Tag Archives: certificate

Create Mobile Provisions and P12 files without a Mac for Cloud Build Services

02 Aug 2016

There are many Windows developers who want to create iOS apps but do not want to make the investment into Apple hardware – one way around it is to virtualize OSX which works OK if your intent is to use Xcode. The other option is the situation where you are planning on using cloud services to build a hybrid app. The great thing about building in the cloud is that you don’t have to have Apple hardware to do so. A barrier that you’ll encounter very quickly is that you need two files to build in the cloud: 1) a Mobile Provision File and 2) a P12 file.

NOTE: Some cloud build services don’t submit the app for you (i.e., PhoneGap Build) while others do (i.e., Ionic’s app workflow). In the former case a Mac will be needed to upload your distribution IPA (your compiled app) to Apple. The instructions on this page will allow you to create files for development and production purposes without needing a Mac.

Being a Windows guy (and to be honest, an Android one as well) that didn’t help me much until I realized that I could do everything without a Mac using OpenSSL.

What follows are all the steps that anyone will need to be able to use a cloud build service to build a hybrid PhoneGap app for both development and distribution.

As a bonus this article wraps things up with instructions on how to use the Application Loader to upload and then submit your app to the App Store.

Install Open SSL

To begin, download and install these two pieces of software:

Install the Microsoft product first, then install OpenSSL.

Add OpenSSL to Your Environment Path

I tried to add the c:\OpenSSL-Win32\bin folder to my environment path but had some issues with it. In the end what I did was to execute everything within the bin folder (as described below) and created a naming convention so that all of the files that I created would stay grouped together at the top of the folder. Specifically, since I was creating everything for development purposes, I used the “_dev” prefix. When I was done it was easy to see all the files.

Well, that was my personal preference – you can come up with your own naming conventions…

Create a Certificate Signing Request

If you installed OpenSSL to its default location then navigate to:

  • C:\OpenSSL-Win32\bin

Once in that directory press SHIFT and RIGHT-CLICK in the Explorer window showing that directory. A menu will appear – click on “Open command window here”.

Your currently using the Windows command prompt, type the following and press “enter” to switch to the OpenSSL prompt:

  • openssl

You will get a warning message when you do this, below is an example of typing in the openssl command and the result:

C:\OpenSSL-Win32\bin> openssl
WARNING: can’t open config file: /usr/local/ssl/openssl.cnf

The warning is normal and can be ignored. Enter the following command to create a key substituting the name of the key for your desired key name.

  • genrsa -out mykey.key 2048

Next use this command to create your CSR (Certificate Signing Request), be sure to replace the email, name, etc with the proper values:

  • req -new -key mykey.key -out mycertificate.csr -subj “/emailAddress=your@address.com, CN=Joe Smith, C=US” -config “openssl.cfg”

All done, your CSR is in the bin directory. If you followed the above instructions verbatim then your file is called mycertificate.csr. Below is a screen capture of the above console steps.


Next you need to upload your CSR to the Apple Developer Portal.

Login, click “All” under the “Certificates” heading and then click the “+” (plus) button to begin the upload process. Click continue/next, etc until you see this screen:


Upload your CSR. If successful you will see the next image. If not then recreate your CSR and try again.


Click the “Download” button to download the “ios_development.cer” file <<< make note of this file as you will need it in a moment. Move this file to the c:\OpenSSL-Win32\bin directory if you are executing your OpenSSL commands from that location.

Add Devices

Before you create a Mobile Provision: In order to be able to install your app on to development devices you need to register them in the developer portal. Again, within the Developer portal click the “All” link under the “Devices” category and then enter the desired name of the device and its UDID.

Create a Mobile Provision file

This time in the Apple Developer Console click “All” under “Provisioning Profiles” then:

  1. Click the “+” icon
  2. Select the appropriate type of provision – in my case it is “iOS App Development”
  3. Click “Continue”
  4. Select the appropriate App ID
  5. Click “Continue”
  6. Select the appropriate Certificate
  7. Click “Continue”
  8. Select the development devices that you want to work with your profile
  9. Click “Continue”
  10. Give your profile a name
  11. Again, click “Continue”…

The provisioning profile has been created, download it and keep it in a safe place as you will need to upload it to your cloud build service (1 of 2 files that you need for that purpose).

P12 Certificate

Along with the Mobile Provision file the P12 (also known as a PFX) is provided to cloud build services to build your iOS app. A P12 is a combined format that holds both the private key and the certificate.

Before you can create the P12 file you have to convert the certificate that Apple provides you after you’ve uploaded the CSR to a PEM file.

To convert the Apple-provided “CER” file (previously referred to as the “ios_development.cer” file) to a PEM:

  • x509 -in ios_development.cer -inform DER -out developer_identity.pem -outform PEM


  • ios_development.cer is the CER file you downloaded from Apple
  • developer_identity.pem is the desired name of your PEM file

When you issue the above command you will have a “PEM” file in your bin folder. Next you’ll convert that to a P12/PFX using this command:

  • pkcs12 -export -inkey mykey.key -in developer_identity.pem -out my_p12.p12


  • mykey.key is your key file
  • developer_identity.pem is the PEM file created in the previous step
  • my_p12.p12 is the desired name of your P12 file

Note that:

  • You will be asked for the “Export Password” when creating the P12
  • You will be asked to verify the password

Look for your P12 in the bin folder. That file along with your Mobile Provision file are the files your cloud build service will need to compile your apps. Also, take this moment to write down the password you used for your P12!!

Creating an App Store Production Certificate & Provisioning Profile

PhoneGap Build does a great job of creating IPA’s that you can side-load via iTunes to your i-device. Eventually you’ll be ready to submit your app to the App Store. To do so you repeat the steps that you took to create all the needed files for development, just be sure to choose options relevant for submission to the App Store.

As an aside, Ionic’s workflow now includes direct submission of your apps to the Apple App Store – no Mac needed! In the scenario described in this blog post, however, you **do** need a Mac to submit your app. I recommend finding a friend with a Mac instead of shelling out $$$ to buy one. Or if you’re the adventurous type go ahead and check out Ionic.

Back to the topic at hand – you will *** REPEAT *** all the steps above and only change a couple of things. You will choose options specifically for distributing your app. These two differences are described in the next two sections.

Create App Store Distribution Certificate

As before, follow the same process for creating the Certificate. There is one key difference – you will choose the “App Store and Ad Hoc” option as noted in these steps:

  1. Log into the Apple Developer Portal
  2. Click “Certificates, Identifiers & Profiles”
  3. Click the “+” icon
  4. The “What Type of Certificate do you need?” screen appears. Under the “Production” heading choose “App Store and Ad Hoc
  5. The next screen is titled “About Creating a Certificate Signing Request (CSR)”. Click the “Continue” button
  6. The next screen is titled “Generate Your Certificate” – on this page you will upload the CSR that you created earlier. Go ahead and upload and the Distribution Certificate will be created. Download it and keep it in a safe place.

Create a Distribution Provisioning Profile

Again, you’ve already done this for your development files – repeat them here but choose “App Store” where appropriate:

  1. Log into the Apple Developer Portal
  2. In the left column under “Provisioning Profiles” click on “Distribution”
  3. Click the “+” icon
  4. This page is titled “What type of provisioning profile do you need?” – choose “App Store“, then click “Continue”
  5. The next screen is the “Select App ID” screen. Choose the bundle identifier relevant to your app then click “Continue”
  6. The next screen is titled “Select certificates” – choose the certificate that you created previously. Click the “Continue” button
  7. Next is the “Name this profile and generate” screen – give the profile a meaningful name then click “Continue” to generate your Distribution Provisioning Profile

Build the Production IPA in the Cloud

Log into PhoneGap Build, add your new files (select “Add a key” in the iOS “key” drop down list) and do a build against it. Since the files you are providing are distribution files you will automatically get a distribution IPA as a result. Download the production-ready distribution IPA to the Mac that you will use to submit your app to the App Store.

Upload Your Distribution-Ready App to the App Store

On the Mac make sure that Xcode is installed then start the Application Loader – in the screen shot below I typed “Application Loader” into the finder to locate the application.


Enter your Apple ID and Password:


Click “Choose” and browse for your Distribution-ready IPA file:


Once your app is checked for conformance to submission rules you will see the “Deliver Your App” window. Click the “Next” button to submit the app.


The “Deliver Your App” window appears where you can see the progress of your app while it is being submitted to the App Store. To view details of the process click the “Activity” button. Otherwise, just sit back and be patient.


The deliver your app screen appears, click “next” to deliver your app. The process took about 2 or 3 minutes for my app to get through the submission process before I was finally greeted with this screen:


Click the “Next” button to see the “Thank You” screen:


Submit Your App to the App Store

You must add a new app to the iTunes Connect Portal, including all the needed information, screen captures, icon art, etc before you can submit your app to the App Store. Once you have that done, then you can submit your app using the following steps.

  1. Log in to iTunes Connect.
  2. Click “My Apps”
  3. Click your app to view its details
  4. Click on “Prepare for Submission”
  5. Click “Build” to select your build
  6. Select the build from the list that appears
  7. Click the “Save” button
  8. Click “Submit for Review”

Generating A Certificate in Tizen

06 Nov 2013

One of the very first things you will need to do when creating your Tizen app is to generate a certificate so that you can sign the app and thus be able to publish and run the app in the Tizen Simulator.

There are 2 ways to create your certificate, the method I’m describing below uses the certificate generator tool via it’s command line interface. I will assume that you have already installed the Tizen IDE.

Navigate to the Tizen IDE’s install folder and go to tools/certificate-generator/. Once you are looking at the contents of that folder hold the SHIFT key and RIGHT-CLICK on the folder – a menu appears and among the options is to “Open command window here” – click that option.


Next enter the name of the certificate generator: “certificate-generator.bat”. You will then be asked a number of questions – most are optional and are indicated as such. You can just hit the “enter” key to skip by them…

Soon you will hit some required fields, they are:

  • Please enter password for pkcs12 format key certificate

    • Enter a password that you’ll remember
  • Please enter alias for generated pkcs12 structure

    • An alias for your file – fro example, the name of your app – no spaces all one word
  • Please enter the file name for storing pkcs12 file (*.p12)

    • Choose a file name, a good convention is to use the same text that you entered for your alias

The certificate generator tool creates your p12 file and tells you where it is, for example “c:\tizen-sdk-data\keystore\author\SOMETHING.p12”. Note that on my computer the “c:\tizen-sdk-data” directory was hidden so you may have to manually enter the path or change your folder settings to reveal hidden files.

Next you need to import it into the Tizen IDE:

  • Switch to or launch the Tizen IDE
  • Go to Window…
  • Preferences…
  • Tizen SDK…
  • Secure Profiles


On this screen click the “Add” button to add a new profile – to keep things simple re-use the alias that you entered when creating your certificate.


Under “Author Certificate” click the “edit” button. The Certificate Editor window appears – locate your p12 file (as mentioned above the “c:\tizen-sdk-data” is a hidden directory so either manually enter the path or change your system settings to show hidden files/folders).


Once you’ve entered the path to your certificate and have entered the password click “apply” and then “OK”.


All content © 2012-2017.