test the solution. This private key used to sign the application corresponds to the public key of the certificate.
one or more Device ID which is the UUID (Unique Device Identifiers) of the authorized terminals.

If the link between these elements fail, the application will not be able to be installed on a terminal.

In Xcode this gives…

Distribution of profiles

This configuration is essential in order to allow the app to be available on the App store. It allows you to submit an application for approval to the Apple store or to a corporate store. The file allowing to precise the essential elements for a store setting are also present in a provisioning profile.

To generate a “provisioning profile” it is necessary to have:

the App ID which is to a two-part channel used to identify the application.
the Development Certificate, which is the certificate associated with the account of the company or developer that owns the application.

This provisioning profile will not include a Device ID but will specify the types of terminals compatible with the application.

There are two modes of distribution

The public distribution method

The development certificate is associated with the debug path. The production certificate can be associated with two types of paths:

Ad Hoc which is a Release provisioning usually dedicated to Alpha testers.

Ad Hoc broadcasting works like an In-House deployment to a private server. Once the API is created, it must be deployed on a secure server so that authorized terminals (the Device IDs included in the provisioning) can download the application.
To distribute an application in Ad Hoc you will need to create an In House distribution certificate, declare its application via Apple Developer and generate the associated provisioning profile.

2. The App Store which can also be distributed on two different environments:

On Test Flight (https://developer.apple.com/testflight/) which is an environment dedicated to Beta testers hosted on the App Store.
On the App Store which is the official Apple store

The company’s distribution method

The development certificate is associated with the debug path. The production certificate can be associated with two types of routes:

The Ad Hoc is a Release provisioning usually dedicated to Alpha testers.

Ad Hoc broadcasting to a private server and only installable by authorized terminals (Device IDs included in the provisioning).
To distribute an application in Ad Hoc you will need an In House distribution certificate and declare it via Apple Developer to generate the associated provisioning profile.

2. The In House for a private server, for internal applications and without any “Device ID” restriction.

Different types of Certificates

Service extensions

Apple Push Notification Service (APNs) Certificate: to allow notifications to be sent. This certificate varies according to the environments, namely:

The Development Environment says Sandbox

The token is created for a single terminal and will not work on the production push network. This certificate is free of charge and valid for 12 months.

2. The Production (or Ad Hoc) environment

This certificate is free of charge and valid for 13 months.

Apple Pay Payment Processing Certificate: to allow you to make transactions on mobile phones and websites with Apple Pay.

This certificate is associated with the Merchant ID which is to identify the merchant entity. It is unique, does not expire and can be used on several media (website and applications). It is free of charge and valid for 25 months.

Apple Pay Merchant Identity Certificate: to allow you to make payments on a website with Apple Pay.

This certificate is associated with the Merchant ID which corresponds to identifying the merchant entity. This identifier is unique, does not expire and can be used on several media (website and applications). It is free of charge and valid for 25 months.

Pass Type ID Certificate (Wallet): this is the membership’s certificate in the Apple Developer Program. It allows users to update the application.

If this certificate has expired, users of the application will be able to continue using the application but will no longer be able to update it. This certificate costs $99 per year.

Distribution certificates

iOS Distribution Certificate (App Store): this certificate allows you to publish on the Apple Store.

It is associated with the Apple Developer Program. It costs $99 a year.

iOS Distribution Certificate (In House, internal use apps): this certificate allows you to publish in In House or Ad Hoc.

It is associated with the Apple Developer Program. This certificate costs $299 per year.

Development certificates

Developer ID Application Certificate (Mac applications)

Certificates created before 22 February 2017 are valid for 5 years.

Certificates created since 22 February 2017 are valid for 18 years.

Developer ID Installer Certificate (Mac applications)