From developer certificate to iOS keystore (PKCS #12)
This section guides you through the process of creating a PKCS #12 (sometimes referred to as p12 keystore) needed to build iOS apps.
First grab your developer certificate from your iOS developer account
Verify that it's your certificate with:
$ openssl x509 -inform DER -noout -subject -in iphone_developer.cer subject= /UID=L<hash>Y/CN=iPhone Developer: Donald Duck (<devId>)/OU=<teamId>/O=Duck Family/C=US
or show the
sha1 fingerprint only:
$ openssl x509 -inform DER -noout -fingerprint -sha1 -in iphone_developer.cer SHA1 Fingerprint=12:...:18
-enddate you can check other interesting data or simply use
-text to dump the whole content in a human readable way.
For further processing we convert the certificate from
DER input format (
-inform DER) to
PEM output format (
$ openssl x509 -in iphone_developer.cer -inform DER -out iphone_developer.pem -outform PEM
[optional] If your private key is in
p12 format you'll need to do this additional step and convert it to
PEM fromat also:
$ openssl pkcs12 -nocerts -in private_key.p12 -out private_key.pem
With both ingredients in
PEM format you can create a keystore for iOS builds out of those:
$ openssl pkcs12 -export -inkey private_key.pem -in iphone_developer.pem -out ios_build.p12 Enter pass phrase for private_key.pem: Enter Export Password: Verifying - Enter Export Password:
You'll need to know the pass phrase of your private key and specify a new password for the generated
Inspect details of an existing iOS keystore:
$ openssl pkcs12 -info -in ios_build.p12 Enter Import Password: MAC Iteration 1 MAC verified OK PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048 Certificate bag ... your keystore/certificate details ...
You'll also need the credentials of the private key to access all data contained in the keystore.
Extract the certificate from the keystore:
$ openssl pkcs12 -in signing/ios_build.p12 -clcerts -nokeys -out publicCert.pem
Show the details of this certificate:
$ openssl x509 -in publicCert.pem -text Certificate: Data: ... your certificate datails ...