1. Generate Certificates, AppIDs and Provisions

Apple requires signing the IPA file with a certificate to be able to install it on devices, so signing the app is a requirement to distribute the app using TestFlight, to upload it to the App Store or to distribute it using another method.

We will access the Apple Developer Portal with our credentials, and follow the instructions below to generate three files (one certificate and two Provisioning Profiles), we will follow the steps to create the necessary files for the Appstore Distribution.

👉 We are going to generate three files:

One .p12 certificate
Two .mobileprovision files

If you already had a certificate created, you will need to be sure it's a .p12 file and that you remember the password. If you don't remember the password or missed the *.p12 file, you can export it again from the Keychain Access app using these steps.

Keep your .p12 certificate file safe. You will need it for updating your app. Also it is recommended to use the same .p12 file for all of your apps under the same developer account.

1. Generate the .p12 certificate

1.1. Create a CSR file from your computer

1. Open the Keychain Access. It's in the folder Applications and Utilities

2. On the upper menu, select Certificate Assistant -> Request a Certificate From a Certificate Authority.

3. Enter you email address in User Email Address, your name in Common Name and leave the CA Email Address field blank.

4. Select Saved to disk.

5. Click continue and Save the file.

1. Install OpenSSL on your desktop. Download and run Win32 OpenSSL Light (or Win64 OpenSSL Light). The wizard will ask you to select where OpenSSL should be installed. Keep the default location set to C:\OpenSSL-Win32. Additionally, when prompted, instruct the installer to copy OpenSSL's DLLs to The Windows system directory.

2. Open a command prompt window.

3. Get access to OpenSSL's bin file with this command:

cd C:\OpenSSL-Win32\bin

4. Now create a private key by entering:

set RANDFILE=.rnd

5. Followed by:

openssl genrsa -out mykey.key 2048

6. The mykey.key is sent to OpenSSL's bin file.

7. Using your private key you can now create the CSR file. To do this, a command with the following format is required:

openssl req -new -key mykey.key -out CertificateSigningRequest.certSigningRequest  -subj "/emailAddress=yourAddress@example.com, CN=John Doe, C=US"

You will need to make some changes when typing the preceding command into the command line. Replace the e-mail address and certificate name with the same e-mail address and name you enrolled within the iOS Developer Program. Also, if you live outside the United States, you will need to edit the country code.

A CSR file named CertificateSigningRequest.certSigningRequest will be created and sent to bin folder.

1.2. Generate a .cer file from Apple

1. Go on Certificates, Identifier & Profiles on your developer space on the left-hand menu of the Apple Developer Portal.

2. In Certificates, click on the + button.

3. In Software, select iOS Distribution (App Store and Ad Hoc) and click Continue.

Now click Choose File and select the .csr file created before.
On the Download Your Certificate screen, Click Download to get the .cer file.

1.3. Generate the .p12 from the is_distribution.cer file

On your computer, double click on the .cer file and click on Add, so it gets installed in our Mac Keychain. (The following popup might appear, but sometimes it's added automatically to the Keychain app).

Now the certificate has been installed on your computer, we will need to export it so it can be used it later to sign the app.

If you haven't done this before, you must have the intermediate signing certificate in your system keychain. To do so, go to this page, scroll down until Intermediate Certificates and click on "Worldwide Developer Relations Certificate Authority (Expiring 02/20/2030)". Then double click on the AppleWWDRCAG3 file.

Now you need to locate the Certificate we just installed, select login at the top left and select My certificates at the bottom left and all the certificates installed in your computer should appear. Note that sometimes it's somewhere else.

Look for a certificate named iPhone Distribution, click on it with the right button (be sure the certificate is folded when selecting it, as we want to export the cert and the key) and choose the Export option. Click the Save button on the dialog.

If you don't see the Export option, try unselecting the folder and selecting it again. Also make sure you are on the same computer that you generated the .cer file on the first place, otherwise you won't have the option to export.

Before exporting, a dialog will appear asking for a password (this is optional). Add a password or leave it blank, but make sure you remember it later (it's one of the most common cause for a failed app build request).

If you miss the .p12 file or forget its password you won't be able to update your app once it's published. You will need to create a new app in Apple, losing your current App Store URL, user ratings, reviews, etc.

Great! 🎉 Save your .p12 file in a safe place.

2. Get the first mobileprovision file

2.1 Create the first identifier

1. In Identifiers, click on the + button.

2. Select App IDs and click Continue.

3. Select Type App and click continue.

4. Enter a short description and fill the Bundle ID:

The naming recommendation is using an inverse domain that you own. For example com.domainname.appname. You can choose whatever app identifier you want but should be unique in the App Store.

5. In Capabilities, select Associated Domains and Push Notifications from the capabilities tab. If your app uses NFC, select "NFC tag reading".

6. Click Continue and next Register.

2.2. Generate the first provisioning profile file

1. In Profiles, click on the + button.

2. In Distribution, select App Store and click Continue.

3. Select the App ID created in the "2.1 Create the first identifier" step. Click continue.

4. Fill the Provisioning Profile Name field. We recommend "Main mobileprovision". Click generate. Next download.

Great! 🎉 You already have your first .mobileprovision file. Let's generate the second, we're almost there!

3. Generate the second mobileprovision

Now we need to follow the same steps as for the first mobileprovision but for push notifications.

3.1. Create the second identifier

1. In Identifiers, click on the + button.

2. Select App IDs and click continue.

3. Select App and click continue.

4. Fill the description and Bundle ID:

In this case the Bundle ID should be the same as the first identifier but adding the suffix ".OneSignalNotificationServiceExtension".

So following our previous example the Bundle ID would be com.domainname.appname.OneSignalNotificationServiceExtension

5. In Capabilities, select Push notifications and click continue.

3.2. Generate the second provisioning profile file

1. In Profiles, click on the + button.

2. In Distribution, select App Store.

3. Select the App ID created on the previous step, the one ending with OneSignalNotificationServiceExtension and click Continue.

4. Fill the Provisioning Profile Name. We recommend to use "your app name + OneSignal" and click Generate. Finally download.

Awesome! 🎉 Now you've got all the needed files needed to generate the IPA file.

One more thing

Make sure you have enabled and configured all integrations of your app before generating the IPA file.

Also, we recommend adding an app icon and a splash screen to your app design, since you will need to generate a new build if you haven't. Copy the icon and splash frames from our Bravo Store Assets Kit or from our Figma plugin to your Figma file and design them as you like, then update it in Bravo Studio and you're good to go.

PreviousiOS Publication: Complete Process Next2. Get the IPA

Last updated 5 months ago