2. Generate Certificates, AppIDs and Provisions

Generate the Certificates, AppIDs and Provisions

Apple requires signing the IPA file with a certificate to be able to install it on devices, so signing the app is a requirement to distribute the app using Testflight, to upload it to the App Store or to distribute it using another method. To be able to get our package signed, we will need to generate first some files.
We will access the Apple Developer Portal with our credentials, and follow the instructions to generate three files (one certificate and two provisions), we will follow the steps to create the necessary files for the Appstore Distribution.
👉 We will need to generate three files:
  • One Certificate
  • Two App Identifiers, also called Bundle IDs or App IDs
  • Two MobileProvision files
If you already had a certificate created, you will need to be sure it's a .p12 file and that you remember the password. If you don't remember the password or missed the *.p12 file, you can export it again from the Keychain Access app using these steps​
Keep your .p12 certificate file if you are planning to publish more than one app. It is recommended to use the same .p12 file for all of your apps under the same developer account.

Generate the certificate

1. Go on Certificates, Identifier & Profiles on your developer space on the left-hand menu of the Apple Developer Portal.
2. In Certificates, click on the + button.
3. In Software, select iOS Distribution (App Store and Ad Hoc).
4. Click on Continue. You are asked to upload a CSR (Certificate Signing Request).

Generate the CSR

From Mac

1. Open the Keychain Access. It's in the folder Applications and Utilities
2. On the upper menu, select Certificate Assistant -> Request a Certificate From a Certificate Authority.
3. Enter you email address in User Email Address, your name in Common Name and leave the CA Email Address field blank.
4. Select Saved to disk.
5. Click continue and Save the file.

From PC

1. Install OpenSSL on your desktop. Download and run Win32 OpenSSL Light (or Win64 OpenSSL Light). The wizard will ask you to select where OpenSSL should be installed. Keep the default location set to C:\OpenSSL-Win32. Additionally, when prompted, instruct the installer to copy OpenSSL's DLLs to The Windows system directory.
2. Open a command prompt window.
3. Get access to OpenSSL's bin file with this command:
cd C:\OpenSSL-Win32\bin
4. Now create a private key by entering:
set RANDFILE=.rnd
5. Followed by:
openssl genrsa -out mykey.key 2048
6. The mykey.key is sent to OpenSSL's bin file.
7. Using your private key you can now create the CSR file. To do this, a command with the following format is required:
openssl req -new -key mykey.key -out CertificateSigningRequest.certSigningRequest -subj "/[email protected], CN=John Doe, C=US"
You will need to make some changes when typing the preceding command into the command line. Replace the e-mail address and certificate name with the same e-mail address and name you enrolled within the iOS Developer Program. Also, if you live outside the United States, you will need to edit the country code.
A CSR file named CertificateSigningRequest.certSigningRequest will be created and sent to bin folder.

Download the certificate

1. Go back to the Apple Developer Portal, click Choose File and select the generated CSR.
2. On the Download Your Certificate screen, Click Download.

Register the first identifier

1. In Identifiers, click on the + button.
2. Select App IDs and click Continue.
3. Select Type App and click continue.
4. Enter a short description and fill the Bundle ID.
The naming recommendation is using an inverse domain that you own. For example com.domainname.appname. You can choose whatever app identifier you want but should be unique in the App Store.
5. Select Associated Domains and Push Notifications from the capabilities tab.
6. Click Continue and next Register.

Generate the first provisioning profile file

1. In Profiles, click on the + button.
2. In Distribution, select App Store and click Continue.
3. Select the App ID created in the "Register a new identifier" step. Click continue.
4. Fill the Provisioning Profile Name field. You can use your app name. Click generate. Next download.

Generate the second identifier (for push notifications)

1. In Identifiers, click on the + button.
2. Select App IDs and click continue.
3. Select App and click continue.
4. Fill the description and Bundle ID.
In this case the Bundle ID should be the same as the first identifier but adding the suffix ".OneSignalNotificationServiceExtension". So for our previous example the Bundle ID would be com.domainname.appname.OneSignalNotificationServiceExtension
5. In capabilities, select Push notifications and click continue.

Generate the second provisioning profile file

1. In Profiles, click on the + button.
2. In Distribution, select App Store.
3. Select the App ID created on the previous step, the one ending with OneSignalNotificationServiceExtension and click Continue.
4. Fill the Provisioning Profile Name. We recommend to use "your app name + OneSignal" and click Generate.

Get the p12 certificate file

We finished generating the needed files, now let's configure the ios_distribution.cer. To start double click on the certificate (ends with .cer) and click on Add, so it gets installed in our Mac Keychain. (This popup could be shown or could be added automatically to the Keychain app)
Now the certificate has been installed on your computer, we will need to export it so it can be used it later to sign the app.
But first install the Apple certificate "Apple Worldwide Developer Relations Certification Authority", the one that expires in 2030. You can find it here in the Intermediate certificates section at the bottom of the page.
Next, we open the Keychain Access, you can find it in the folder Utilities inside the folder Applications in your computer.
Now you need to locate the Certificate we just installed, select login at the top left and select My certificates at the bottom left and all the certificates installed in your computer should appear.
Look for a certificate named iPhone Distribution, click on it with the right button (be sure the certificate is folded when selecting it, as we want to export the cert and the key) and choose the Export option. Click the Save button on the dialog.
If you don't see the Export option, try unselecting the folder and selecting it again.
⚠️ A dialog will appear asking for a password (p12 files can be protected by an optional password). Add a password if you want, or leave it blank, but make sure you remember it later.⚠️ (it's the most common cause for a failed app build request)
If you are having build issues, you can create another certificate without a password. Also, please review that all of your files and text have the correct or matching spelling.
Just after, another password dialog will appear. This time it is for your computer account password, to allow the exporting of the certificate.
Now you've all the needed files to add in the Bravo publication form, fill in the requested information and you will get your IPA ready for publication!

⚠️ Before requesting the IPA

Review and make sure you have set up all needed files for your app, for example, If you are using Firebase login or Notifications, get all files ready for the Live app version.
Also, we recommend adding an app icon and a splash screen to your app design, as is not possible to change it once the IPA is generated. Copy the icon and splash frames from our Bravo Store Assets Kit to your Figma file and design them as you like, then update it in Bravo Studio and you're good to go.