Setting Up Your Development Machine
The first thing you must do is set up your Mac development machine for code signing. Coding signing your application serves two purposes: It confirms the app author, and it guarantees that the app has not been altered since it was signed. iOS requires each application to be digitally signed before the app can run on a device. Code signing is never a joy, but it is a necessity, ensuring that the application comes from a trusted source.
To code sign your app, you must have a public and private key pair and a digital certificate. When your application is in development, you use a development certificate to code sign the application. This allows you to run and test your app on your own device. When you are ready to deploy your application to other devices, whether through the App Store or through Ad Hoc and enterprise distribution, you use a distribution certificate to code sign the app.
Requesting a Development Certificate
To prepare your development Mac for code signing, you must first request a development certificate. To request a development certificate you need to generate a Certificate Signing Request (CSR). You use the Mac desktop application Keychain Access to generate the CSR. As Keychain Access creates your CSR, it also generates a public and private key pair for you and stores the pair in the login Keychain. The key pair identifies you as an iOS developer and is associated to the development certificate.
The Keychain Access application is available in the Applications > Utilities folder. Alternatively, you can launch the app using Spotlight. Press -Space and start typing “Keychain,” without the quotes, in the Spotlight box. Spotlight will find the Keychain Access application for you. All you need to do then is press the Enter key to launch the application.
The first thing you need to do in Keychain Access is select Preferences from the menu (or type -,). Click Certificates and turn off Online Certificate Status Protocol (OCSP) and Certificate Revocation List (CRL) as shown in Figure 6.2.
Figure 6.2. Turn off the OCSP and CRL settings in the Preferences > Certificates screen.
Close the Preferences window, then select Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority from the menu bar. At this point, you are ready to enter the certificate information, as seen in Figure 6.3. Enter your email address in the User Email Address field. This must be the same email address you submitted when registering as an iOS Developer.
Figure 6.3. Certificate Assistant window in Keychain Access
Enter your name in the Common Name field. The name must match the name submitted when you registered as an iOS Developer. Leave the CA Email Address field blank. Mark the options “Saved to disk” and “Let me specify key pair information.”
When you have finished, click the Continue button. The Assistant will ask where to save the CSR. Your desktop is as good a place as any, so save the CSR to your desktop.
Make sure you selected the “Let me specify key pair information” option in the Certificate Information window (Figure 6.3). This tells the Certificate Assistant to display the Key Pair Information window, shown in Figure 6.4. Here you set the options for generating the key pair. Select 2048 bits for the Key Size and RSA for the Algorithm. Click Continue.
Figure 6.4. Key Pair Information window
The Certificate Assistant will generate the CSR and save it to your desktop. A public and private key pair is also generated for you and stored in the login Keychain. The key pair can be viewed in the Keychain Access application under the Keys category as seen in Figure 6.5.
Figure 6.5. Public and private key pairs stored in the login Keychain
Click Done to close the Certificate Assistant. The generated CSR file is on your desktop. Your next step is to submit the CSR for approval.
Figure 6.6. Portal Resources containing a user guide and how-to videos
Submit Your CSR for Approval
The next step is submitting your CSR for approval, and it is less involved than the previous step. A Team Agent or Admin approves or rejects your CSR. You will receive an email notifying you of your certificate status. If your request is approved, you download your digital certificate from the Provisioning Portal and install it on your development machine.
To submit your CSR, sign in to the iOS Provisioning Portal. If you have trouble remembering the URL of the iOS Provisioning Portal, sign in to the iOS Dev Center (developer.apple.com/ios). Toward the upper right side of the iOS Dev Center home page there is a section titled iOS Developer Program, shown in Figure 6.7. This section includes links for the iOS Provisioning Portal, iTunes Connect, Apple Developer Forums, and the Developer Support Center. Click the iOS Provisioning Portal link to be transported to the portal Web site.
Figure 6.7. iOS Dev Center home page with a link to the iOS Provisioning Portal
From the iOS Provisioning Portal home page, click the Certificates link found in the left-side menu bar. Next click the Development tab, then the Add Certificate button. Scroll down to find the Choose file button. Click the button and select the CSR file that you saved to the desktop. Click the Submit button to upload your CSR. If you are unable to submit your CSR through the Web site, email the CSR file to the Team Agent.
Download and Install Your Certificate
The Team Admin will be notified by email after your submitted CSR has been received. Once the Admin approves or rejects your request, you will receive a notification email with your certificate status. When it has been approved, you sign in to the Provisioning Portal again, then click Certificates > Development. You’ll see your approved certificate listed at the top. Click the Download button under the Action column to save the certificate to your development machine.
On your development machine, use Finder to locate the saved .cer file. Double-click the .cer file to launch Keychain Access and to install your certificate. Save the certificate to your login Keychain. Once it is installed, you can view the certificate by selecting the Certificates category for the login Keychain in Keychain Access (Figure 6.8). Your certificate name will be “iPhone Developer: Your Name.”
Figure 6.8. You can view your certificate in the Certificates category.
While still in Keychain Access, click the Keys category for the login Keychain. Here you will see your public and private keys generated by the Certificate Assistant. Expand the private key by clicking the disclosure triangle. You will see that the certificate has been associated to your private key. Apple never receives your private key when you submit the CSR. Your private key is available only to you. This is why it is important that you not lose it.
Your development machine is now set up to code sign builds of your application, but you cannot run your app on your iPad yet. You still have a few more steps to follow. Next up is setting up your device.