Generating Certificates

Signing certificates securely store your credentials so you can easily reference them when building your app in the cloud.

Overview#

You'll need two sets of Apple certificates when your app goes to production, which means you'll eventually need two signing certificates: one for development and one for production.

We'll guide you through creating a development signing certificate with the credentials that you need for the desired platform below.

Android Certificates#

The Android keystore, used for signing apps, can be generated using keytool, which is included in the Java JDK. Change MY-RELEASE-KEY and MY_ALIAS_NAME to be relevant to your app. The tool will ask you to enter a keystore password and a key password.

$ keytool -genkey -v -keystore MY-RELEASE-KEY.keystore -alias MY_ALIAS_NAME -keyalg RSA -keysize 2048 -validity 10000 -storetype jks

iOS Certificates#

You'll need an Apple Developer account (Individual or Organization). See comparing memberships.

Registering your App ID#

Every app must register an ID with Apple.

iOS App id

  • Under Explicit App ID, set the Bundle ID to the ID you've specified in your app's config.xml file. iOS Bundle IDs are represented as a reversed address, such as com.ionicframework.MyIonicApp.

Device Registration#

Devices must be explicitly registered with Apple for development.

iOS Register Device

Certificate Signing Request#

Before you can get a certificate from Apple, you'll need to generate a certificate signing request file. It can be created on Mac OSX by using Keychain Access and on other platforms by using OpenSSL.

Using Keychain Access#

  • Navigate to Keychain Access › Certificate Assistant › Request a Certificate From a Certificate Authority on your Mac.

iOS CSR

  • Enter your name and email address. Leave the CA Email blank.
  • Select Saved to disk and hit continue. This will generate your .certSigningRequest file.

Using OpenSSL#

  • Generate a private RSA key file.
$ openssl genrsa -out keyname.key 2048
  • Create the certificate signing request file by filling out the interactive form.
$ openssl req -new -key keyname.key -out CertificateSigningRequest.certSigningRequest

iOS App Certificate & Provisioning Profile(s)#

Before you can generate App Certificates & Provisioning Profiles, you'll need to register your app and any devices, and obtain a .certSigningRequest.

App Certificates & Provisioning Profiles are for signing your app and giving it access to certain devices.

Certificate#

There are two types of Apple certificates: development and production. We'll guide you through generating signing certificates with a development certificate.

iOS Cert

  • Step through the steps. Upload the .certSigningRequest you created to generate a certificate. Then, download your certificate. It should be a .cer file.

Next, we'll need to convert the certificate from a .cer file to a .p12 file. It can be converted on Mac OSX by using Keychain Access and on other platforms by using OpenSSL.

Using Keychain Access#

  • Drag your .cer file into your login keychain.
  • Right click on your imported certificate and click Export.

iOS Cert

  • Select Personal Information Exchange (.p12) for File Format.
  • Save the certificate, giving it a strong password.

Using OpenSSL#

  • Download your iOS certificate to the same directory as your private RSA key.
  • Change the format of the iOS certificate to PEM.
$ openssl x509 -inform DER -outform PEM -in ios_development.cer -out ios_development.cer.pem
  • Export the certificate as a .p12 file, giving it a strong password.
$ openssl pkcs12 -export -inkey keyname.key -in ios_development.cer.pem -out Certificates.p12

Provisioning Profile#

Provisioning profiles give your app access to be installed, or provisioned, on specific devices. For iOS App Development provisioning profiles, devices are selected manually.

iOS Provisioning Profile

  • Under Development, select iOS App Development.
  • Select the correct App ID (with the Bundle ID matching your app's config.xml file)
  • Select the certificate you generated.
  • Select any and all development devices.
  • Download the .mobileprovision file, which is your provisioning profile file.