Skip to content

iOS Signing Certificates

To build signed iOS apps in Capawesome Cloud, you need to configure signing certificates. iOS apps are signed using a certificate (.p12 file) and one or more provisioning profiles (.mobileprovision files). These ensure the authenticity and integrity of your application and define which devices can run your app.

Configuration

To create an iOS signing certificate, navigate to the Signing Certificates page in the Capawesome Cloud Console and provide the following information:

  • Name: A descriptive name for the certificate (e.g., "Production iOS Certificate").
  • Platform: Must be set to iOS.
  • Type: The certificate type (Development or Production).
  • Certificate File: The .p12 file containing the signing certificate and private key.
  • Certificate Password: The password for the .p12 file.
  • Provisioning Profiles: The .mobileprovision files associated with the app. In general, only one provisioning profile is needed. However, if you are using app extensions, you may need to upload multiple provisioning profiles (one for the main app and one for each extension).

Read on for detailed instructions on creating and obtaining these credentials.

Obtaining Credentials

Name

Choose a descriptive name that helps you identify the certificate's purpose (e.g., "Production iOS Certificate", "Development Certificate", "App Store Distribution"). This name is only used within Capawesome Cloud for organization purposes.

Type

Select the appropriate certificate type:

  • Development: For development and testing builds that run on registered devices.
  • Production: For distribution builds intended for TestFlight, App Store, or enterprise distribution.

Certificate File

A .p12 file (Personal Information Exchange) containing your signing certificate and private key is required. You can export this file from Keychain Access or create a new certificate in the Apple Developer portal.

Export from Keychain Access

If you already have a signing certificate installed on your Mac:

  1. Open Keychain Access (Applications > Utilities > Keychain Access).
  2. In the left sidebar, select login and then My Certificates.
  3. Look for certificates named:
  4. Apple Distribution: [Your Name] (for App Store/Production builds)
  5. Apple Development: [Your Name] (for development builds)
  6. Expand the certificate to see the private key underneath (indicated by a key icon).
  7. Select both the certificate and its private key by holding Command and clicking both items.
  8. Right-click on the selection and choose Export 2 items....
  9. Choose a name for the file (e.g., certificate.p12) and select Personal Information Exchange (.p12) as the file format.
  10. Click Save.
  11. Set a password when prompted. This password will be required when uploading the certificate to Capawesome Cloud.
  12. You may be prompted to enter your macOS user password to allow the export.
Private key required

You must export both the certificate and its private key together. If you don't see a private key under your certificate in Keychain Access, the certificate may have been installed without the private key, and you'll need to create a new certificate or obtain it from the original creator.

Create in Apple Developer Portal

If you need to create a new certificate:

  1. Sign in to your Apple Developer account.
  2. Navigate to Certificates, Identifiers & Profiles.
  3. Click on Certificates in the sidebar.
  4. Click the + button to create a new certificate.
  5. Select the appropriate certificate type:
  6. For development: Apple Development
  7. For production: Apple Distribution
  8. Click Continue.
  9. You'll be prompted to upload a Certificate Signing Request (CSR). To create a CSR:
  10. Open Keychain Access on your Mac.
  11. From the menu bar, select Keychain Access > Certificate Assistant > Request a Certificate From a Certificate Authority.
  12. Enter your email address and name.
  13. Select Saved to disk and click Continue.
  14. Save the CSR file to your computer.
  15. Upload the CSR file in the Apple Developer portal and click Continue.
  16. Download the generated certificate file (.cer).
  17. Double-click the downloaded .cer file to install it in Keychain Access.
  18. Follow the Export from Keychain Access instructions above to export the certificate as a .p12 file.

Certificate Password

This is the password you set when exporting the .p12 file from Keychain Access. You'll need to provide this password when uploading the certificate to Capawesome Cloud.

Provisioning Profiles

Provisioning profiles are required to run your app on devices and define which devices and capabilities your app can use. You need to provide one or more .mobileprovision files.

Find Locally

If you've previously built your app in Xcode, provisioning profiles may already be available on your Mac:

  1. Open Terminal.
  2. List all provisioning profiles: 
    ls -la ~/Library/MobileDevice/Provisioning\ Profiles/

  3. To identify which profile belongs to your app, you can check the App ID (bundle identifier) in each profile: 

    security cms -D -i ~/Library/MobileDevice/Provisioning\ Profiles/PROFILE_UUID.mobileprovision | plutil -extract Entitlements.application-identifier raw -
    Replace PROFILE_UUID.mobileprovision with the actual filename from step 2.

  4. The output will show the App ID in the format TEAM_ID.BUNDLE_ID (e.g., ABC123DEF4.com.example.app).

  5. Copy the correct .mobileprovision file(s) to a location where you can upload them.

Create and Download from Apple Developer Portal

To create a new provisioning profile or download an existing one:

  1. Sign in to your Apple Developer account.
  2. Navigate to Certificates, Identifiers & Profiles.
  3. Click on Profiles in the sidebar.
  4. To create a new profile, click the + button:
  5. Select the appropriate profile type:
    • For development: iOS App Development
    • For production: App Store (for App Store and TestFlight) or Ad Hoc (for enterprise distribution)
  6. Click Continue.
  7. Select your App ID from the dropdown menu and click Continue.
  8. Select the certificate(s) to include in this profile and click Continue.
  9. For development profiles, select the devices to include and click Continue.
  10. Enter a Provisioning Profile Name and click Generate.
  11. Download the generated provisioning profile (.mobileprovision file).
  12. Repeat this process for any app extensions if your app includes them. Each extension requires its own provisioning profile matching its bundle identifier.
Multiple provisioning profiles

If your app includes app extensions (e.g., Share Extension, Widget Extension), you need to provide a provisioning profile for the main app and one for each extension. Make sure each profile matches the correct bundle identifier.

Profile expiration

Provisioning profiles expire after a certain period (typically one year). If your builds fail due to expired profiles, you'll need to regenerate and upload new ones in the Apple Developer portal.