KISS

Keep It Simple Stupid

Some grumble about iOS developer credentials

| comments

Update on 2013-08-31: copied the CSR generating instruction below, just in case.

I believe setting up keys, certificates, and profiles of all kinds for iOS development is the most complicated part of all the development. And if you thought that would need to be done once, then no. Actually, you’ll have to renew your certificates and profiles every year.

To sign your apps, you should have your own developer certificate. You generate a CSR (Certificate Signing Request) with the Keychain Access app, then it’s approved on the developer portal, and you get your certificate. But: by default, every time you generate a new CSR, Keychain creates a new private/public keypair, which in turn invalidates your credentials in provisioning profiles. They have to be regenerated as well.

Xcode is supposed to simplify some of the steps, but in fact complicates the process more. The iOS Development Team provisioning profile (apparently, managed by Xcode itself) was pending in Xcode and portal for about 15 minutes, and I couldn’t do anything with it. The issue resolved itself, but I don’t like this “it should work, and you should wait” approach.

On the other hand, I understand Apple and its desire to control and manage as much as possible. It does try to secure a lot of information and make developers use secure connections, which is good. I don’t think the situation with the developer credentials will drastically change any time soon.

What you and I should take from this post is at least this link: how to reuse private key for CSR. It’s a little bit more complicated process of generating a new CSR from your existing private key, but it will save you lots of time and nerves later. Here’s a copy of the instruction from StackOverflow:

First, you need to export your private key from the keychain as a p12 file.

  1. Open keychain and select your private key
  2. Right-click and select “Export”
  3. Use a p12 file type
  4. Enter a password to export.

Run the following openssl command to convert your password-protected p12 file to a pem. openssl will prompt for the password you used when exporting it.

1
openssl pkcs12 -in your_newly_exported_p12_file.p12 -out your_newly_exported_p12_file_as_a_pem.pem -nodes

Run the following command on your pem file to generate the csr.

1
openssl req -new -key your_newly_exported_p12_file_as_a_pem.pem -out your_csr_to_submit_to_apple.csr

iOS

Don't hesitate to leave a comment below. NB! If you don't see a comment form under the post, it's most likely that an extension (such as Ghostery, NoScript, or AdBlock) of your browser blocks the scripts from disqus.com, and you can unblock that.

« Waking up with math Simple concurrency example in python »

Comments