How to compile an iOS app and create a .pem certificate

3 May 8, 2023

Create the items related to the developer account with which you are going to publish

You have to create a CSR file and an iOS Distribution certificate. And you will be able to use these items for all of the next apps you will have to publish under this developer account ā€“ keep them preciously once created.

The CSR file:

It must be created from the keychain access tool of your Mac. Open it from Applications > Utilities > Keychain Access:

From the menu select ā€œKeychain accessā€ > ā€œCertificate Assistantā€ > ā€œRequest a Certificate From a Certificate Authorityā€:

In the window that opens, enter the email of the developer account (or any other email address, it doesnā€™t have any impact), and enter the name of your developer account, and select ā€œSaved to diskā€:

Save this CSR to your disk, in a folder related to the certificates of your developer account.

Close the window.

The iOS Distribution certificate:

ā€“ Connect at https://developer.apple.com/membercenter/index.action with the developer account

ā€“ Click on ā€œCertificates, Identifiers & Profilesā€

ā€“ Click on ā€œProductionā€ which in the main ā€œCertificatesā€ menu in the menu on the left:

ā€“ Then click on  from the upper right

ā€“ Choose ā€œApp Store and Ad Hocā€ and click on ā€œcontinueā€:

ā€“ Click on ā€œContinueā€ again

ā€“ Sign your iOS Distribution certificate with the CSR file you have created before.

ā€“ Download the iOS Distribution certificate that has been created.

ā€“ Double click on the iOS Distribution certificate (ios_distribution.cer) to add it to the Keychain Access.

Create the items related to the app you are going to publish

The APS Production Certificate:

Thanks to this certificate you will be able to add push notifications, in-app purchase, and other services to your app. In our case, only the push notification service is interesting.

ā€“ Click on ā€œApp IDsā€ from the ā€œIdentifiersā€ menu on the left:

ā€“ Click on  from the upper right

ā€“ Enter your app name, and the bundle id of the app:

ā€“ Go below and select ā€œPush Notificationsā€ in the list of ā€œApp Servicesā€:

ā€“ Click on ā€œContinueā€

ā€“ Click on ā€œRegisterā€ and click on ā€œDoneā€

ā€“ Then in the list, find the app id you have just created and click on ā€œEditā€

ā€“ Go at the bottom and in Push Notifications, in the ā€œProduction SSL Certificateā€ section click on ā€œCreate Certificateā€

ā€“ Click on ā€œContinueā€

ā€“ Click on ā€œChoose Fileā€ and upload the CSR file you have created before for this developer account (the same CSR you have used to create the iOS Distribution certificate for this developer account)

ā€“ Download the Apple Push Services certificate (aps.cer) that has just been created. Store this certificate in a folder related to this app on your Mac.

ā€“ Click on ā€œDoneā€

-Double click on the Apple Push Services certificate (aps.cer) to add it to the Keychain Access.

The Provisioning File

ā€“ click on ā€œDistributionā€ from ā€œProvisionning Profilesā€ on the left menu:

ā€“ Click on  from the upper right

ā€“ Choose ā€œApp Storeā€ under ā€œDistributionā€:

ā€“ Select the app ID of your app, and click on ā€œContinueā€

ā€“ Select the iOS Distribution certificate associated to the CSR you have used to sign the Apple Push Services Certificate you have created just before (it is very important to use the iOS Distribution which has been created with the CSR used to sign the aps.cer of this app. Donā€™t forget it, and donā€™t forget that in case you create a new aps.cer for this app with another CSR you will have to create a new provisionning profile too with the iOS Distribution certificate made with this CSR, and then to publish an update of your app on the App Store).

ā€“ Click on ā€œContinueā€

ā€“ Name the provisionning profile and click on ā€œContinueā€

ā€“ Download the provisionning profile  that has just been created. Store this certificate in the folder related to this app on your Mac, and which contains the Apple Push Services certificate created just before.

Compiling the app

ā€“ Download your iOS source code

ā€“ Unzip the folder and open the .xcworkspace file by double-clicking it

ā€“ Follow this video:

Creating The .pem Certificate

ā€“ Go in the Keychain Access on your Mac

ā€“ From the left menu, select ā€œCertificatesā€

ā€“ In the search bar at the upper right, enter the bundle ID of your app

ā€“ Click on the arrow on the left of your ā€œApple Push Servicesā€ certificate, a private key must be attached under it

ā€“ Select the private key and the certificate

ā€“ Right-click on them

ā€“ Select ā€œExport 2 itemsā€¦ā€

ā€“ Choose your desktop as the destination (it can be another location but you will have to adjust the code we will give you after)

ā€“ Choose a password of your own

ā€“ Open the Terminal console of your Mac (From Applications > Utilities > Terminal)

ā€“ In the Terminal, be sure to be located on your desktop (you must have ā€œDesktopā€ displayed and then your username)

ā€“ Enter this command:

ā€œopenssl pkcs12 -in Certificates.p12 -out certificat.pem -nodes -clcertsā€

(If the terminal answers that there is no file named ā€œCertificates.p12ā€, go on your desktop and check what is the name of this certificate .p12, and enter this name rather than Certificates.p12 in the command line)

ā€“ Enter the password you have used just before to export your certificate on your desktop

ā€“ On your desktop you have now two certificates: a Certificates.p12 and a certificat.pem.

ā€“ Move these files to the folder of your app on your Mac (with the provisionning profile and the aps.cer)

Send us the certificat.pem file upon request.

IMPORTANT NOTE:

Your .pem certificate must be well created and must contain 4 sections:

ā€“ friendlyName: Apple Push Services

ā€“ friendlyName: iPhone Distribution

ā€“ And then two sections about keys with ā€œKey Attributes: ā€

If your .pem doesnā€™t contain these sections that means you have missed something and it will not work.