IOS certificate application and packaging process

References:

Certificate Application

step1: Generate keychain CSR file

1) Open -> Keychain Access

2) Open the upper right keychain access bar -> Certificate Assistant -> Request a certificate from a certificate authority...

3) Fill in an email address, select "Save to Disk", and click Continue.

4) Save the generated keychain file.

Documents after successful application:

Keychain will generate a CSR (Certificate Signing Request) file containing the developer's identity information. At the same time, a pair of Public/Private Key Pair is added to Keychain Access->Keys.

The private key (private key) is always stored in the Keychain Access of Mac OS and is used to sign (CodeSign) externally released apps.
The public key is generally distributed with the certificate to verify and authenticate the App signature.

step2: Register the Bundle ID of the project

1) Login ($99 account) Apple Developer Center

2) Select "Certificates":

3) Click the plus sign in the upper right corner of App IDs in the panel.

4) Fill in the name of the App ID

5) Fill in the bundle ID:

App ID（bundle identifier）

App ID is Product ID, which is used to identify one or a group of apps.

The App ID string is usually prefixed (Prefix/Seed) with the Company Identifier (Company ID) in the reverse- domain -name format, and generally does not exceed 255 ASCII characters.

The full name of the App ID will be appended with the Application Identifier Prefix (usually TeamID.), which is divided into two categories:

Explicit App ID: Unique App ID, used to uniquely identify an application. For example, the App ID "com.apple.garageband" is used to identify the App whose Bundle Identifier is "com.apple.garageband".
Wildcard App ID: App ID with wildcard characters to identify a group of apps. For example "*" (actually Application Identifier Prefix) means all applications; while "com.apple.*" can mean all applications whose Bundle Identifier starts with "com.apple." (Apple).

The App ID should match the Bundle Identifier in Xcode (Explicit) or match (Wildcard).

App ID is configured under [XcodeTarget|Info|Bundle Identifier] in xcode; for Wildcard App ID, as long as the bundle identifier contains it as Prefix/Seed.

6) Select the services that the app needs to support. For example, if the app needs push services, check Push Notifications. Click "continue"

7) At the end, there will be a detailed content list. After the correspondence is correct, the submission is completed. Registration is over.

step3: apply for a certificate

The iOS certificate is a digital certificate used to prove the legitimacy and integrity of the iOS App content (executable code). For applications (Apps) that want to be installed on real machines or published to the AppStore, only after signature verification (Signature Validated) can the source be trusted and the content of the App is guaranteed to be complete and untampered.

A digital certificate is a file that is digitally signed by a certificate authority and contains information about the owner of the public key and the public key. It is time-sensitive and only valid for a specific period of time.

1) Click the "+" sign in the upper right corner of the Certificates panel (you can also directly click "Development" or "Production" under "Certificate", and directly choose to apply for a development certificate or a production certificate)

2) Select the type of certificate, the following lists the types of certificates commonly used in our iOS development

Certification

The certificate is the certification of computer development qualifications. Each developer account has a set, which is divided into two types:

Developer Certification
Install on the computer to provide permissions: Developers test on the real machine through the device.
A copy can be generated for installation on multiple computers;
Distribution Certification
Installed on the computer provides permission to publish iOS programs: developers can make beta and release versions of the program.
No copy can be generated, only the computer configured with the certificate can be used;

3) If you are applying for a push certificate, an App ID will be associated

4) Upload the CSR file we built before (see step1 for details)

5) Download the certificate, double-click to import it into Keychain Access, you can view it in Keychain Access->"Certificate".

6) Expand the arrow in front of the installed certificate (*.cer), and you can see its corresponding private key. In KeychainAccess->"Keys", expand the arrow in front of the private key in the Key Pair generated when the CSR was created, and you can view the certificate containing its corresponding public key.

Export certificate (optional)

1) Open Keychain Access, select the successfully installed certificate, right-click and select "Export"

2) Enter the name, the default format is .p12 type, select "Save"

3) Set a password and click "OK"

If the certificate is installed successfully, the keychain will be generated under the certificate. The certificate copy mentioned above (export certificate renaming) is to export the Keychain (that is, the .p12 file) through the computer that configures the certificate and install it on other machines, so that other machines can get the corresponding certificate. permission. Developer Certification can make a copy of the Keychain and distribute it to other computers for installation so that it can be tested on a real machine.

Note: Distribution Certification can only be used by the computer that is configured with the certificate, so even if you export and export the Keychain and install it on other computers, other computers may not have the certificate authority.

Step4: Add test equipment

A Device is a device that runs the iOS system for developing and debugging apps. Each Apple device is uniquely identified using a UDID .

After the iOS device is connected to the Mac, you can obtain the UDID (identifier) of the iPhone through iTunes->Summary or Xcode->Window->Devices. If you feel troublesome, or conditions do not allow you to choose the method provided by Dandelion ( https://www.pgyer.com/doc/view/udid )

The Devices under the personal account of the Apple Member Center website contains all the registered devices that can be used for development and testing. The average personal development account can only register a maximum of 100 devices per year.

Users can register or enable/disable (Enable/Disable) the registered Device on the website.

The devices ID here is created to ensure that when debugging on a real machine, Xcode can find out through the configuration file whether the machine you are currently connected to is a phone that has already added a devices ID. If not, it is impossible to debug successfully, and there is a new device to debug. , You can also upload this Devices ID in Xcode.

Development profiles (Provisioning Profiles) must be bound to the device, so before applying for the development profile, the debugged device must be added (it has been added and can be skipped).

Just fill in the next step.

setp5: apply for authorization file (Provisioning Profile)

The authorization file is the authorization for devices such as iPod Touch, iPad, and iPhone. The file records the UDID of the device and the App Id of the program, that is, the authorized device can install or debug the Bundle identifier and the App Id recorded in the authorization file. corresponding program.

This profile is actually installed in Xcode in the end. It associates the certificate, App ID, and Device ID, and combines the first three to generate an installable provisioning file (suffixed with .mobileprovision), which is used for Xcode to perform real machine operations. Debugging is the same for publishing applications. When you package an app to generate an ipa file, you will also verify your certificates and profiles, which is also the key to your success in packaging.

When creating an authorization file, the developer account will select the App Id, (add in App Id under the developer account, single choice) and UDID (add up to 100 in Devices under the developer account, multiple choice).

There are two types of authorization files, corresponding to the corresponding certificates:

Developer Provisioning Profile (development authorization file)

It is used on a computer with a development certificate or copy, and the developer selects the authorization file to install the program into the device recorded in the authorization file through the computer, and then the real machine test can be carried out.
Note: Make sure that the computer has the authority to debug the real machine, that is, the development certificate or copy is installed; the Bundle identifier of the program in the development tool must be consistent with the App Id of the selected authorization file; the UDID of the device connected for debugging is in the selected authorization file. There are records.

Distribution Provisioning Profile

On the computer with the release certificate (that is, the computer with the certificate configured, there is only one) to make the program for the beta version and the release version.
* The release version is the program file published on the App Store. When the developer account creates the authorization file, select the store option, select the App Id, and do not need to select the UDID
; file, when the developer account creates the authorization file, select AdHoc, select App Id and UDID; only the device corresponding to the selected UDID can install the program made by the authorization file.

A Provisioning Profile corresponds to an Explicit App ID or Wildcard App ID.
The Provisioning Profile determines which certificate (public key)/private key combination (Key Pair/Signing Identity) Xcode uses to sign the application (Signing Product), which will be embedded in the .ipa package when the application is packaged.
The Provisioning Profile packages all of this information together, which is convenient for us to use when debugging and publishing programs. In this way, as long as you choose different Provisioning Profile files in different situations, you can.
Provisioning Profile is also divided into two categories: Development and Distribution, and the validity period is the same as that of Certificate. The ProvisioningProfile of the Development version is used for development and debugging, and the ProvisioningProfile of the Distribution version is mainly used to submit App Store review, which does not specify the Devices for development and testing.
When developing xcode, you need to configure the corresponding description file (Provisioning Profiles) under XcodeTarget->Build Settings->Code Signing->Provisioning Profile, and then drop down the Code Signing Identity to select Identities from Profile "..." (that is, the Provisioning Profile contains Certificates).
Select "Automatic" in XcodeTarget->Build Settings->Code Signing->Provisioning Profile, and Xcode will select the default configuration file and certificate according to the "Bundle identifier" of the Target.

The system checks one by one according to the information provided by the configuration file, from AppID to Entitenments, from digital certificate to device UDID, etc., and finally runs the application to the device. As follows:

In addition, DistributionProvisioningProfile is similar to Development Provisioning Profile, it has no Device configuration information.

1) Select the authorization file type, the following lists the common authorization file types for iOS

2) Select the associated App ID

3) Select the associated certificate. You configure the development certificate, then there is only the development certificate for you to choose. Configure the release certificate, here only the release certificate is available for you to choose. If you are configuring a development certificate, you will also need to set which devices to add in this project as devices for real machine debugging

4) Select an authorized device (by UDID), except for the enterprise certificate (inHouse), only the devices you add can be scheduled or tested. If it is a production certificate profile, this page will not appear (the production certificate is used for release and cannot be used for development and debugging)

5) Give the authorization file a name that can be distinguished from other authorization files

6) After completing the creation, just download the configuration file and double-click to run it. Then exit the page. The certificate has been applied and configured. You can also debug the real machine and release it. (After Xcode7, you can debug on the real machine without a developer account, as long as you log in to your Apple ID account in Xcode, but a developer account is still required for publishing) Steps:

After successful login, select "View Details" in the lower right corner of the window. In the pop-up page, Download the certificate created earlier.

Then the Fix Issue button will appear below, just click it, and the system will automatically debug it for you. (Personal understanding: It is best to add a suffix to the Bundle ID here, otherwise you will report an error if you have already registered the Bundle ID on the web page, or if you have registered the Bundle ID here, you have to change the Bundle ID for another account. )

Package release

Open iTunes Connect ( https://itunesconnect.apple.com ) to log in to your account;

If you don't know what to fill in, you can click the question mark and it will be a prompt in Chinese

Enter after creation

After filling in , click the Save button on the upper right to save it. Then continue:

Upload APP screenshots first. The latest regulation is that you only need to upload 5.5-inch screenshots. For videos, look at individuals, it seems to be about ten seconds. I have not uploaded them before. The content of pictures and videos should be real in the APP; then It is the APP description (the content of the description must be consistent with the APP), the keywords (it is said that the name of the competing product cannot appear, and has not been verified), the technical support website, and the marketing website (the company's website can be used without two websites); the following part:

When you are done filling it out, save it. Then check for errors or typos. (During the filling process, it is best to store some after filling in, to prevent network problems, vain, especially after uploading screenshots) Then go back to Xcode and open your project:

The following is the submission method for exporting the ipa:

The next few steps are also to select the release certificate and check the release configuration file (Note: If it is an ipa exported to the distribution website, the released configuration file must be Ad-hoc, and the enterprise-level account can also be In-house. For details, please refer to: Dandelion's description ), and then select the save path. Then open it in Xcode:

After running, log in to the developer account. Add the ipa file in, the next step, the next step, you can submit it to iTunes Connect. (For submission to the distribution website, please refer to: https://www.pgyer.com/doc/view/app_upload ) The steps are almost the same, so I will not explain them in detail. The speed of the submission process is related to the speed of the Internet. After success, you can close Xcode and return to iTunes Connect.

Enter the event. Check to see if the project is built; if so, continue:

After adding the build version and storing it, the filling and submission of the entire data is almost complete. Then set:

This is based on personal needs, set prices, sales range and so on. Check it out to see if there are any mistakes. If not, you can click Submit in the upper right corner for review.

There is another one, you can also add the localization of the APP on the APPStore. The APPStore will implement the localization according to your localization, so that accounts in different regions can see that your APP displays the localized language. If you do not do localization, Then the display is the main language of your APPStore

In the end, this is the page. If you still have it, you will not have it. Choose to submit. Just waiting for review. Now the newly submitted application, I personally tested it for 3 working days, and the updated and iterative application was launched in 24 hours. It depends on luck.

Solve the problem of submitting and waiting for the build to complete. Suddenly found that the built version cannot be seen in the activity:

Check the email to see if the build failed due to permission issues, so the build version is not displayed; check whether the permissions required by the application in Xcode's Info do not have a corresponding Value, if not, the build version will fail. After solving the permission problem, modify the Xcode build version number bundle Version. If the original build version is 1.0.0, modify it to 1.0.0.0. As long as the version number of the app remains unchanged, the build version number is different from the previous one. .

Summarize

1) Conditions for successful installation of the test certificate: a). Developer certificate + private key. b). Authorization documents.

2) If you want to debug the real machine through the certificate, please select the Development Certificate and the corresponding authorization file (Development Provisioning Profile).

3) If you want more developers to be able to debug the real machine, please authorize the device that needs real machine debugging first, and then download the Development Certificate to the local machine and install it and export it as a private . The p12 file and the corresponding authorization file (Development Provisioning Profile) are handed over to the developer for installation, and real machine debugging can be performed after success.

4) If you want more devices to be tested on real devices, please authorize the devices to be tested first, and then select the production certificate (Distribution Ad_hoc Certificate) and the corresponding authorization file (Distribution Ad_hoc Provisioning Profile) to package and distribute to The device to be tested is sufficient.