Apple Certificates and Provisioning Profiles

iOS apps need to be signed with a valid signing identity and must also include a provisioning profile. You can create the signing identities, certificates, and provisioning profiles on the Apple Developer website. (developer.apple.com)

You can generate a .p12 certificate that can be used to sign non-debuggable Production apps using other tools such as cert (https://github.com/fastlane/cert), and upload it.

However, if you want to build a debuggable app for testing, you need to generate and export an iOS Development certificate.

Note:  This can only be done using the Keychain Access app on a Mac computer.

Signing Identities and Certificates

A signing identity is used for code signing, and includes a signing certificate, with its private and public keys stored in the developer's keychain (Apple's password management system).

A signing certificate is used to sign your iOS app and installer package. It proves that the app is created by a known Apple developer, and it is used to verify that the app has not been tampered with.

Apple allows you to create two types of signing certificates—one for iOS Development (including testing and debugging) and another for iOS Distribution. These can then be used in the provisioning profiles for your iOS apps.

  • A development certificate is used during development and identifies a single developer on a team. It allows an app to launch on a device through Xcode.
  • A distribution certificate is used to distribute an app and allow it to launch on a device without the assistance of Xcode. A distribution certificate identifies a team, not a team member.

For more information, see Maintaining Your Signing Identities and Certificates on developer.apple.com.

Provisioning Profiles

A provisioning profile is a collection of information that links an App ID with signing certificates and authorized devices. It is used to control and authorize the devices on which the app can run and the Apple services it can access (such as iCloud or In-App Payment).

Apple enables you to create several types of provisioning profiles:

  • A distribution provisioning profile authorizes an app to run on mobile devices. It is used to submit an app to the App Store or export it for distribution outside of the store.
  • An ad hoc provisioning profile is a type of distribution provisioning profile used for distributing apps for testing.

    Note:  An ad hoc profile is useful for testing Uniface mobile apps.

  • A development provisioning profile authorizes an app to run on designated devices during development. This profile consists of a name, multiple development certificates, unique device identifiers, and an App ID. It must be installed on each device where you want to test your app.

    Devices specified within the provisioning profile can be used for testing only by those individuals whose development certificates are included in the profile. A single device can contain multiple provisioning profiles.

    To make this easier to manage for a development team, you can use a team provisioning profile, which contains all of a team’s development certificates, its registered devices, and a wildcard App ID.

    Note:  Development provisioning profiles are not usually required for Uniface mobile apps because they are hybrid apps that rely on HTML and JavaScript, not native apps developed with Xcode.

Related Topics