Which iOS certificates do I need to build and publish my app?


Before getting started with the generation of your iOS certificates you need to be a registered Apple developer. The Apple Developer Program is a $99 yearly membership. Joining the Apple Developer Program is mandatory to publish your iOS app to the App Store. As a member, you can register devices (for Ad Hoc testing), submit several apps and their updates to the App Store.
To enroll as an Apple Developer, go to this link:  
Follow the subscription process and complete your purchase. After the payment it can take up to 24 hours to confirm the activation of your account. When you receive the email entitled “Welcome to iTunes Connect!”, you're good to go ;)

Now that you have your developer account set up, you can start generating your iOS certificates, by going to this link

Why do you need Certificates?

Wondering what these certificates are for? Let's review the entire process, shall we?
=> As an Apple Developer, when creating a project you need to sign it with a Distribution Certificate. This Distribution Certificate authentifies you as the creator of the app. As a result your name (if you registered as an individual) or your company's (if you registered as an organization) will show in the "Seller" field in the App Store. 
=> With your Developer Account you can publish several apps. You can use the same Distribution Certificate to distribute them. 
Attention: the Distribution Certificate expires after 1 year.
=> What will identify each app as unique is called the App ID: 1 App ID = 1 app.
If you want to enable push notifications inside your app, when configuring the App ID remember to enable "Push notifications" before validating your registration.
=> Creating a Provisioning Profile is another mandatory step. It will make the link between you, as an Apple Developer and your project (an App ID). You will need a Provisioning Profile for both the Ad Hoc (Distribution - AdHoc) and App Store distribution.
Attention: the Provisioning Profiles expire along with the Distribution Certificate.
=> Last but not least: the Push SSL Certificate. It is tied to a specific App ID. It makes the connection between the App ID and the dispatch servers.
Attention: the Push SSL Certificate expires after 1 year as well.

The Distribution Certificate

The Distribution Certificate allows you to sign up your app for final distribution via the App Store, or for testing purposes via the Ad Hoc version. It will be applied to all apps submitted through this account.
First you will need to upload a Certificate Signing Request (.CSR) file. If you are building your app by yourself, you have to create this file using Keychain Access on your Mac. If you are using GoodBarber, the file is one click away, you can download it from your backend ;)

Once you have uploaded the .CSR file, you have to complete the process and finally, download the .CER file. The final step is uploading the .CER file in Keychain Access or in your GoodBarber backend.

The Push SSL Certificate

If you want to enable Push Notifications, you need this certificate. It establishes the connection between your notification server (GoodBarber for instance, if you are using our platform) and the Apple Push Notification service production environment.

Unlike the Distribution Certificate, this one must be generated for each app (remember: we said it was tied to a specific App ID).
The creation process remains the same. You have to generate a .CSR file using Keychain Access on your Mac or to download it directly from your GoodBarber backend. Then, you need to upload it in the Apple Developer Interface and retrieve a .CER file.

To finalize the process, upload this certificate in Keychain Access or in your GoodBarber backend. Just like with the previous certificate.

What happens if they expire or have been revoked?

If your Apple Developer license expires => your apps will be taken off the App Store. They will keep working on the devices where they were already downloaded. If you renew your licence , you can make the apps visible again in the App Store.

If your Distribution Certificate is revoked or expires => you must generate a new one if you want to be able to compile your app, to commit an update or submit an app from scratch. Apps already published in the store are not affected.

If your Provisioning Profiles are revoked or expire => you must generate a new one if you want to update the app related to it.

If your Push Certificate expires => you can no longer send push notifications to the app related to it.

How to build your iOS app?

In this video, Jerome covers the step by step process to build an iOS app using GoodBarber. It explains how to:

- create a distribution certificate
- declare an app id
- create a push certificate and link it to your app
- create the provisioning profiles needed to distribute your app on the App Store, and on selected devices with the ad hoc version of your app

Publishing an update?

Check out this tutorial:

Looking to publish your app internally?

Read this article instead: