Use of iOS development certificates and configuration files

hint: before just based on the online process completed the iOS project release process, for the certificate and configuration file is still confused, here refer to other people's articles, simple to understand, after all, after all use.

Here are a few questions:

• What is an iOS certificate, and how is it associated with an app app?
• What is the difference between an iOS development certificate and a production certificate, and how is it used?
• What is the relationship between the certificate and the configuration file (Provisioning Profiles), and how does the configuration file work in Xcode?
• How does the certificate and configuration file apply?
• What is a key Pair (public/private)? How do I associate with a certificate?
• What is the role of signature?

1. Preparatory work:

If you want to develop iOS, here are some things to start with:

1.1 Apple Development Account first (Apple Developer acount)

• Only the developer account can apply for the development/release of the certificate and the corresponding configuration file.
• Developer Account $299 Two types of personal or company developer accounts and enterprise developer accounts.

1.2 To perform a real-machine debug, you must have at least one Mac computer. 2. Sign in to iOS Dev Center

If you already have an Apple developer account, sign in to the Apple Developer Center to request a development certificate.

Go to the Certificate Request screen:

From the above you can see four key things: Certficates (certificate), Identifiers (identifier), Devices (device), Provisioning Profiles (Provisioning profile), we introduce each of these four.

2.1 Identifiers (identifier)

Identifiers is an identifier, equivalent to an identity card, used to create the following three IDs:

• APP IDs
• Pass Type IDs
• Website Push IDs

2.1.1 About app IDs

Where the app ID is the unique identifier of the app:

• The App ID and bundle Identifier in Xcode are consistent (Explicit) or matched (Wildcard).
• The APP ID string is usually prefixed with company Identifier (Reverse-domain-name) in the reverse Domain name (*. prefix/seed) format, typically no more than 255 ASCII characters
• Users can register (register) or delete (delete) Registered app IDs on the developer Membercenter website.

2.1.2 Create App ID

Under the "Identifiers" column, select "app IDs" to see all of the app IDs and click "+" on the right.

Enter the Register IOS app ID interface and type the name in the "name" entry under the "APP ID Description" field

Fill in the bundle ID:

• Enter the app ID in the Bundle ID entry under the Explicit app ID field (anti-domain format, such as Com.company.test)
• The "bundle ID" here corresponds to "bundle identifier" in XOCDE.
• Explicit App ID: A unique app ID that uniquely identifies an application. For example, the app id "Com.apple.garageband", which identifies the app with bundle identifier as "Com.apple.garageband".
• Wildcard App ID: an app ID with a wildcard that identifies a set of programs, such as "Com.apple" (which is actually application Identifier Prefix) for all applications, and "Com.apple." can represent bundles Identifier with "com.apple." Start (apple) for all applications.

Under the App Services bar, select the service you want to use for your app (if you want to use the push feature, check "Push Notifications").

Click on Continue-click Submit-click Done, apply for "App IDs" to complete, click on all IDs to view the ID of the request, click on the ID

Click Edit to make edits to the app ID.

2.2 Certificates2.2.1 Description

iOS certificates are digital certificates used to certify the legality and completeness of iOS app content (executable code). For applications that want to be installed to a real machine or published to AppStore, only signature verification (Signature Validated) ensures that the source is trustworthy and that the app content is intact and unaltered.

• A digital certificate is a file that is digitally signed by a certificate authority that contains public key owner information that has a public key. be effective only for a specific period of time.
• There are two types of iOS certificates: development certificates and production certificates. Development certificates are used to develop and debug applications and can be used for online debugging. The production certificate is used to publish the application.

2.2.2 Generating a certificate request file (CSR)

You can request a certificate from a certification authority through the Keychain (Keychain) certificate assistant. When you add a certificate (certificates) to iOS Dev Center, you need to upload the CSR file.

Open Keychain (Keychain), click menu Bar "Keychain Access"-"certificate Assistant"-"Request certificate from Certification authority"

Fill in the developer account email and common name, tick "save to disk"

After you continue and select a storage location, keychain will generate a CSR (Certificate Signing Request) file that contains the developer identity information. At the same time, KeyChain Access-keys (key) adds a pair of public/private key pair.

• Private key: Always saved in keychain access in Mac OS, used to sign externally published apps
• Convention: Generally with the certificate walk out, the app signature verification certification.

2.2.3 Application Certificate

Go to iOS Dev cneter, click "Certificate"-"All", click on the upper right Corner "+" (You can also click "Certificate" under the "development" or "Production", directly choose to apply for development certificate or production certificate), Enter the following interface:

Select the development certificate or production certificate, here, take the production certificate as an example, continue:

Select the app ID, which is the app ID we created in "Identifiers", to continue:

Here is how to generate a certificate request file, which is the. certsigningrequest file that we generated in the 2.2.2 generate a certificate request file (CSR), and then continue:

What you need to add here is the certificate request file (CSR) that you generated, "Choose file" Select the generated. certsigningrequest file, click "Generate", apply for development certificate completion, apply for production certificate similar, here no longer repeat.

We can either click "Download" to download the development certificate, or view the certificate in "certificates"-All and download or delete it.

We download the certificate, then we need to double-click the import keychain (KeyChain access) and then you can view it in KeyChain Access-Certificate:

Expand the arrow in front of the installed certificate (ios_development.cer) to see its corresponding private key, and in Keychainaccess-key, expand the arrow in front of the private key in the key pair that was generated when the CSR was created, and you can find the certificate that contains its corresponding public key.

2.2.4 Exporting certificates

Open Keychain Access, select the certificate to install successfully, and right-click the export:

Enter first name, default format is. P12 type, select "Save"

Set the password and click "OK"

2.3 Devices

• Device refers to devices that run iOS systems for developing debugging apps, each Apple device uniquely identified using Udid.
• Udud access to the equipment.
• The development profile (Provisioning Profiles) must be bound to the device, so you must add a debug device before you request a development profile

2.3.1 Adding a debug device

Go to iOS Dev Center, select "All" under "Devices" to see all the added devices, and click "+" in the upper right corner to add a new debug device:

Enter "Name" and UDID (viewable in Xcode or itunes) to continue

After confirming the information, click Register to complete the Add.

2.4 Provisioning Profiles2.4.1 Concept

The Provisioning profile contains all of the above: certificate, App ID, device, suffix. mobileprovision

• A provisioning profile corresponds to an explicit app ID or WildCard app ID.
• Provisioning profile determines which certificate (public key)/private key combination is used by Xcode to sign the application, which is embedded in the. IPA package when the application is packaged.
• Provisioning Profile Packs All this information together, so that we can use it when debugging and distributing the program, so that if you choose different Provisioning profiles in different situations
• Provisioning profile is also divided into development and distribution, with the same validity period as certificate. The development version of Provisioningprofile is used for development debugging, and the distribution version of Provisioningprofile is primarily used for submitting App Store audits, which do not specify devices for development testing.
• For Xcode development, configure the corresponding description file under Xcodetarget-build settings-code signing-provisioning profile, and then in the code signing identity drop-down to select Identities from profile is the certificates contained in provisioning profile
• In Xcodetarget-build setting code signing-provisioning profile You can select "Automatic", and Xcode will be based on the target's "Bundle Identifier" Select the default configuration file and certificate.

2.4.2 Creating a configuration file

Open iOS Dev Center, "Provisioning Profiles"-All, click "+" in the top right corner, or click "Development" or "Production"

Choose to develop or publish a certificate profile, take development as an example, click iOS appdevelopment, continue

Select the corresponding app ID to continue

Select the certificate you want to associate with multiple options

Select the device for the debug installation (up to 100 devices) and the page will not appear if it is a production certificate profile:

After entering the file name, click "Generate" and the profile creation is successful:

Click "DownLoad" to download.

Download to local Provisioning profile, double-click Auto-Install to Xcode, Xcodetarget->build Settings->code signing->provisioning This item is visible in profile.

, select this profile, the associated certificate file is displayed by default in the code signing identity, that is, when the profile is created, the associated certificate is selected, there can be multiple, and the production certificate profile is similar to that, no more.

Use of iOS development certificates and configuration files