top of page

Mastering iOS Provisioning: A Developer's Guide to Certificates & Profiles - Part I

If you're reading this, it's likely because you're grappling with the challenge of resolving a pesky warning or error in Xcode's UI Code Signing Tab. Chances are, you've recently embarked on a new iOS application project.


For experienced iOS developers, you're well aware that simply opening Xcode and hitting the Run button can be a hit-or-miss affair. If it works, kudos to the project's setup wizard! Your next task is to attempt archiving and exporting the application as a .ipa file. If you've successfully completed this step, too, give yourself another round of applause. You're all set to dive into your feature development stories 🚀


The following steps should involve pushing your branch, merging a PR, and letting the CI/CD Pipeline handle the heavy lifting of build, test, package, and deployment. If you're eager to learn more about these processes, head over to DevOps for mobile apps

I want to express my gratitude to various popular companies and open-source projects such as Airbnb, Lyft, Runway, and Fastlane for creating a plethora of tools, guides, and conferences surrounding iOS development. Special admiration goes to Bruno Rocha, who has delved into numerous topics within the realms of Swift, iOS, and Computer Science topics.

A quick disclaimer for non-technical readers: Swift is a versatile programming language that targets various operating systems, including Linux and Windows, not just iOS/your iPhone. It's also used in watchOS, macOS, and tvOS. I'll include this disclaimer more frequently because I believe the iOS community hasn't done an adequate job showcasing its capabilities, which extend to Augmented Reality, Distributed Programming, and Differential Programming. if you are a bit curious to know what else it's the language capable of doing, take a look at the Workgroups at https://www.swift.org

More than a year ago, Bruno penned an article that contained a crucial piece of advice about managing profiles and certificates in larger teams (involving 1+ developers). I would even dare to say if it's a project that has only one developer, take the time to do it, it will pay off. Anyway, Bruno stated the following, and I wholeheartedly concur:

"For solo projects, it should be feasible to simply turn on the automatic signing feature and not worry about any of this signing stuff, but for large teams, the rule is always the same: for the love of God, don't ever, ever, press the automatic signing button."

I'll delve into the technical aspects of it, discussing the App Store Connect API key, Apple Developer Portal, CI/CD pipeline, and your local developer machine.


Like Bruno and many others, I've grappled with profiles and certificates to the extent that I'm contemplating developing a tool on top of fastlane and AppStoreConnect API.


The Task

Uncheck the following. Your application/extension project should still be compiling and archiving.


Your Results

0% chance you have actually achieved the above task.


The Why

Instantly, I discern there might be no CI/CD pipeline, no QA builds per feature branch, and perhaps even a disregard for application versioning. Okay, I might be exaggerating a bit. Still, I genuinely believe that dealing with the intricacies of certificates and profiles is more complex than setting up synchronized certs and profiles for developers. Fortunately, Fastlane offers a tool/function called fastlane's match action , but its required parameters can still be challenging to provide to the rest of your fellow team developers.


Now, let me outline how we can achieve this without automation while still keeping "Automatically manage signing" turned off.

Certificate:

  1. Head to developer.apple.com and login

  2. Create both a development and distribution certificate for your bundle ID

  3. Download these certificates.

  4. Export each certificate along with the private key as a .p12 file from the KeychainAccess application

  5. Share the .p12 file with the rest of the team. ⚠️😵

Provisioning Profiles:

  1. Be sure all development devices are register in the Apple Developer Program

  2. Create profiles for both development and distribution using the previously created certificates.

  3. Share these files with the rest of the team. ⚠️😵

iOS Project:

  1. Turn off "Automatically manage signing."

  2. In Build Settings, specify the code signing identity with the appropriate certificate*. (finish reading for more info)

  3. In Build Settings, explicitly assign the provisioning profile*. (finish reading for more info)

Ensure that all changes in the .pbxproject file are committed to source control.


Legend:

⚠️ - This might not happen

😵 - 99% of the time, it did not happen

More quirks around this process are:

Check the following directory: ~/Library/MobileDevice/Provisioning\ Profiles

Quickly go through those files and remove the ones that are expired. Xcode only keeps adding profiles but not removing expired ones. So when you are trying to find a solution in Xcode UI, you will see expired ones too, and will likely select them thinking they should work because they are available to be selected. Expired profiles on a machine only create confusion.

Another “directory” to check is the Keychain Access application.

Go to Default Keychain > login > Certificates. Again, remove expired certificates related to “Apple”. Close Xcode or restart your machine. When you come back to it, the UI will no longer show you the expired ones.


Join me in Part II of this series. See you next time!


Indeed, you can add a notice about your services as an Apple platforms specialist at the end of your article. Here's a suggestion:


 

Looking for Expertise in Apple Platforms?


If you need professional guidance, consulting, or assistance with anything related to Apple platforms, you're in the right place. As an Apple platforms specialist, I offer a wide range of services to help you navigate the complexities of iOS development, provisioning profiles, certificates, and much more.


Whether you're an individual developer, a startup, or a large team, I can tailor my expertise to your needs. My goal is to make your iOS development journey smoother and more efficient.

Feel free to contact me at binaryhands.co to discuss your project's requirements.


Let's collaborate to bring your iOS projects to the next level.

Looking forward to helping you succeed in the world of Apple platforms!


Comments


bottom of page