How to create Certificate for iOS
There are two recommended options depending on your OS and workflow:
Certificate Setup
Fresh Certificate (New Setup)
Case 1: Fresh Certificate (New Setup)
1. Generate CSR (Certificate Signing Request)
Step 1: Generate CSR
- macOS:
- Open Keychain Access → Certificate Assistant → Request a Certificate From a Certificate Authority…
- Enter:
- User Email Address (Apple ID email)
- Common Name (e.g., “QuikApp Distribution”)
- Select Saved to disk → Save as CertificateSigningRequest.certSigningRequest
- Windows alternative (OpenSSL):
openssl req -new -newkey rsa:2048 -nodes -keyout ios_private_key.key -out CertificateSigningRequest.certSigningRequestStep 2: Create Certificate in Apple Developer Portal
- Log in → Certificates, Identifiers & Profiles → Certificates
- Click + Add → Apple Distribution
- Upload CSR file → Download generated .cer
Step 3: Import Certificate into Keychain Access (macOS)
- Double-click .cer → installs under My Certificates, private key auto-paired.
Step 4: Export as .p12
- In Keychain Access → My Certificates → locate Apple Distribution certificate
- Right-click → Export → Format: .p12
- Set a password → Save as ios_distribution.p12
Step 5: Upload to QuikApp
- Upload .p12 + password in Certificates section
Already Present Certificate (Existing Setup)
Case 2: Existing Certificate (macOS)
Open Keychain Access → My Certificates → locate certificate + private key
Export as .p12 → set password → Save as ios_distribution_existing.p12
Upload to QuikApp + password
Notes:
P12 Flow bundles certificate + private key → easier for automation & CI/CD
Keep backups of .p12 in secure vaults
Reusable across multiple machines
Fresh Certificate (New Setup)
Case 1: Fresh Certificate (New Setup)
Windows (OpenSSL)
Step 1: Generate Private Key + CSR (Single Command)
openssl req -new -newkey rsa:2048 -nodes -keyout ios_private_key.key -out CertificateSigningRequest.certSigningRequest- Generates:
- ios_private_key.key → Private key
- CertificateSigningRequest.certSigningRequest → CSR
- During prompt:
- Common Name (CN) → Your Company / Developer Name
- Email Address → Apple Developer email
- Leave challenge password empty
- Login to Apple Developer Portal
- Navigate to Certificates → iOS Distribution
- Upload CertificateSigningRequest.certSigningRequest
- Download the generated certificate:
- ios_distribution.cer
- Upload:
- ios_distribution.cer
- ios_private_key.key
Step 1: Generate CSR + Key (Single Command)
openssl req -new -newkey rsa:2048 -nodes -keyout ios_private_key.key -out CertificateSigningRequest.certSigningRequest
- Upload CSR
- Download ios_distribution.cer
- ios_distribution.cer
- ios_private_key.key
- CSR and private key are stored in Keychain
- Must export .p12 and extract .key if using Manual Flow
Already Present Certificate (Existing Setup)
Case 2: Existing Certificate
Step 1: Download existing certificate:
- ios_distribution.cer
Step 2: Locate the original private key used to generate csr file:
- ios_private_key.key
Step 3: Upload to QuikApp:
- .cer
- .key
If the private key is lost → certificate must be revoked and recreated
- Keychain → Export certificate + key → .p12
openssl pkcs12 -in ios_distribution.p12 -nocerts -nodes -out ios_private_key.key
- ios_distribution.cer
- ios_private_key.key
Notes on Private Key (.key)
- Generated together with CSR (single command)
- Required only for Manual Flow
- Apple never stores your private key
- Losing the .key makes the certificate unusable
- Always store securely (Vault, CI secrets, encrypted storage)
