Creating iOS certificates for test versions of the app

This article explains how to create the certificates needed to build a test version of the app.

There are two types of Apple Developer programmes you can enrol in: Apple Developer and Apple Developer Enterprise. For the certificates needed to build our apps, you need to enrol in the Apple Developer Program. 

This article explains how to create the following files that you will need to add when building the app.

  • In-House certificate - Apple requests that the apps are signed with a valid in-house certificate. You can sign all your apps with a single certificate.

  • Bundle ID - The Bundle ID is used to identify the app.

  • Provisioning profile - The provisioning profile saves the configuration of the apps for different devices and must be used together with the in-house certificate and bundle ID to sign the app.

The following steps must be performed on a Mac OS machine, as the Keychain application is used to create the certificates. The files will be used in the Sign step while building the app.

Access your dashboard

If you do not yet have enrolled on the Apple Developer Program, please follow the steps in this article.

After enrolling, go to developer.apple.com and sign in by choosing Account on the top menu bar. This will open your dashboard.

Create in-house distribution certificate

To distribute the app within your organisation as a test version, a distribution certificate must be created. This file has the extension .p12 and contains the certificates necessary to sign the app during its construction. This certificate is valid for nine months and can be used for all your apps.

In the section Certificates, Identifiers & Profiles, select Certificates. Click the blue plus button to create a new Distribution Certificate. 

When prompted about the type of certificate you need, choose Apple Distribution in the Software section and click the blue Continue button.

In the next step, you will have to upload a Certificate Signing Request (CSR) file. In this article, you can find how to create this file. Open the Keychain application, available on any Mac OS, and follow the steps described on the page. A file with the extension .certSigningRequest will be saved to your computer.

Upload the generated .certSigningRequest and click Continue. Now your certificate is ready and you can download to your computer a file named ios_distribution.cer. 

Open the ios_distribution.cer file. It will be automatically added to the Keychain application, and you should be able to see it on the list as Apple Distribution: <your Apple account name>. Right-click the row and select Export Apple Distribution: [...]. You can now save a .p12 file to your computer. During the export, you will be asked for a password. If you don't want to set one, you can leave the fields empty and just click OK.

Screenshot 2023-05-17 at 16.00.04

It is good practice to add 'inhouse' at the end of the file name, to easily distinguish the inhouse certificate used for testing from the distribution one used for the App Store. 

The file you downloaded will have to be uploaded in the Sign step while building the app.

Bundle ID

The Bundle ID is used by Apple to identify the app. Each app needs to have a unique Bundle ID.

On the section Certificates, Identifiers & Profiles, choose Identifiers. Click the blue plus button to create a new identifier.

Select App IDs and click the blue Continue button.

In the next step, choose App and click Continue again.

The fields must be filled in as it follows:

  • Description: the name of your app

  • Bundle ID: select the Explicit option. Apple recommends using a reverse-domain name style (for example, if your website is conferences.cc, the Bundle ID should be cc.conferences.myappinhouse. It is good practice to add 'inhouse' at the end of the file name, to easily distinguish the inHouse certificate from the distribution one.

  • Capabilities: The services to be used by the app. You must enable the Associated Domains service. Push notifications are not supported for test apps, so no need to check that.

Click Continue, check all the information entered and then click to Register the app. Now your app should appear on the list of iOS App IDs.

Add test devices

You will need first to add the device(s) you will use to test the app. After that, you will create a provisioning profile that will contain these devices. After building the app with this profile, it can be installed on those devices. If you create the profile before your device registration is complete, you can install the app, but you will get a message on your phone that the app's identity could not be verified when you try to open it.

On the section Certificates, Identifiers & Profiles, choose Devices. Click the blue plus button to add a new device.

To add a new device, you will need to specify a Device Name, and you will need to add its Device ID.

Not sure where to find your device ID? Read this article.

Paste the Device ID on the page to register a new device, name your device and click the blue Continue button.

Review the information you added, and then click Register. Please note that after adding a device, it will get the status Processing in the table. It may take 24-72 hours before the device is registered. Only after that, you will be able to download the new provisioning profile that includes the new test device.

Create provisioning profile

The app needs to be configured to launch on devices and use services. This process is called Provisioning. These configurations are saved in the provisioning profile, which exports to a file with the extension .mobileprovision. This file is combined with the certificates and bundle ID to sign the app.

On the page Certificates, Identifiers & Profiles, select Profiles on the left menu. Click the plus button to create a new provisioning profile.

When prompted about the type of certificate you need, choose Ad Hoc in the Distribution section.

On the next screen, select the App ID that will use the provisioning profile and click Continue.

In the following screen, select the distribution certificate (p12 file) you created earlier. Keep in mind that the certificate selected in this step should be used together with the provisioning profile when building the app.

In the last step, enter a name for the provisioning profile. You can for example use the name of the app, followed by 'inhouse'. Don't use spaces for your special characters in the name.

Click Continue and download the file to your computer. You will need it when building the app.