How to Generate a P12 Certificate for Signing an iOS App

Last updated June 5, 2023 by Appdome

Code signing is a prerequisite for installing any app on a mobile iOS device.

A valid signature, which uses an Apple-issued certificate, ensures the integrity of an app and stands as proof that the app comes from a known and approved source and has not been tampered with.

By enforcing mandatory code signing, Apple ensures that no third-party app loads unsigned code resources or uses self-modifying code.

During the Appdome app Build, Build process adapters are added to the app to achieve the requested added functionality. As a result, the app’s original signature is invalidated and must be re-signed to allow deploying the app on mobile devices.

Appdome allows signing an app via the Sign tab, by using any of the following methods:

  • On Appdome

Allowing Appdome to take care of the entire signing process. You only need to provide the signing credentials. For details, see topic How to Sign Secured iOS Apps without Xcode.

  • Private Signing

Gives you full responsibility for handling the entire signing process. For details, see topic How to Privately Code Sign Sealed iOS Apps using DevSecOps Build System.

  • Auto-DEV Private Signing

Allows you to sign the app without uploading the signing certificate to Appdome’s cloud service.
Appdome provides you with a script (.sh file), which runs on your trusted environment and signs the app by using your credentials (certificate and password) as input. For details, see topic How to Automate Secure iOS App Code Signing in DevOps CI/CD.

As part of the Appdome signing process of secured iOS apps, by using either Auto-dev Private Signing or Signing on Appdome, you are required to extract and upload a Provisioning Profile and an entitlement file for each executable in the app, and when using signing on Appdome, a P12 certificate and its password.

This article provides instructions for generating the P12 distribution certificate and for using it via Appdome.

What is a P12 file?

A distribution certificate identifies your team/organization within a distribution provisioning profile and allows you to submit your app to the Apple App Store.

A .p12 file contains the certificates that Apple needs in order to build and publish apps.

The steps below guide you through the process of creating an iOS Distribution Certificate and .p12 file. To learn more about certificates and how they work in Apple’s App Store, you are advised to visit the iOS Dev Center and consult the official Apple documentation.

Note:

If you already have an apple certificate, go to section Downloading the Certificate Signing Request from your Apple Developer Account (developer.apple.com).

Creating a New Certificate Signing Request for Development

Notice: The steps below require a Mac computer.

To create a new certificate signing request:

  1. Open Keychain Access.
  2. Go to Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority.
    Request a Certificate from a Certificate Authority in the Keychain Access
  3. Enter your information: Email Address and Certificate Common Name.
    Note: The Certificate Authority email address is not needed if you are saving the certificate signing request to disk.
    Certificate information
  4. Select the Saved to Disk option and click Continue.
  5. Select the directory on your Mac computer in which you would like to store the certificate signing request file. Alternatively, accept the default directory. When done, click  Save.
    Save the certificate signing request file
  6. Go back to Apple developer webpage.
    To generate your certificate, you need to import the certificate signing request.
  7. Click Continue.
    Create a new certificate

Downloading the Certificate Signing Request from Your Apple Developer Account

Now that Your certificate is ready, download and activate it by running the following steps:

  1. Click Download to download the certificate to your Mac.
  2. Give the certificate a name with a .cer extension.
  3. Save the certificate file to a location of your choice on your Mac computer.
    Save the certificate file on a Mac computer
  4. Locate the certificate in the finder and double-click the certificate file name to add to Keychain Access on your Mac computer.
    This step is required to allow you to create a P12 file from Keychain Access.
    Create a P12 file from Keychain Access
  5. Open Keychain Access on your Macintosh computer.
  6. From the left navigation panel, under Category, select Certificates.
  7. In the search bar, type: distribution.
  8.  Locate your new certificate and expand it by clicking the triangle icon to the left of the certificate name.
    After expanding, you should see a private key under the distribution certificate.
    Private Key Number
  9.  Right-click the distribution certificate and click Export iPhone Distribution to create a P12 certificate file containing the distribution certificate and the private key.
  10. Give the P12 certificate file a name.
  11. Specify a location where the file is to be saved and then click Save.
    This P12 certificate will be used for signing apps on the Appdome platform.
    P12 certificate used for signing apps on Appdome platform
  12. After saving, you will be prompted to enter a password to protect the P12 certificate file.
  13. Click OK after entering and verifying your password.
    This is the password you must provide when signing your application (locally or on Appdome).
    Important: Do not lose this password, as it is required for future iOS signing.
    password required for future iOS signing
  14. If prompted, click Allow to enable Keychain Access to export the key from your keychain.
    Enabling Keychain Access to export the key from your keychain

Congratulations! You now have a proper P12 certificate file. Now you can use it to sign your application via Appdome.

Related Articles

If you have any questions, you are welcome to contact us at support@appdome.com or via the chat window on the Appdome platform.

Appdome

Want a Demo?

Automated Signing of Secured Mobile Apps

TomWe're here to help
We'll get back to you in 24 hours to schedule your demo.