Home Create a Distribution Certificate from Developer Apple ID
Post
Cancel

Create a Distribution Certificate from Developer Apple ID

By Fouad Raheb
Posted 2025-09-18 3 min read

Note: Push Notifications won’t work for WhatsApp, since it requires additional modifications and a private entitlement from Apple.

Requirements

  • An Apple ID subscribed to the Apple Developer Program (costs 100$/year). (Check this video on how to enroll)
  • A Mac (Keychain Access).
  • UDIDs of devices you want to include in the profile. (You can use udid.io or find it from your Mac when the device is connected)

1) Create a Certificate Signing Request (CSR) on your Mac

  1. Open Keychain Access (/System/Library/CoreServices/Applications).
  2. From the menu: Keychain Access → Certificate Assistant → Request a Certificate From a Certificate Authority.
  3. Fill User Email Address and Common Name (e.g., “My Distribution Key”), choose Saved to disk, leave CA Email blank, click Continue and save the .certSigningRequest file.
  4. This creates a private key in your login keychain; do not delete it — the private key is required to sign builds.

2) Create the Distribution certificate

  1. Sign into developer.apple.com/account → Certificates, IDs & Profiles → Certificates.
  2. Click + to add a certificate → Choose Apple Distribution.
  3. Upload the .certSigningRequest file you saved, continue and Download the generated .cer file.
  4. Double-click the downloaded .cer file or drag it into Keychain Access; it will be added under Keychains → login → My Certificates as Apple Distribution: YOUR NAME (TEAM_ID) (Do this on the same Mac you created the CSR).

3) Register devices

In the Developer portal, go to Devices and add device names + UDIDs for every device you want to install the app on.

4) Create App identifier (with Push Notifications & App Group)

  1. Go to Identifiers → click +
  2. Select App Groups → click continue.
  3. write a Description and Identifier (ex: group.com.YOUR_DOMAIN.distribution), click continue
  4. After registering the App Group, go back to Identifiers → click + → Select App IDs → click continue → Select App, click continue
  5. Write a description for your App ID and choose any bundle ID (ex: com.YOUR_DOMAIN.distribution) (Don’t use a Wildcard)
  6. Under Capabilities, enable Push Notifications to allow apps to receive notifications.
  7. Also under Capabilities, enable App Groups → click on Configure → select the App Group ID you just created in step 3.
  8. Click continue, then click Register

5) Create the Ad-Hoc provisioning profile

  1. Go to Profiles → click +.
  2. Under Distribution choose Ad Hoc, click Continue.
  3. Select the App ID you created, click Continue.
  4. Select the Distribution certificate you created, click Continue.
  5. Select the devices to include, click Continue.
  6. Give the profile a name, then Generate and Download the .mobileprovision file.

6) Export the certificate + private key from Keychain (create .p12)

  1. Open Keychain Access → login keychain → My Certificates.
  2. Find your Apple Distribution certificate — expand it to confirm a private key is shown under it.
  3. Right-click the certificate (not the private key) → Export.
  4. Choose Personal Information Exchange (.p12) as the file format, pick a filename, click Save.
  5. You’ll be asked to set a password to protect the .p12 and then to enter your macOS account password to allow Keychain to export the private key. The resulting .p12 contains the certificate and private key.

7) Signing apps

Now all you need to sign and install apps on other devices is your .p12 certificate and your .mobileprovision file. You can use tools like GBox, Feather, ESign, and others to do this.

Sideloading
Recently Updated
Contents