NOTE: This blog uses Keychain Access from Mac. Other OS will have different steps that are not covered here.
Sometimes our clients have an idea for an application and want to create an MVP in order to test it on the market. In most cases, they want to use their Individual Apple account instead of an organizational one since they don’t have an Apple Organization account.
In this blog, I’ll show you how to distribute an iOS application to Testflight or App Store using a client’s individual accountby creating and managing certificates and provisioning profiles.
What’s the difference between Organizational and Individual accounts?
When the clients have an organizational account, they cancreate users with the ability to create and manage Distribution and Developer certificates. With anIndividual account, only the owner is allowed to create the certificates, identifiers, and profiles, unless they have prior knowledge about this topic, the distinction can throw off clients.
Why should I care aboutcode signing certificates?
Code signing, certificates, and provisioning profiles can be confusing for anybody unfamiliar with handling them. They were a bit confusing for me when I first started in the mobile development world.
Apple offers excellent documentation for everything you need, but when it comes to certificates and distribution to the Apple Store, things can get tricky.
All iOS applications must be built by trusted developers (Apple Development Certificate) and distributed by trusted companies (Apple Distribution Certificate). Code signing is the process of digital signing that guarantees the code was built by the author and has not been changed or corrupted since it was signed.
We can not install or distribute an app using only certificates, which is whyProvisioning Profile rocks at helping us finish the job.
It’s a bundle that contains a set of development or distribution Certificates, Unique Device Identifiers, and an App ID.
The devices specified in the Development Provisioning Profile can be used for testing, but only by those individuals whose Development Certificates are included in the profile.
The Distribution Provisioning Profiles don’t specify any Device IDs, whichis what we will use to distribute our application on the AppStore.
I highlighted distribution and development words to avoid confusion between those different types of Profiles.
How do you generate the certificates for a developer using a client’s Individual account?
There are a few prerequisites that you and your client need to completein order to distribute the app.
Have an Individual Apple developer account
A Macbook computer
Have the XCode IDE installed on your Mac
Have an Apple developer account associated with the client account
What will we do?
Create a Certificate Signing Request (CSR)
Create an Apple Distribution Certificate
Create or update the app identifier (bundle id)
Create an AppStore Distribution Provisioning Profile
Associate the Provisioning Profile to XCode
1. [Client] Certificate Signing Request (CSR)
Let’s create a Certificate Signing Request from the Keychain Access Application. This will create a certSigningRequest file. Once Apple approves the request, it will issue a certificate for you.
Open the Keychain Access app
Go to Certificates Assistant -> Request a Certificate from a Certificate Authority
This will show up the Certificate Assistant wizard
Put your email address and your name, and select the “Saved to disk” option, then press continue
Give it a certificate name and save it in your drive
Create a new identifier by pressing “+” button or choose one (ask your developer to know which one you should choose) from the list if you already have one
If you create one, select App IDs and Continue
Then, select an “App” type
Now add a description and a Bundle ID (it should be in reverse-DNS format) Note: You will get to this screen if, instead of creating a new identifier, you chose onefrom the list.
Ensure you have checked all capabilities you need before “Continue” or “Save” the identifier. Note: Ask your developer about which capabilities will use the app. For this example let’s say we will implement push notifications
“Save” (If you update one) or “Continue” and then “Register” (If you create a new one)
4. [Client] Now, let’s create the Distribution Provisioning Profile
We already have our Distribution certificate created, so now, we should return to the Apple Developer account and then go to Certificates, Identifiers & Profiles -> Profiles or quick link to Profiles
Click on “+” button
Select App Store in the Distribution section
On the next screen, select the App ID we created above (In this example: com.myawesome.app) Note: App Store requires an explicit App ID.
Then, click on Continue
Select the certificate you created in the previous step and press Continue. Note: If there are multiple distribution certificates listed, look at the date, which should be the day you create the certificate + 1 year (today + 1 year), and press Continue.
Give a name to your provisioning profile and click Generate
You will be redirected to a new page where you can download the Provisioning Profile (.mobileprovision) file
Download it toyour drive
Now you can take the .p12 file created above (along with the password you created for it) and the .mobileprovision file and give them to your developer.
Important note: Those files should be given to your trusted developer and kept safe at all times.
5. [Developer] Import the Certificate and Provisioning Profile to XCode
Once both files are downloaded, add your .p12 certificate to your Keychain Access app by opening it, then enteringthe file password
Finally, on your XCode app, select your app under Targets -> Signing & Capabilities -> Release
Ensure “Automatically manage signing” is unchecked
Select “Import Profile” in the Provisioning Profile dropdown, and open the .mobileprovision file
Now you will be able to archive and upload the app to AppStore Connect
XCode will use the Provisioning Profile and Certificate to code sign and upload the app
Code signing and provisioning profiles are someof the most complex things an iOS developer has to deal with.
The process for organizational accounts is transparent for the developer since XCode generates a distribution certificate and provisioning profile on the fly when you create a bundle on the archive process.
Unfortunately, it is not so easy when we are not the owner of the application that we want to publish.
Although all of this effort is very tedious for the developer and even more for the client, it will keep our applications highly secure and clarify who is the application’s owner, and who is its developer.
If you found this blog insightful and want to learn more, please do no hesitate to reach out
GoGrow is a software agency that designs, builds, and delivers impactful products while joining our clients' teams to help drive their visions. Hire high-quality, vetted engineers from Latin America to lead your businesses toward technological growth through impactful software and strong partnerships.