How to compile an iOS app and how to create a .pem certificate?

Create the items related to the developer account, which you are going to use to publish the app

You have to create a CSR file and an iOS Distribution certificate. Then you will be able to use these items for all of the next apps you will have to publish under this developer account –> keep them preciously once created.


CSR must be created from the Keychain Access tool of your Mac. Open it from Applications > Utilities > Keychain Access:

Screen Shot 2015-08-19 at 16.28.45

From the menu select “Keychain Access” > “Certificate Assistant” > “Request a Certificate From a Certificate Authority…”:

Screen Shot 2015-08-19 at 16.30.09

In the window that opens, enter the email of the developer account (or any other email address, it doesn’t have any impact), and enter the name of your developer account, and select “save to disk”:

Screen Shot 2015-08-19 at 16.32.18

Save this CSR to your disk, in a folder related to the certificates of your developer account. Close the window.


– Login to your developer account at
– Click on “Certificates, Identifiers & Profiles” and then on “Certificates” again
– Click on “Production” on the main “Certificates” menu on the left:

Screen Shot 2015-08-19 at 16.40.22

– Then click on “+” from the upper right corner of the page
– Choose “App Store and Ad Hoc” and click on “continue”:

Screen Shot 2015-08-19 at 16.47.19

– Click on “continue” again
– Sign your iOS Distribution certificate with the CSR file you have created before
– Download the ios_distribution certificate that has been created.



Using this certificate you will be able to add push notifications and in-app purchase, and other services to your app. In our case, only the push notification service.

– Click on “App IDs” from the “Identifiers” menu on the left:

Screen Shot 2015-08-19 at 16.48.38

– click on “+” from the upper right
– enter your app name, and the bundle id of the app:

Screen Shot 2015-08-19 at 16.53.19

– Go below and select “Push Notifications” in the list of “App Services”:

Screen Shot 2015-08-19 at 16.54.09

– Click on “continue”
– Click on “continue”, click on “submit”, click on “done”
– Then in the list, find the app id you have just created and click on it
– Click “edit”
– Go at the bottom and in the “Production SSL Certificate” section click on “Create Certificate”
– Click on “continue”
– Click on “choose file” and upload the CSR file you have created previously for this developer account (the same CSR you have used to create the iOS distribution certificate for this developer account)
– Download the aps_production certificate that has just been created. Store this certificate in a folder related to this app on your Mac.
– Click on “done”


– click on “distribution” from “Provisioning profile” on the left menu:

Screen Shot 2015-08-19 at 17.21.08

– Click on “+” from the upper right
– Choose “App Store” under “Distribution”:

Screen Shot 2015-08-19 at 17.24.01

– Select the app ID of your app, and click on “continue”
– Select the iOS Distribution certificate associated to the CSR you have used to sign the aps_production you have created before (it is very important to use the iOS Distribution which has been created with the CSR used to sign the aps_production.cer of this app. Don’t forget it, and don’t forget that in case you create a new aps_production.cer for this app with another CSR you will have to create a new provisioning profile too with the iOS Distribution certificate made with this CSR, and then to publish an update of your app on the App Store)
– Click on “continue”
– Download the provisioning profile  that has just been created. Store this certificate in the folder related to this app on your Mac, which contains the aps_production certificate created previously.


– Download your iOS source code
– Open the xcode project in Xcode
– Go outside Xcode, in the folder which contains your provisioning profile and your aps_production.cer certificate
– Double click on each of these files
– If it is the first time you are publishing under this developer account with this CSR and this iOS Distribution certificate, go in the folder which contains the CSR and the iOS Distribution of this developer account and double-click on the ios_distribution.cer file

– Go back to Xcode
– Go in the “Build settings” tab
– Go below to “Code Signing”
– In “Code Signing Identity” select the “iPhone Distribution” related to this developer account
– Go back to the “General” tab
– From the upper left corner, select “iOS Device”:

Screen Shot 2015-08-19 at 17.35.58

– then from the menus of Xcode, click on “Product” > “Archive”
– Then, once your app is compiled, choose “Submit”, select the developer account and send your .ipa file to iTunes (you must have created the app sheet on before sending your app to iTunes from Xcode)


– Go in the keychain access on your Mac
– from the left menu, select “Certificates”
– in the search bar at the upper right, enter the bundle ID of your app
– click on the arrow on the left of your “Apple Production IOS Push Service” certificate, a private key must be attached under it
– Select the private key and the certificate
– Right-click on them
– Choose export
– Choose your desktop as the destination (it can be another location but you will have to adjust the code we will give you after)
– Choose a password of your own
– Open the Terminal console of your Mac (From Applications > Utilities > Terminal)
– In the Terminal, be sure to be located on your desktop (you must have “Desktop” displayed and then your username)
– Enter this command:

“openssl pkcs12 -in Certificates.p12 -out certificat.pem -nodes -clcerts”

(If the terminal answers that there is no file named “Certificates.p12”, go on your desktop and check what is the name of the .p12 file, and enter this name rather than Certificates.p12 in the command line)

– Enter the password you have used just before to export your certificate on your desktop
– On your desktop you have now two certificates: a Certificates.p12 and a certificat.pem.
– Move these files to the folder of your app on your Mac (with the provisionning profile and the aps_production.cer)
– Upload this certificat.pem on the app sheet in your backoffice
– You’re done!

More information about sending push notifications using Onyx App Creator:

To send push notifications you have two options:

  1. you can send the push notification to both iOS and Android. In this case you must have a .pem certificate already uploaded to the server and the status of both apps on the publication page should be “published”.
  2. you can send the push notification to Android only, so there must be no .pem certificate and the status for iOS must be on “waiting”.

In case 1, you have to create a .pem certificate.

Before looking at .pem certificate creation, let’s make a brief clarification about case 2. In case 2 there must be absolutely no certificate (.pem file) for iOS. If you have already uploaded one please contact us at contact to remove it.

Let’s keep looking at the .pem certificate creation.

  1. All certificates are linked to each other, therefore the aps_production certificate must be signed with the same CSR which was used to create the ios_distribution certificate and the provisioning profile. That means, if you change one of these items, your app will not be able to send push. For example, if you have already created a .pem certificate and you want to create it again, if you sign it with another CSR than the one used to create the ios_distribution certificate and the provisioning profile of this app, you will have to edit the provisioning profile as well and to link it to the right iOS Distribution (the one created with the CSR you are using), and then you will have to submit an update of your app to the App Store and wait for Apple to review and accept your app.
  2. Your .pem certificate must be well created and must contain 4 sections:

– friendlyName: Apple Production IOS Push Services
– friendlyName: iPhone Distribution
– And then two sections about keys with “Key Attributes: <No Attributes>”

If your .pem doesn’t contain these sections that means you have missed something and it will not work.


Please follow and like us

Enjoy this website? Please spread the word