Certificate - to identify who creates the app:
When you build the ios app, you need to sign it with your private key, similar as signing https data. To generate a certificate, you will need first create a certificate request, and submit it to Apple portal. Apply will sign the public key with Apple certificate, so the public key becomes a certificate. What shows on the certificate tab on apple portal web site is the certificate signed by apple developer root certificate. The private key should always kept on your mac book.
In a word, the certificate originated from your developer mac book and it is the public key signed by Apple.
What the certificate tab in apple account shows is the certificate (public key part) of your certificate. If you open the keychain utility in your mac, you should see the certificate with the private key for the signing certificate. Xcode will use the private key to sign the application. And the devices that contains the certificate (public key) can verify the integrity of the application
In addition to developoer signing certificate, there is another push certificate for sending push notificate from your local server to apple APNS service. This push certificate is used to identify your server to connect to apple site. Similar to signing certificate, you create a Certificate Signing Request from your local server and upload it to Apple Development portal, after Apple sign it, you can download it and use it to initialize the APNS connection from your server application to apple APNS service. Note push certificate is associated with appid, so on apple developer portal site, you need first select an App ID to enable and create the push certificate. You can create two push certificate for each appid, development and distribution push certificates, if you app is signed with developer signing certificate, then using development push certificate If you app is signed with distribution signing certificate, then using distribution push certificate. Note after the push certificate is generated, it can be used on any box, (not just the box generated the signing request), as it only needs to identify which apple dev account generates it, instead of which server sends the request.
Device - to indicate who can run the app
You can collect the device ids from xcode's organizer, and then add it into the device tab in apple portal site. All devices added will have the permission to run the application created by you.
AppID - to identity an application in app store
AppID contains two parts: seeding id and bundle id
Seeding id is used to share keychain information between multiple apps created by you
Bundle id is unique for each of your app, it is also used by app push service and iCloud storage. Wildcard * can be used in the bundle it to match multiple apps. Although wildcard cannot be used for push service.
These information is used by Apple to identity your application and assign the service to it.
Provision Profile
Profile is the piece that joins certificate, appid, devices (for developer profile) settings, you need those settings to create a profile.
There are two kinds of profiles:
Development profiles: These are tied to specific devices, so the app can only run on those devices.
Distribution profiles: These are used to sign your app before you submit it to Apple for approval. They contain no device-specific information, but you can’t use them to install apps on any device yourself, because Apple still has to sign the app after the approval process.
There is a special distribution profile called ad hoc provision profile, it can be created similar as apple store distribution profile, but used for internal tester. To run the ad hoc build on a test device, the application must be built with ad hoc provision file, and the device is included in ad hoc device list. The device also needs to have the ad hoc provision file installed in order to run the application with ad hoc build.
After downloading the profile from apple developer portal to your mac book, double click it and you should see it installed on your xcode's organizer/Library section.
Note you also need to install the provision file on the device in order to run the app on device. If you deploy the app from Xcode to device, it will automatically deploy provision file also. Otherwise, just drag and drop the provision file from xcode organizer\Library\Provisioning profile to connected device's Provision Profiles section.
When you build the ios app, you need to sign it with your private key, similar as signing https data. To generate a certificate, you will need first create a certificate request, and submit it to Apple portal. Apply will sign the public key with Apple certificate, so the public key becomes a certificate. What shows on the certificate tab on apple portal web site is the certificate signed by apple developer root certificate. The private key should always kept on your mac book.
In a word, the certificate originated from your developer mac book and it is the public key signed by Apple.
What the certificate tab in apple account shows is the certificate (public key part) of your certificate. If you open the keychain utility in your mac, you should see the certificate with the private key for the signing certificate. Xcode will use the private key to sign the application. And the devices that contains the certificate (public key) can verify the integrity of the application
In addition to developoer signing certificate, there is another push certificate for sending push notificate from your local server to apple APNS service. This push certificate is used to identify your server to connect to apple site. Similar to signing certificate, you create a Certificate Signing Request from your local server and upload it to Apple Development portal, after Apple sign it, you can download it and use it to initialize the APNS connection from your server application to apple APNS service. Note push certificate is associated with appid, so on apple developer portal site, you need first select an App ID to enable and create the push certificate. You can create two push certificate for each appid, development and distribution push certificates, if you app is signed with developer signing certificate, then using development push certificate If you app is signed with distribution signing certificate, then using distribution push certificate. Note after the push certificate is generated, it can be used on any box, (not just the box generated the signing request), as it only needs to identify which apple dev account generates it, instead of which server sends the request.
Device - to indicate who can run the app
You can collect the device ids from xcode's organizer, and then add it into the device tab in apple portal site. All devices added will have the permission to run the application created by you.
AppID - to identity an application in app store
AppID contains two parts: seeding id and bundle id
Seeding id is used to share keychain information between multiple apps created by you
Bundle id is unique for each of your app, it is also used by app push service and iCloud storage. Wildcard * can be used in the bundle it to match multiple apps. Although wildcard cannot be used for push service.
These information is used by Apple to identity your application and assign the service to it.
Provision Profile
Profile is the piece that joins certificate, appid, devices (for developer profile) settings, you need those settings to create a profile.
There are two kinds of profiles:
Development profiles: These are tied to specific devices, so the app can only run on those devices.
Distribution profiles: These are used to sign your app before you submit it to Apple for approval. They contain no device-specific information, but you can’t use them to install apps on any device yourself, because Apple still has to sign the app after the approval process.
There is a special distribution profile called ad hoc provision profile, it can be created similar as apple store distribution profile, but used for internal tester. To run the ad hoc build on a test device, the application must be built with ad hoc provision file, and the device is included in ad hoc device list. The device also needs to have the ad hoc provision file installed in order to run the application with ad hoc build.
After downloading the profile from apple developer portal to your mac book, double click it and you should see it installed on your xcode's organizer/Library section.
Note you also need to install the provision file on the device in order to run the app on device. If you deploy the app from Xcode to device, it will automatically deploy provision file also. Otherwise, just drag and drop the provision file from xcode organizer\Library\Provisioning profile to connected device's Provision Profiles section.
No comments:
Post a Comment