Setting Up Your Development Machine
The first thing you must do is setup your Mac development machine for code signing. Coding signing your application serves two purposes: 1) It confirms the app author, and 2) It guarantees the app has not been altered since it was signed. iOS requires each application be digitally signed before the app can run on a device. Code signing is never a joy, but it is a necessity ensuring the application comes from a trusted source.
To code sign your app, you must have a public and private key pair and a digital certificate. When your application is in development, you use a development certificate to code sign the application. This allows you to run and test your app on your own device. When you are ready to deploy your application to other devices, whether through the App Store or through Adhoc and enterprise distribution, you use a distribution certificate to code sign the app.
Requesting a Development Certificate
To prepare your development Mac for code signing, you must first request a development certificate. To request a development certificate you need to generate a Certificate Signing Request (CSR). You use the Mac desktop application Keychain Access to generate the CSR. As Keychain Access creates your CSR, it also generates a public and private key pair for you and stores the pair in the login Keychain. The key pair identifies you as an iOS developer and is associated to the development certificate.
The Keychain Access application is available in the Applications > Utilities folder. I prefer, however, launching the app using Spotlight. Press ⌘-Space and start typing “Keychain”, without the quotes, in the Spotlight box. Spotlight will find the Keychain Access application for you. All you need to do then is press the Enter key to launch the application.
The first thing you need to do in Keychain Access is select Preferences from the menu (or type ⌘-,). Click Certificates and turn off Online Certificate Status Protocol (OCSP) and Certificate Revocation List (CRL) as shown in Figure 6.2.
Figure 2 (Click to Enlarge) Turn off OCSP and CRL settings in the Preferences > Certificates screen.
Close the Preference window then select Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority from the menu bar. At this point, you are ready to enter the certificate information, as seen in Figure 6.3. Enter your email address in the User Email Address field. This must be the same email address you submitted when registering as an iOS Developer.
Enter your name in the Common Name field. The name must match the name submitted when you registered as an iOS Developer. Leave the CA Email Address field blank. Mark the options “Saved to disk” and “Let me specify key pair information”. When complete click the Continue button. The assistant will ask where to save the CSR. Your desktop is as good of a place as any so save the CSR to your desktop.
Figure 3 (Click to Enlarge) Certificate Assistant window in Keychain Access.
Make sure you selected the “Let me specify key pair information” option in the Certificate Information window (Figure 6.3). This tells the Certificate Assistant to display the Key Pair Information window, shown in Figure 6.4. Here you set the options for generating the key pair. Select 2048 bits for the Key Size and RSA for the Algorithm. Click Continue.
Figure 4 (Click to Enlarge) Key Pair Information window.
Figure 5 (Click to Enlarge) Public private key pairs stored in the login Keychain.
Click Done to close the Certificate Assistant. The generated CSR file is on your desktop. Your next step is to submit the CSR for approval.
Figure 6 (Click to Enlarge) Portal resources containing a user guide and how-to’s videos.
Submit Your CSR for Approval
The next step is submitting your CSR for approval, and it is less involved compared to the previous step. A Team Agent or Admin approves or rejects your CSR. You then will receive an email notifying you of your certificate status. If your request is approved, you download your digital certificate from the Provisioning Portal and install it on your development machine.
To submit your CSR, sign into the iOS Provisioning Portal. I can never remember the URL to the iOS Provisioning Portal so I start by signing into the iOS Dev Center (http://developer.apple.com/ios). Towards the upper right side of the iOS Dev Center home page is a section titled iOS Developer Program, shown in Figure 6.7. This section includes links for the iOS Provisioning Portal, iTunes Connect, Apple Developer Forums, and the Developer Support Center. Click the iOS Provisioning Portal link to be transport to the portal web site.
Figure 7 (Click to Enlarge) iOS Dev Center home page with a link to the iOS Provisioning Portal.
From the iOS Provisioning Portal home page, click the Certificates link found in the left side menu bar. Next click the Development tab followed by clicking the Add Certificate button. Scroll down to find the “Chose file” button. Click the button and select your CSR file that you saved to the desktop. Click the Submit button to upload your CSR.
Download and Install Your Certificate
The Team Admin will be notified by email after your submitted CSR has been received. Once the admin approves or rejects your request, you will receive a notification email with your certificate status. When approved, you sign into the Provisioning Portal again then click Certificates > Development. You’ll see your approved certificated listed at the top. Click the Download button under the Action column to save the certificate to your development machine.
On your development machine, use Finder to locate the saved .cer file. Double-click the .cer file to launch Keychain Access and to install your certificate. Save the certificate to your login Keychain. Once installed, you can view the certificate by selecting the Certificates category for the login Keychain in Keychain Access, Figure 6.8. Your certificate name will be “iPhone Developer: Your Name”.
Figure 8 (Click to Enlarge) You can view your certificate in the Certificates category.
While still in Keychain Access, click the Keys category for the login Keychain. Here you will see your public and private keys generated by the Certificate Assistant. Expand the private key by clicking the disclosure triangle. You will see that the certificate has been associated to your private key. Apple never receives your private key when you submit the CSR. Your private key is only available to you. This is why it is important you not lose your private key.
Your development machine is now setup to code sign builds of your application, but you still cannot run your app on your iPad yet. You still have a few more steps to follow. Next up is setting up your device.