How to create Certificate for iOS
There are two recommended options depending on your OS and workflow:
Certificate Setup
Fresh Certificate (New Setup)
Case 1: Fresh Certificate (New Setup)
1. Generate CSR (Certificate Signing Request)
- Step 1: Generate CSR
macOS:
- Open Keychain Access → Certificate Assistant → Request a Certificate From a Certificate Authority…
- Enter:
- User Email Address (Apple ID email) Common Name (e.g., “QuikApp Distribution”)
- Select Saved to disk → Save as Certificate Signing Request.certSigningRequest Windows alternative (OpenSSL):
Copy to clipboard
openssl req -new -newkey rsa:2048 -nodes -keyout ios_private_key.key -out CertificateSigningRequest.certSigningRequest- Step 2: Create Certificate in Apple Developer Portal
- Log in → Certificates, Identifiers & Profiles → Certificates
- Click + Add → Apple Distribution
- Upload CSR file → Download generated .cer
- Step 3: Import Certificate into Keychain Access (macOS)
- Double-click .cer → installs under My Certificates, private key auto-paired.
- Step 4: Export as .p12
- In Keychain Access → My Certificates → locate Apple Distribution certificate
- Right-click → Export → Format: .p12
- Set a password → Save as ios_distribution.p12
- Step 5: Upload to QuikApp
- Upload .p12 + password in Certificates section
Already Present Certificate (Existing Setup)
Case 2: Existing Certificate (macOS)
Open Keychain Access → My Certificates → locate certificate + private key
Export as .p12 → set password → Save as ios_distribution_existing.p12
Upload to QuikApp + password
Notes:
P12 Flow bundles certificate + private key → easier for automation & CI/CD
Keep backups of .p12 in secure vaults
Reusable across multiple machines
Fresh Certificate (New Setup)
Case 1: Fresh Certificate (New Setup)
Windows (OpenSSL)
- Step 1: Generate Private Key + CSR (Single Command)
Copy to clipboard
openssl req -new -newkey rsa:2048 -nodes -keyout ios_private_key.key -out CertificateSigningRequest.certSigningRequest- Generates:
- ios_private_key.key → Private key
- CertificateSigningRequest.certSigningRequest → CSR
- During prompt:
- Common Name (CN) → Your Company / Developer Name
- Email Address → Apple Developer email
- Leave challenge password empty
- Step 2: Create Certificate in Apple Developer Portal
- Login to Apple Developer Portal
- Navigate to Certificates → iOS Distribution
- Upload CertificateSigningRequest.certSigningRequest
- Download the generated certificate:
- ios_distribution.cer
- Step 3: Upload to QuikApp (Manual Flow)
- Upload:
- ios_distribution.cer
- ios_private_key.key
macOS
Option A: OpenSSL (Manual Flow – Recommended for QuikApp)
- Step 1: Generate CSR + Key (Single Command)
Copy to clipboard
openssl req -new -newkey rsa:2048 -nodes -keyout ios_private_key.key -out CertificateSigningRequest.certSigningRequest
- Step 2: Create Certificate on Apple Developer Portal
- Upload CSR
- Download ios_distribution.cer
- Step 3: Upload to QuikApp
- ios_distribution.cer
- ios_private_key.key
Option B:
Keychain Access (Not ideal for Manual Flow)
- CSR and private key are stored in Keychain
- Must export .p12 and extract .key if using Manual Flow
Already Present Certificate (Existing Setup)
Case 2: Existing Certificate
Windows
- Step 1: Download existing certificate:
- ios_distribution.cer
- Step 2: Locate the original private key used to generate csr file:
- ios_private_key.key
- Step 3: Upload to QuikApp:
- .cer
- .key
macOS
If Private Key Exists in Keychain
Option A: Export .p12 (Apple Standard)
- Keychain → Export certificate + key → .p12
Option B: Extract .key for Manual Flow
Copy to clipboard
openssl pkcs12 -in ios_distribution.p12 -nocerts -nodes -out ios_private_key.key
Then upload:
- ios_distribution.cer
- ios_private_key.key
Notes on Private Key (.key)
- Generated together with CSR (single command)
- Required only for Manual Flow
- Apple never stores your private key
- Losing the .key makes the certificate unusable
- Always store securely (Vault, CI secrets, encrypted storage)
