/iOS-Development-For-Teams

A simple guide for setting up Certificates, ID's and Provisioning profiles that work well for teams

iOS Development For Teams (redux)

Follow these instructions to get your computer set up for iOS development. View the blog post here.

How to use this repository

Important

  • Never make unprotected P12 files public!

  • Only use an Apple ID with your Company e-mail address

    This used to be the case when iTunes connect did not have team support. It is recommended that you now use your personal Apple ID since this is less problematic when using TestFlight, In-App-Purchases or Apple Pay.

  • Please follow these instructions carefully some instructions look similar but have subtle differences

  • Certificates should be backed up as p12 files since the cer file does not have all of the information required to transfer between terminals.

  • Turn off XCode's automatically manage signing option before selecting a team otherwise you will be constantly invalidating each others distribution certificates.

    Turn this off always

  • The owner of the Apple Developer account should be readily available or should be under a shared Apple ID. Regular changes to the Apple Developers Program Licence Agreement can be blocking and can only be signed by the account owner.

  • Do not share your private password with other people.

  • Agree either on a shared password or to leave P12 files unprotected in a private repo.

  • Anything that says shared should be generated upfront by the account owner or tech-lead, this includes:

    • Setting up a company shared production certificate - Guide
    • Setting up a shared development App ID - Guide
    • Setting up an inital provisioning profile - Guide

Terminology

Apple Developer Centre

The developer centre is the place where certificates and provisioning profiles are created as well as the place App IDs are registered. It's team system is independent to that of iTunes Connect.

iTunes Connect

iTunes Connect is where apps are tested with TestFlight and deployed to the App Store.. It's team system is independent to that of Apple Developer Centre.

Certificate signing request (CSR)

Created by any team member and is exchanged with Apple for a certificate. The signing request is associated with a specific key on the system that generated it.

Certificate

Created by Apple after providing a CSR. A certificate expires after a duration (usually) a year and is used to sign applications.

Key

When a CSR is generated by a user so is a key. The CSR once exchanged for a certificate will be associated to that key.

P12 File

The certificate comes from Apple and the Key belongs on the computer that generated the CSR. To sign an application you need both parts, once the certificate has been installed on the system that created the CSR the certificate any key will pair up. You can export these together as a P12 file to move between machines.

App ID

This is called the bundle id within XCode and is a reverse domain identifier which is unique per application. For example uk.co.simpleweb.myapp

A shared App ID should be used in development unless you are using services that are app specific like Push. A full list of these can be found in the App ID guide

An App ID is however required before submitting to iTunes Connect.

Identifiers do not download to your computer and are only used in reference to iTunes Connect and Provisioning Profiles.

Follow the Setting up App IDs Guide for instructions.

Provisioning Profile

A provisioning profile links together certificates, devices and App IDs. They are disposable, downloadable via the Dev centre and do not require backing up. Provisioning profiles can be regenerated by any developer at any time since restoring them simply requires downloading and opening (assuming you have a valid certificate).

We recommend that when creating provisioning profiles that all certificates and devices are included.

Follow the Setting up Provisioning Profiles Guide for instructions.

Certificates

There are many types of certificates, most of them work the same however some should be shared whereas others are personal to you. Here is a brief outline:

Intermediate Certificate

This is automatically installed by Xcode and you'll mostly not need to concern yourself with it. However, if you need to reinstall the intermediate signing certificate open the file certificates/AppleWWDRCA.cer in keychain access.

iOS App Development

This certificate is used by your machine to sign applications for development.

  • Type: App signing
  • Environment: Development
  • Personal: Yes
  • Shared with team: No
  • App specific: No
  • Creation, Backup & Restore guide: Link

Apple Push Notification service SSL (Sandbox)

This certificate is used by your backend server to authenticate the sending of push notifications using Apple Push Notification Service (Sandbox).

  • Type: Push
  • Environment: Development / TestFlight / Ad Hoc
  • Personal: No
  • Shared with team: Yes
  • App specific: Yes
  • Creation, Backup & Restore guide: Link

App Store and Ad Hoc

This certificate is used by your machine to sign applications for distribution. This certificate is required if you are publishing to the App store, distributing an IPA file or testing the app with internal or external testers in TestFlight.

WARNING: Applications distributed as Ad Hoc / TestFlight / HockeyApp will expire.

  • Type: App signing
  • Environment: App Store / Ad Hoc / TestFlight / HockeyApp
  • Personal: No
  • Shared with team: Yes
  • App specific: No
  • Creation, Backup & Restore guide: Link

Apple Push Notification service SSL (Sandbox)

This certificate is used by your backend DEVELOPMENT server to authenticate the sending of push notifications using Apple Push Notification Service.

  • Type: Push
  • Environment: App Store
  • Personal: No
  • Shared with team: Yes
  • App specific: Yes
  • Creation, Backup & Restore guide: Link

Apple Push Notification service SSL (Sandbox & Production)

This certificate is used by your backend PRODUCTION server to authenticate the sending of push notifications using Apple Push Notification Service.

  • Type: Push
  • Environment: App Store
  • Personal: No
  • Shared with team: Yes
  • App specific: Yes
  • Creation, Backup & Restore guide: Link