Manage Distribution Certificates
A distribution certificate (also referred to as a production certificate) identifies your organization in a distribution provisioning profile, and authenticates that the app comes from an Apple-trusted source.
A distribution certificate is not specific to a particular app; you should use the same certificate to sign all your iOS apps.
Unless your organization is brand new to Digital.ai App Management or app development in general, it's likely that you'll already have a distribution certificate. However, distribution certificates expire every 2 years so you will periodically need to renew your distribution certificate to prevent apps from expiring. For more information, see Re-sign an App.
Expired Apps
Users cannot install expired apps from an App Catalog, and cannot run expired apps that are already installed. To prevent interruption to your users, you must renew credentials and re-sign apps BEFORE an app expires.
iOS apps with an expired distribution certificate or distribution provisioning profile are highlighted on the Applications page, and Digital.ai App Management notifies administrators about apps due to expire. Notification emails are sent 60 days before an app expires, 45 days before, 30 days before, and then every day until the app either expires or is re-signed with new credentials.
The following procedures guide you through the process of creating a distribution certificate and adding the certificate to your Keychain (the password and certificate management system on your Apple computer). If you plan to sign with the Portal, you will also need to export the distribution certificate from your Keychain to a .p12 file.
You must have a Team Agent or Team Admin role in the Apple Developer Portal to create and manage distribution certificates.
Create a Distribution Certificate
The following procedure describes tasks that are performed outside of Digital.ai App Management's systems. The UI or procedure may change without notice. For the official Apple documentation, see Maintaining your Signing Credentials and Certificates. In Apple's official documentation the terms distribution certificate and production certificate are synonymous.
To create a distribution certificate
-
Log in to the iOS Dev Center with the Apple ID and password for your Apple Developer account.
-
In the left column, click Certificates, Identifiers & Profiles.
-
Under the iOS Apps section, click Certificates.
-
Click the Production tab.
-
Click Add (+) to display Add iOS Certificate page where you can select the type of certificate you need.
-
Under Production, select App Store and Ad Hoc and then click Continue. This is the type of distribution certificate you need, although you will be distributing the app through the App Catalog rather than the Apple App Store.
This displays a procedure for creating a Certificate Signing Request (CSR).
-
Follow the procedure to save the CSR file to your desktop and then click Continue to generate your certificate.
-
Under Upload CSR file, click Choose File and browse to select the CSR file you saved to your desktop.
-
After the CSR is uploaded, click Generate.
-
When the certificate is ready, click Done.
-
In the list, click on the certificate to display details about the certificate.
-
Click Download to save the file to your Downloads folder.
-
Continue with the next procedure to add the certificate to your Keychain.
Add the Distribution Certificate to Your Keychain
To add a distribution certificate to your Keychain
-
Double-click the certificate you saved to your Downloads folder when you created a distribution certificate. This adds the certificate and its associated private key to your Login Keychain.
-
To verify that the certificate was added properly, open the Keychain Access application and view items in the Login Keychain. You should see a certificate named "iPhone Distribution:_ Name_." If you click the arrow to the left of the certificate, you will see the private key associated with the certificate.
If you do not see the certificate in your Login Keychain, check to see if it is in a different Keychain. If it is, move it to your Login Keychain.
Export a Distribution Certificate to a PKCS #12 File
When you are using a distribution certificate to sign with the Portal, you need to upload the certificate file in PKCS (Personal Information Exchange) #12 format. The file must have a .p12 extension.
You can create a password in the following procedure. You are prompted for this password when you save iOS signing credentials in the Admin Portal or sign an app using one-time credentials. we recommend that you do assign a password.
To export a distribution certificate to a .p12 file** **
- On your Mac, open Keychain Access.
- In the My Certificates category of your Login Keychain, highlight both the iPhone Distribution certificate and its private key and right-click. Then choose Export2 items.
- In the Save As field, enter a name for the certificate file.
- From the Where list, select a location to save the file.
- From the File Format list, select Personal Information Exchange (
.p12). - Click Save. You are prompted to enter a password for the certificate file.
- (Optional) In the Password and Verify fields, enter a password for the certificate file and click OK. If you do not want to assign a password to the file, leave these fields blank.
- When prompted, enter your Login Keychain password to authorize Keychain Access to export the items. Click Allow.
Next Steps
Once you have created a distribution certificate, you must then generate a new distribution provisioning profile that uses the new certificate. For more information, see Manage Distribution Provisioning Profiles.