Steps to create iOS Developer and Distribution Certificates with and without a Mac

Jason Carter
Mobile DevOps & CI/CD/CT
6 min readApr 23, 2020

--

Regardless of what framework or language you use for iOS development, whether Swift or React Native or any other, there is a one common question: “How to create iOS Distribution Certificates or Developer Certificates?”

Sometimes, this question is even asked for purposes other than development such as for jailbreaking, but we will not be divulging into those as it is a controversial and even legally problematic area, so we will stick to iOS certificate generation for mobile app development.

In this post, we will list and explain the steps to create iOS certificates from the Apple Developer Portal with two different options: using a Mac and using an online platform.

First, the basics. Why you need a certificate issued by Apple is to ensure that

  • You are an approved Apple developer enrolled to the Apple Developer Program
  • You are the owner of a specific code signed by your unique and secret code signing certificate
  • You are the owner of a specific code signed by your unique and secret code signing certificate

Let’s now go over the steps to generate certificates for iPhone, iPad and Apple Watch apps.

There are different types of certificates and they have different purposes, but their creation method is exactly the same for iOS apps.

Steps to Create iOS Certificates

1. Enroll in the Apple Developer Program:

The first step to create an iOS certificate is of course, to have an Apple Developer account. For this, you are required to enroll in the Apple Developer Program (or the Apple Developer Enterprise Program if you are a large enterprise with at least 100 employees and plan to distribute in-house apps). Enrollment is just like purchasing a product from the Apple Online Store.

The annual fee for the Apple Developer Program is $99 (or the equivalent local currency) and the annual fee for the Apple Developer Enterprise Program is $299 (or the equivalent local currency).

For your certificates to be valid, you are required to renew your membership every year and regenerate your certificates once they expire one year after their creation date.

Once you enroll, you will have access to the Apple Developer Portal. We will come back to the portal after a quick detour to create a signing request.

2. Generate a Certificate Signing Request (CSR):

Even though Keychain Access application on Mac is commonly used for this purpose, you can use any certificate management tool to create a certificate signing request.

1. Launch the “Keychain Access” app from the Launchpad or Spotlight.

1. Launch the “Keychain Access” app from the Launchpad or Spotlight.

2. From the top menu, select Keychain Access -> Certificate Assistant -> Request a Certificate from a Certificate Authority

3. Fill in the first two fields User Email Address and Common Name. Leave the CA Email Address field blank and select the Saved to disk option below.

Keychain Access on macOS to create signing requests
Keychain Access on macOS to create signing requests

4. Press continue and then save the generated certSigningRequest file on your computer. You can now use this CSR file for the next step.

We will come back to the Keychain Access app later to complete the certificate generation.

If you don’t have access to a Mac or if you don’t want to store your certificates locally, you create a CSR online as follows:

Especially if you are using a cross-platform framework such as Ionic or React Native to develop your apps, you may have limited access to a Mac. Or if you are an enterprise user, you may want to store the certificate centrally instead of a local Mac.

In such cases, you can use an online platform like Appcircle to create CSRs for iOS certificates.

1. Log in to the Appcircle dashboard at https://my.appcircle.io

2. Select Signing Identities -> iOS Certificates from the left menu

3. Press Add New and then select Generate signing request

4. Fill in the fields and press save

Appcircle dashboard to create a signing request without macOS
Appcircle dashboard to create a signing request without macOS

5. Once the CSR is created, press the download button from the actions on the right end of the row. You can now use this CSR file for the next step.

We will come back to the Appcircle Signing Identities module later to complete the certificate generation. You will not require a Mac at any step, and you can generate iOS certificates on Windows.

3. Generate a Certificate from the Apple Developer Portal

You now have an Apple Developer Account and a Certificate Signing Request. Below are the steps to generate a certificate. Please note that the design of the Apple Developer Portal was renewed recently, and this guide is up to date with the new portal as of 2020.

1. Login to the Apple Developer Portal at https://developer.apple.com

2. Select Certificates, IDs & Profiles -> Certificates from the left menu

3. Press the Plus (+) button next to the Certificates heading.

Adding a new certificate on the new Apple Developer Portal
Adding a new certificate on the new Apple Developer Portal

4. You can select one of the following certificate types that is relevant for iOS apps, depending on your use case:

  • Apple Development
  • Apple Distribution (only for the Developer Program)
  • iOS App Development
  • iOS Distribution (only for the Developer Program)
  • In-House and Ad Hoc (only for the Enterprise Program)

5. Press continue after selecting a certificate type. If you are unsure which certificate type to select, you can select iOS App Development for running your app on your registered iOS devices for development purposes.

Selecting a certificate type on the new Apple Developer Portal
Selecting a certificate type on the new Apple Developer Portal

6. In the next screen, upload your CSR file generated in the previous step and press continue.

7. Your certificate is now generated and ready for download. Just press the download button on the top right.

Downloading a certificate from the new Apple Developer Portal
Downloading a certificate from the new Apple Developer Portal

4. Installing the Certificate

The cer file generated in the previous step cannot be used for codesigning alone. It must be installed back to the source from which the CSR was created to generate a private/public key pair.

If you have access to a Mac, you can install the created iOS certificate locally as follows:

On the same Mac where the uploaded CSR comes from, just double click on the file to install it. You can now use this certificate for code signing within that Mac.

If you don’t have access to a Mac or if you don’t want to store your certificates locally, you can install the created iOS certificate online as follows:

On the same Appcircle account where the uploaded the CSR comes from, just locate the CSR and press the upload button from the actions on the right end of the row. Then select the cer file and the certificate will be installed.

Uploading a cer file to generate a code signing certificate
Uploading a cer file to generate a code signing certificate

Voila! You now have a certificate that is not dependent on any local Mac, accessible anywhere.

Generated iOS certificate
Generated iOS certificate

Using the Generated iOS Certificate for Code Signing

In another story, I will be discussing how to create and consume provisioning profiles with which you will be able to sign apps. You can also use a local Mac for signing or an online platform like Appcircle to eliminate the need for a Mac.

--

--