I have to "codesign" a distribution certificate inside a .ipa file to deploy an in-house application for a company.
I have access to their developer account. The new provisioning profile had been successfully added at this point and then:
- I download the .cer file from the company developer account
- Add it to my keychain by double click on it
- Right click on the certificate to export it to a .p12 file…
At this point, the option to export the file to .p12 is greyed out. I have looked for many way to do it on the web but I am still stuck.
I have no access to the keychain password of the file.
Do I have to recreate a certificate from my mac to get keychain access to it?
What is the right way to have this certificate as a .p12 file, ready to be codesign to my .ipa file using this command line?
codesign -f -s "iPhone Distribution: Company Name" Payload/MyApp.app
Best Answer
Private Key
You will need the password for the Keychain to export the private key associated with the certificate.
Alone the certificate can not be used to sign. You need the private key as well.
The private key was probably created along with the original CSR (certificate signing request) sent to Apple. By default, the private key is stored in the user's Keychain.
.pem
file..p12
file.New Certificate and Key
You can ask Apple for a new signing certificate, using a new private key and CSR. This does not require administrator access or access to the existing Keychain. You will need access to the online Apple Developer account of the company.
As a precaution, consider creating a separate Keychain for the company - marked as Default while creating the CSR. The private key will then be saved into the separate Keychain and can be passed to
codesign
as an absolute path with the--keychain
flag. You can also store the certificate in this Keychain file.