iOS code signing
Code signing is required by Apple for integrating app services, installing your iOS app on real devices, and for uploading it to App Store Connect so that it can be distributed through TestFlight or App Store. It enables to identify who developed the app and ensure that all the changes to the app come from you or your team.
To receive a signed
.ipa file of your app on Codemagic, you need to set up code signing.
Before you can start signing or distributing your app, there are a few things you need.
- Apple Developer Program membership
- An app ID for your iOS app in Apple Developer portal
- A signing certificate (
Personal Information Exchange, .p12)
- A provisioning profile (
The signing certificates — development or distribution — help to identify who built the code.
A provisioning profile — development or distribution — contains information about the app ID, the devices on which the app can be installed and the certificates that can be used for signing the app. Note that if your app contains app extensions, you need an additional provisioning profile for each app extension.
With automatic code signing, Codemagic will create both the certificate and the provisioning profile for you on your behalf without requiring a Mac.
With manual code signing, you need to upload the signing files manually.
For successful signing, the certificate and the provisioning profile must match in the following way:
In short, the purpose of the different provisioning profiles is the following:
- Development: for testing the app on a real device while developing.
- Ad Hoc: for distributing the app to non-TestFlight testers (e.g. via Testmagic). The app must be built in release mode.
- App Store: for distributing the app via TestFlight or the App Store. The app must be built in release mode.
Automatic code signing
Based on the selected provisioning profile type, Codemagic will create a development or a distribution certificate and a development, Ad hoc or App store provisioning profile. The provisioning profile (except for Distribution) will include all the devices you have registered on your Apple Developer account.
Enabling the Apple Developer Portal integration
Apple Developer Portal integration can be enabled in User settings > Integrations for personal projects and in Team settings > Team integrations for projects shared in the team (if you're the team owner). This allows you to convneniently use the same Apple Developer Portal credentials for automatic code signing across all projects and workflows.
- In the list of available integrations, click the Connect button for Developer Portal.
- Enter your Apple ID (Apple Developer Portal username) and password.
- Click Save. Codemagic will attempt to establish a connection to Apple Developer Portal and will ask for a verification code for two-factor authentication or two-step verification.
If you have set up several trusted phone numbers, select the phone number to which the verification code will be sent.
- Enter the verification code and click Save one more time. On successful authentication, the Apple Developer Portal integration will be enabled.
Setting up automatic code signing
Go to App settings > Publish > iOS code signing.
Select Automatic as the code signing method. If you haven't enabled the Apple Developer Portal integration yet, you will be asked to enable it before you can continue configuration.
If you belong to several Apple Developer teams, select the right team in the Developer portal team field.
Select the provisioning profile type used for provisioning the build. Codemagic will automatically select or generate a matching certificate for code signing.
Enter your app's bundle identifier (optional). By default, Codemagic looks for it from your
Note that if your app contains app extensions, an additional provisioning profile is required for each extension. Codemagic will use the bundle identifier to find the relevant provisioning profiles. If your bundle identifier is
com.example.app, the matching profiles are the ones with
com.example.app.*as bundle identifier.
Finally, click Save to finish the setup.
As the next step, you can configure publishing to App Store Connect to distribute your app to testers via TestFlight or submit it to App Store.
Manual code signing
With the manual code signing method, you are required to upload the signing certificate and the matching provisioning profile(s) to Codemagic in order to receive signed builds.
See how to export certificates and provisioning profiles.
Setting up manual code signing
- Go to App settings > Publish > iOS code signing.
- Select Manual as the code signing method.
- Upload your signing certificate (in
.p12format). If your certificate is password-protected, enter the Certificate password.
- Upload your provisioning profile (
.mobileprovision). Note that if your app contains app extensions, you are required to upload an additional provisioning profile for each extension.
- Click Save to finish the setup.
Codemagic will now create a signed
.ipa file with every build. Note that you must also set up publishing to App Store Connect to distribute the app via TestFlight or submit it to the App Store.
Exporting certificates and provisioning profiles
If you don't have an existing certificate, you will have to first generate the signing certificate using Xcode.
To export the signing certificate:
- Open Keychain Access by searching for it in Spotlight.
- Select My Certificates in the Category submenu on the left sidebar.
- Locate your certificate. The name of the certificate should start with iPhone Developer or iPhone Distribution.
- Click on the certificate and select File > Export Items from the OSX menu bar.
- You are then prompted to save the certificate. Be sure to leave the file format field filled as
Personal Information Exchange (.p12)because saving the certificate with the
.cerextension will not include your private key.
- Enter the certificate export password when prompted (optional).
To export the provisioning profile:
- Log in to Apple Developer portal.
- Navigate to Certificates, Identifiers & Profiles > Profiles.
- Select the provisioning profile you would like to export and click Download.
- Save it to have it ready.