Apple has created a system for controlling the distribution of apps. The provisioning system has two goals: to ensure the authenticity of the app's creator and to restrict what devices an app will run on. The system is powerful but it can be a source of confusion. In this article we will try to walk you through the steps needed to use this system. To perform this step you will have to be registered as an iOS developer. Log into the iOS Provisioning Portal

At the highest level, the steps are Creating a Certificate, Adding Devices, Creating an App ID and and Creating a Provisioning File.

Creating a Certificate

This step is how Apple ensures the authenticity of the apps created for distribution. You will

  1. obtain a certificate that lets Apple securely encrypt information they send back to you
  2. provide Apple with the certificate and download an encrypted code-signing key that says you are who you claim to be
  3. decrypt the code-signing key and store it on your computer.
  4. export the code-signing key so EachScape can perform builds on your behalf

There are a few restrictions to performing this step. You must perform this step on a Mac and you must be the administrator of the account. (There are other roles, but the person who creates the account originally is the administrator.)

You should only need to do this step annually. When this certificate expires, it will not be possible to produce a build of your app.

Let's get started.

Step 1: Get a Code Signing Request (CSR)

Start the Keychain Access program. It's located in the Utilities folder on your Mac. Or, press Command-Space and start tping Keychain and you will see it apear as an option.

From the Keychain Access menu, choose Request a Certificate from a Certificate Authority.

A dialog will appear like following and where this example says "Robots" you should type the name of your company.


You will be prompted to save the file disk. Make a note of where it's being saved. You will need it in the next step (but feel free to delete it after you complete these steps.

Step 2: Upload the CSR to Apple

On the left navigation choose Certificates.

Across the top tabs choose Distribution. Many people miss this step.

If you get to this step and the actions column says includes a Download button, STOP! This indicates there is a valid certificate somewhere in the world. If you revoke the certificate, any other developer who has a copy of the certificate will be unable to use it. However, you may choose to revoke the certificate and proceed. Just be sure you understand what you are about to do.

Press the Request Certificate button.

Scroll to the bottom of the next screen and use the Choose File button to select the file you created earlier with Keychain Access.

Press the Submit button.


Step 3: Download the Certificate Issued by Apple

You will be returned to the Distribution tab and the status column will probably "Issued". Wait about 10 seconds and refresh the browser window. The actions column should now contain a Download button. Click the Download button.


Step 4: Export the Certificate

Once you have downloaded the file, import it into Keychain Access. Normally this is done by opening the file, but you can also choose the Import Items... option from the File menu.

The last step of the process is to export the certificate. In the Keychain Access application, navigate to the My Certificates category, find the certificate you just downloaded and click on the disclosure triangle to the left of the certificate.

Select both items, right-click and select Export 2 Items... 

You will be prompted to save the file, assign a password to the file (one you can share with EachScape) and usually you will also be asked to provide your password to allow the file to be exported. The file should be at least 6-7k bytes large - if it is smaller, please verify that you exported 2 items.

Send the file to EachScape by email. We recommend you communicate the password to us by some other channel.