Glossary term terminology
A norganization that authorizes a certificate.
Certificate signing request(CSR)
A file that contains personal information used to generate a signing certificate.
This file also contains the public key to be included in the certificate, along with identifying information.
Client SSL certificate
A certificate that allowsa developer’s server to connect to an Apple service.
For example, developers use a client SSL certificate to communicate with the Apple Push Notification service.
A single right granted to a particular app, tool, or other executable that gives it additional permissions beyond what it would ordinarily have.
The term entitlement is most commonly used in the context of a sandbox, and to a lesser degree for an App ID. Regardless of the location, an entitlement is a piece of configuration information included in your app’s code signature—telling the system to allow your app to access certain resources or perform certain operations. In effect, an entitlement extends the sandbox and capabilities of your app to allow a particular operation to occur.
You set some entitlements for an App ID in Member Center—for example, by enabling certain technologies and services—and others in the Xcode project. The technologies enabled for an App ID serve as a white list of the technologies one or more apps may use. Some technologies are enabled by default for an explicit App ID. The Xcode project configuration specifies which technologies the app actually uses.
A file that contains a developer’s development certificates, distribution certificates, and provisioning profiles.
A type of signing certificate used during development that identifies a single developer on a team.
It allows an app to launch on a device through Xcode.
Development provisioning profile
A typeof provisioning profile that authorizes an app to use certain technologies and run on designated devices during development.
This profile consists of a name, multiple development certificates, multiple devices, and an App ID.
Your Signing Certificates in Depth
Your code signing identities, stored in your keychain, represent your iOS and Mac program development and distribution credentials. You should be familiar with the names of these certificates, because they appear in menus, and the types of certificates, because they appear in lists, so that you don’t accidentally remove them from your keychain or Member Center.
There are different types of signing certificates for different purposes. Development certificates identify a person on your team and are used to run an app on a device. During development and testing, you’re required to sign all iOS apps that run on devices and Mac apps that use certain technologies like iCloud and Game Center.
Distribution certificates identify the team and are used to submit your app to the store or for a Mac app, distribute it outside of the store. If you’re a company, distribution certificates can be shared by team members who have permission to submit your app. There are multiple kinds of distribution certificates, each associated with a specific method of distribution. Different code signing identities are also used for iOS and Mac apps.
Signing certificates are issued and authorized by Apple. You must have the intermediate certificate provided by Apple installed in your system keychain to use your certificate; otherwise, it’s invalid. The intermediate certificates provided by Apple and installed by Xcode are:
- Apple Worldwide Developer Relations Certification Authority. Used to validate development and store certificates.
- Developer ID Certification Authority. Used to validate a Developer ID certificate for distribution outside of the Mac App Store.
Team Provisioning Profiles in Depth
A team provisioning profile is a development provisioning profile that Xcode manages for you. A development provisioning profile allows your app to launch on devices and use certain technologies during development. For an individual, a team provisioning profile allows all apps signed by you to run on all of your registered devices. For a company, a team provisioning allows any app developed by a team to be signed by any team member and installed on any team device.
The team provisioning profile contains:
- A wildcard App ID that matches all your team’s apps or an explicit App ID that matches a single app
- All devices associated with the team
- All development certificates associated with the team
Xcode creates App IDs and team provisioning profiles as needed depending on the configuration and capabilities of your app. Xcode adds all of the devices and development certificates from all team members to the team provisioning profile. Thereafter, Xcode updates the team provisioning profile whenever you register a device, create a development certificate, or modify the App ID. (Changes you make to your team assets using Member Center don’t automatically update team provisioning profiles.)
If your app can use a wildcard App ID during development, Xcode creates a team provisioning profile named iOS Team Provisioning Profile: * or Mac Team Provisioning Profile: * using a wildcard App ID it also creates. You can use a wildcard App ID with iCloud and some other iOS-specific technologies. However, if you add a capability that requires an explicit App ID—for example, Game Center or In-App Purchase—, Xcode creates an explicit App ID and a corresponding team provisioning profile called iOS Team Provisioning Profile: or Mac Team Provisioning Profile: followed by the bundle ID. Because an explicit App ID exactly matches the project’s bundle ID, you can register only one explicit App ID per bundle ID. Therefore, if one already exists in Member Center, Xcode uses it in the team provisioning profile instead of creating one for you.