development

Signing Certificate

A cryptographic credential issued by Apple that proves a developer's identity and is used to digitally sign app binaries for distribution.

code signing provisioning profile app id

A signing certificate is a digital credential that contains your public key and Apple’s verification that you are a registered developer. When you sign an app binary, the certificate proves that the app comes from you and has not been modified since signing.

Certificate Types

  • Apple Development - for installing and testing on registered devices
  • Apple Distribution - for App Store and TestFlight distribution
  • Developer ID Application - for macOS apps distributed outside the App Store
  • Developer ID Installer - for macOS installer packages

How Certificates Work

A certificate consists of two parts:

  1. Public key - embedded in the certificate, stored at Apple, and distributed with your signed app
  2. Private key - stored in your Keychain, never leaves your machine

When you sign an app, the private key creates the signature. When a device verifies the app, it uses the public key to validate the signature.

Certificate Limits

Apple limits the number of active certificates per type:

  • Development: 2 per team member
  • Distribution: 3 per team
  • Developer ID: 5 per team

Distribution certificates are shared across the team. If one person creates the certificate, others need the exported .p12 file (containing both keys) to sign builds.

Certificate Management

Certificates expire after 1 year. Set reminders to renew before expiration. For CI/CD, store certificates as base64-encoded secrets and install them into a temporary keychain during each build. Fastlane Match automates certificate management by storing them in an encrypted repository.