Follow these instructions to get your computer set up for iOS development. View the blog post here.
- Fork this repo
- Your team can follow the instructions below
-
Never make unprotected P12 files public!
-
Only use an Apple ID with your Company e-mail addressThis used to be the case when iTunes connect did not have team support. It is recommended that you now use your personal Apple ID since this is less problematic when using TestFlight, In-App-Purchases or Apple Pay.
-
Please follow these instructions carefully some instructions look similar but have subtle differences
-
Certificates should be backed up as
p12
files since thecer
file does not have all of the information required to transfer between terminals. -
Turn off XCode's automatically manage signing option before selecting a team otherwise you will be constantly invalidating each others distribution certificates.
-
The owner of the Apple Developer account should be readily available or should be under a shared Apple ID. Regular changes to the Apple Developers Program Licence Agreement can be blocking and can only be signed by the account owner.
-
Do not share your private password with other people.
-
Agree either on a shared password or to leave P12 files unprotected in a private repo.
-
Anything that says shared should be generated upfront by the account owner or tech-lead, this includes:
Apple Developer Centre
The developer centre is the place where certificates and provisioning profiles are created as well as the place App IDs are registered. It's team system is independent to that of iTunes Connect.
iTunes Connect
iTunes Connect is where apps are tested with TestFlight and deployed to the App Store.. It's team system is independent to that of Apple Developer Centre.
Certificate signing request (CSR)
Created by any team member and is exchanged with Apple for a certificate. The signing request is associated with a specific key on the system that generated it.
Certificate
Created by Apple after providing a CSR. A certificate expires after a duration (usually) a year and is used to sign applications.
Key
When a CSR is generated by a user so is a key. The CSR once exchanged for a certificate will be associated to that key.
P12 File
The certificate comes from Apple and the Key belongs on the computer that generated the CSR. To sign an application you need both parts, once the certificate has been installed on the system that created the CSR the certificate any key will pair up. You can export these together as a P12 file to move between machines.
App ID
This is called the bundle id within XCode and is a reverse domain identifier which is unique per application. For example uk.co.simpleweb.myapp
A shared App ID should be used in development unless you are using services that are app specific like Push. A full list of these can be found in the App ID guide
An App ID is however required before submitting to iTunes Connect.
Identifiers do not download to your computer and are only used in reference to iTunes Connect and Provisioning Profiles.
Follow the Setting up App IDs Guide for instructions.
Provisioning Profile
A provisioning profile links together certificates, devices and App IDs. They are disposable, downloadable via the Dev centre and do not require backing up. Provisioning profiles can be regenerated by any developer at any time since restoring them simply requires downloading and opening (assuming you have a valid certificate).
We recommend that when creating provisioning profiles that all certificates and devices are included.
Follow the Setting up Provisioning Profiles Guide for instructions.
There are many types of certificates, most of them work the same however some should be shared whereas others are personal to you. Here is a brief outline:
This is automatically installed by Xcode and you'll mostly not need to concern yourself with it. However, if you need to reinstall the intermediate signing certificate open the file certificates/AppleWWDRCA.cer
in keychain access.
This certificate is used by your machine to sign applications for development.
- Type: App signing
- Environment: Development
- Personal: Yes
- Shared with team: No
- App specific: No
- Creation, Backup & Restore guide: Link
This certificate is used by your backend server to authenticate the sending of push notifications using Apple Push Notification Service (Sandbox).
- Type: Push
- Environment: Development / TestFlight / Ad Hoc
- Personal: No
- Shared with team: Yes
- App specific: Yes
- Creation, Backup & Restore guide: Link
This certificate is used by your machine to sign applications for distribution. This certificate is required if you are publishing to the App store, distributing an IPA file or testing the app with internal or external testers in TestFlight.
WARNING: Applications distributed as Ad Hoc / TestFlight / HockeyApp will expire.
- Type: App signing
- Environment: App Store / Ad Hoc / TestFlight / HockeyApp
- Personal: No
- Shared with team: Yes
- App specific: No
- Creation, Backup & Restore guide: Link
This certificate is used by your backend DEVELOPMENT server to authenticate the sending of push notifications using Apple Push Notification Service.
- Type: Push
- Environment: App Store
- Personal: No
- Shared with team: Yes
- App specific: Yes
- Creation, Backup & Restore guide: Link
This certificate is used by your backend PRODUCTION server to authenticate the sending of push notifications using Apple Push Notification Service.
- Type: Push
- Environment: App Store
- Personal: No
- Shared with team: Yes
- App specific: Yes
- Creation, Backup & Restore guide: Link