Thursday, July 28, 2011

Process for creating Certificates and Provisioning profiles - iOS APP

1. Create certificate from Keychain Access Application in Mac OS X 
To request an iOS Development Certificate, you first need to generate a Certificate Signing Request (CSR) utilizing the Keychai Access application in Mac OS X Leopard. The creation of a CSR will prompt Keychain Access to simultaneously generate your public and private key pair establishing your iOS Developer identity. 
Your private key is stored in the login Keychain by default and can be viewed in the Keychain Access application under the ‘Keys’ category. To generate a CSR:
  1. In your Applications folder, open the Utilities folder and launch Keychain Access.
  2. In the Preferences menu, set Online Certificate Status Protocol (OSCP) and Certificate Revocation List (CRL) to “Off”.
  3. Choose Keychain Access -> Certificate Assistant -> Request a Certificate from a Certificate Authority. Note: If you have a noncompliant private key highlighted in the Keychain during this process, the resulting Certificate Request will not be accepted by the Provisioning Portal. Confirm that you are selecting “Request a Certificate From a Certificate Authority...” and not selecting “Request a Certificate From a Certificate Authority with <Private Key>…”



  1. In the User Email Address field, enter your email address. Please ensure that the email address entered matches the information that was submitted when you registered as an iOS Developer.
  2. In the Common Name field enter your name. Please ensure that the name entered matches the information that was submitted when you registered as an iOS Developer.
  3. No CA (Certificate Authority) Email Address is required. The ‘Required’ message will be removed after completing the following step.
  4. Select the ‘Saved to Disk’ radio button and if prompted, select ‘Let me specify key pair information’ and click ‘Continue’.


















  1. If ‘Let me specify key pair’ was selected, specify a file name and click ‘Save’. In the following screen select ‘2048 bits’ for the Key Size and ‘RSA’ for the Algorithm. Click ‘Continue’.


  1. The Certificate Assistant will create a CSR file on your desktop.


















2. After creating certificate upload it for approval
  1. After creating a CSR, log in to the iOS Provisioning Portal and navigate to ‘Certificates’ > ‘Development’ and click ‘Add Certificate’.
  2. Click the ‘Choose file’ button, select your CSR and click ‘Submit’. If the Key Size was not set to 2048 bits during the CSR creation process, the Portal will reject the CSR.
  3. Upon submission, Team Admins will be notified via email of the certificate request.
  4. Once your CSR is approved or rejected by a Team Admin, you will be notified via email of the change in your certificate status.


3. Waiting for approval
Team Agents and Team Admins have the authority and responsibility to approve or reject all iOS Development Certificate requests. In order to approve/reject Team Members’ requests, all Team Admins should first submit their own CSR for approval.
  1. After submitting a CSR for approval, Team Admins will be directed to the ‘Development’ tab of the ‘Certificates’ section. Here, CSRs can be approved or rejected by clicking the corresponding action next to each request.
  2. Once a CSR is approved or rejected, the requesting Team Member is notified via email of the change in their certificate status. Each iOS Development Certificate is available to both the Team Member who submitted the CSR for approval and to the Team Admin(s).


4. Downloading approved certificate

  1. In the ‘Certificates’ > ’Distribution’ section of the Portal, control-click the WWDR Intermediate Certificate link and select “Saved Linked File to Downloads” to initiate download of the certificate.
  2. On your local machine, double-click the WWDR Intermediate certificate to launch Keychain Access and install.
  3. Upon CSR approval, Team Members and Team Admins can download their certificates via the ‘Certificates’ section of the Provisioning Portal. Click ‘Download’ next to the certificate name to download your iOS Development Certificate to your local machine.
  4. On your local machine, double-click the downloaded .cer file to launch Keychain Access and install your certificate.
  5. Team Members can only download their own iOS Development Certificates. Team Admins have the authority to download the public certificates of all of their Team Members. Apple never receives the private key for a CSR. The private keys are not available to anyone except the original key pair creator and are stored in the system keychain of that Team Member.


AFTER CERTIFICATE DOWNLOADING PROCESS

1. Create a provisioning profile

  1. In the ‘Provisioning’ section of the Portal, Team Admins should click 'Add' on the Development tab.
  2. Enter a name for the provisioning profile.
  3. Specify which devices will be associated with the provisioning profile. You must specify a device in order for that device to utilize the provisioning profile. If a device's UDID is not included in the provisioning profile the profile and your application cannot be installed on that device.
  4. Specify which iOS Development Certificates will be associated with the provisioning profile. You must specify an iOS Development Certificate in order for the application code signed with that same certificate to run on the device.





  1. Specify a single App ID for the Development Provisioning Profile. Each Development Provisioning Profile can specify only ONE App ID, therefore, if you have applications requiring different Keychain access, you will need to create a separate Development Provisioning Profile for each of those applications. If you are installing a suite of applications with the same required Keychain access or have a set of applications not requiring access to the Keychain, use an App ID containing the wild-card asterisk character to build all of your applications.
  2. Click ‘Submit’ to generate your Development Provisioning Profile.









2. Download the provisioning profile and drag into Xcode


LOST PRIVATE KEY FOR IPHONE DISTRIBUTION CERTIFICATE

Revoke your current certificate, wait a few seconds and refresh the page and you should see a button "Request Certificate". You'll have to follow the Certificate Signing Request instructions again, and upload the .csr file. You'll then have to wait for your Team Administrator (could well be you) to Accept the new certificate before downloading it and installing in your KeyChain.
You'll have to create a new provisioning profile for the App, using the new certificate.


CODE SIGN ERROR: PROVISIONING PROFILE (******-****-***) NOT FOUND

Right click on .xcodeproj, basically its a directory and inside xcodeproj open .pbxproj extension file with any text editor
Search for String  "PROVISIONING_PROFILE" or "PROVISIONING_PROFILE[sdk=iphoneos*]"  
Replace Old Provisioning Identifier with new one.
Its happend because Sometimes our xcode project file gets messed up, especially if we have an old project and first created it with an older version of xcode/iphone sdk.

PROVISIONING_PROFILE = "487F3EAC-05FB-4A2A-9EA0-31F1F35760EB";
"PROVISIONING_PROFILE[sdk=iphoneos*]" = "487F3EAC-05FB-4A2A-9EA0-31F1F35760EB";