Setting Up Required Provisioning for iOS Applications

In this tutorial you learn the process required to build and install an iOS application for distribution in the iTunes AppStore or for testing on a set of iOS devices.

  • Create a digital certificate and private key
  • Create a provisioning profile

Note: Mobile development was removed in MyEclipse 2016. This tutorial only applies to MyEclipse 2015.


1. iOS Application Provisioning Requirements

Four provisioning data files are needed for this process:

Certificate Signing Request (CSR) file
The certificate signing request is a temporary file you submit to Apple when you request a digital certificate. This file includes a public encryption key that is matched with the private key file that you will create using a Digital Signing Utility.

Private Key file
The private key (PK) file is created at the same time as the CSR file. It is used in the MyEclipse Mobile Tools application build process to encrypt the key file. This file should be kept safe and private.

Digital Certificate file
An iOS application must be digitally signed with a valid digital certificate provided by Apple in order for it to install and run successfully on an iOS device. This file includes the public encryption key provided by the CSR file.

Provision Profile file
In addition to the digital signature requirement, an application can be installed and run only on iOS devices configured with a provision profile (e.g., distribution.mobile-provision) that authorizes the application. A provision profile is a document that lists the digital certificates, the devices, and the IDs of the applications allowed to operate on a device.


1.1 Apple iOS Developer Program Membership Requirement

A membership in the Apple iOS Developer Program is required to access the iOS Provision Portal, a data creation service used in this tutorial. Visit developer.apple.com/programs/ios to learn about the  program benefits and cost.

Note: There is a cost from Apple for an iOS Developer Program membership.


2. Create a Digital Certificate and Private Key

To begin the provisioning process, you will create a private key file (PK) and certificate signing request file (CSR) using the Digital Signing Utility. The signing utility generates both Android and iOS digital signature files simultaneously. The resulting file is a .zip file that you download to your computer. The PK file is used later in the application build process. You will then submit the CSR to the iOS Provisioning Portal as input to the digital certificate request process. Lastly, when the Provisioning Portal creates the new certificate, you download the digital certificate file and store it with the PK file.

2.1 Create a Folder for Storing Provisioning Data

Please Read – Before generating any files, here is a little housekeeping advice. Always create a new folder into which all files created in this tutorial are downloaded and saved. It is critical that you never mix versions of the private key, certificate and provisioning profiles files. Doing so results in errors when you attempt to use the data in the application build process or when installing an application on an iOS device.

2.2 Generate Certificate Signing Request and Private Key Files

The first step is to use the Digital Signing Utility to create certificate signing request and private key files, which you will then download to your development machine. The certificate signing request file is named certificate-request.csr and is submitted to the iOS Provisioning Portal when you request a new digital certificate from Apple in Section 2.3. The private key (private.key) file is required for building an iOS application.

Note: The process of generating certificate request and private key files needs to be done only once. The private key (.key) file you generate must be paired with the certificate file you receive from Apple; therefore, do not lose this file.

  1. Using your web browser, access the Digital Signing Utility at http://mobionesigning.appspot.com/signing/.
  2. Fill in your company information, and click the Generate button to create both the certificate request file and private key file. The company information is used as part of the generated digital signature files.

    Generating the certificate and private key files
  3. Click the Download button for the .zip file, and extract the files to the new folder you created in Section 2.1. You will access these files later in the provisioning process.

    Downloading the generated .zip file


2.3 Requesting a Digital Certificate

In this step, you create and download a digital certificate for use in distributing applications either to the App Store or to registered iOS devices.

    1. In the iOS Provisioning Portal (login required), click Certificates under iOS Apps.

      Beginning the certificate request process
    2. In the left navigation panel, click Distribution.

      Selecting the distribution certificate type
    3. Click , select the App Store and Ad Hoc distribution option, and click Continue.

      Selecting the distribution type
    4. The next page presents instructions for creating a certificate request file. You can ignore these instructions; the digital signing utility has already provided you with a certificate request file in Section 2.2. Click Continue.
    1. Click Choose File to navigate to your certificate request file (certificate-request.csr) for upload, and click Generate.

      Requesting a certificate
    2. Scroll to the bottom of the page, click Browse, navigate to the certificate-request.csr file created and downloaded in Section 2.2, and click Submit. Apple receives the request and will supply you with a certificate file, typically in 1-2 minutes.
  1. When the request is approved, click Download to download the certificate (distribution.cer) file. Save the certificate file to the same folder containing your private.key file created in Section 2.2. Both files are required for MyEclipse Mobile Tools to build your iOS application.

    Note: Be sure you store the .key and .cer file pair together in a safe place. Without them, you cannot build iOS applications.

    Downloading the certificate file


3. Create a Provisioning Profile

A provisioning profile authorizes an application to be installed and run on an iOS device. Provisioning profiles are created and configured from the Provisioning Portal. In this tutorial, you will create an ad hoc distribution profile. Such a profile enables an application to be installed for testing purposes from either your local iTunes application or wirelessly, a.k.a., over the air.


3.1 Add Devices

When creating an ad hoc distribution profile, you must first identify the iOS devices for which the profile applies. Do this by using the Provisioning Portal to register iOS devices by their Unique Device Identifier (UDID). Before registering a device, you must first retrieve its UDID.

  1. Connect the device to iTunes, and select the device in the Device list. The Summary page opens.
  2. Click the serial number to reveal the UDID.

    Retrieving the UDID from iTunes
  3. Click Devices in the left navigation panel, and click .
  4. Select the Register Device option, enter a name for the device, enter the UDID, and click Continue.

    Entering the UDID
  5. Review the device information, and click Register. When you click Done when registration is complete, the device appears in the device list.

    Registered device


3.2 Create App IDs

Applications authorized by a provision profile must have bundle IDs that match the profile’s App ID. App IDs are created using the Provisioning Portal. The recommended naming convention for App ID strings is to use a reverse-domain name with the app specific ID appended as the last segment, e.g., com.genuitec.myapp. An App ID can end with the optional * wildcard character. Wildcard App IDs match all application bundle IDs that share the same prefix before the app ID * char. Example wildcard App IDs include com.genuitec.* and *.

For simplicity, the example in this tutorial uses a full wildcard * App ID.  Profiles configured with a full wildcard App ID will authorize all applications. You can read more about App IDs on the Provisioning Portal website.

  1. Select Identifiers>App IDs in the left navigation panel, and click .
  2. Enter a name and an identifier. In the example below, the identifier is the full wildcard *. Click Continue.

    App ID details

When you submit an App ID, it appears in the App ID list. Click the ID in the list to view the configuration details.

App ID details


3.3 Configure a New Provisioning Profile

The final step is to create a new provisioning profile and download it for use in building your iOS application. In step 3 below, you have the option to create either an App Store distribution profile or an Ad hoc distribution profile.

Note: This tutorial presents the creation of an Ad hoc distribution profile because this type of profile is required to install your application on local devices for testing. When your application is complete and you are ready to distribute it through the App Store, repeat this process to create a new provisioning profile. In step 3, choose the App Store distribution option.

  1. Click Provisioning Profiles in the left navigation panel, select Distribution, and click .
  2. Select the distribution method you want to use for distributing your application. This example uses Ad Hoc for distributing to specific registered devices for testing. If you are distributing to the App Store, select the App Store option. Click Continue.

    Selecting a distribution method
  3. Select the app ID you want assigned to the profile, and click Continue.

    Selecting an app ID
  4. Select the certificate you want to use for the profile, and click Continue.

    Selecting a certificate
  5. Select one or more devices to allowed to run applications using this profile, and click Continue.

    Note: If you selected the App Store distribution method, you do not need to select any devices.

    Selecting provisioning devices
  6. Enter a descriptive name for the profile. Because this example uses the fully wildcarded App ID, the profile is named UnrestrictedAdHocDistribution for easy recognition. Click Generate.

    Provisioning profile name
  7. Click Download, and save the downloaded profile file (.mobileprovision) to the folder containing the certificate and private key files.

    Downloading the provisioning profile file

Now that you have the digital signature and provision files  required for distributing iOS applications, you can build an  application using MyEclipse Mobile Tools.