I want to allow customers to upload their own provisioning profile, including icons, so that I can make them a custom version of my app on the fly, which they can then publish.
However, I'm having a little trouble validating the provisioning profile. In particular, I want to check whether the DeveloperCertificate is actually a valid certificate. The profile looks something like this:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>ApplicationIdentifierPrefix</key>
<array>
<string>ABCDEFGH</string>
</array>
<key>CreationDate</key>
<date>2012-03-28T11:17:23Z</date>
<key>DeveloperCertificates</key>
<array>
<data>
MIIFajCCBFKgAwIBAgIIddUra9YprMQwDQYJKoZIhvcNAQEFBQAwgZYxCzAJ
BgNVBAYTAlVTMRMwEQYDVQQKDApBcHBsZSBJbmMuMSwwKgYDVQQLDCNBcHBs
ZSBXb3JsZHdpZGUgRGV2ZWxvcGVyIFJlbGF0aW9uczFEMEIGA1UEAww7QXBw
...
</data>
</array>
...
</dict>
So, I extract the certificate(s) and then want to check them, preferably using an openssl
command. What is the encryption used for these certificates, and how do I verify them using openssl? I would think that this uses pkcs12, but trying that gives me an error:
$ openssl pkcs12 -noout -in testcertificate
140653159306912:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1319:
140653159306912:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=PKCS12
Can anyone point me in the right direction? It is essential that I can somehow verify developer certificates' validity.
Thanks
A: The provisioning profile invalid status is caused by changes to the profile’s associated certificate or App ID. Any time an App ID or certificate changes, all profiles that are associated to it are marked Invalid.
Double click the downloaded profile, it will be embedded in the key-chain access. In your Apple Developer account navigate to Certificates, IDs & Profiles > Identifiers > Provisioning Profiles. Add a new provisioning profile.
Here are the steps to create a certificate and profile on Apple’s website to develop an iOS app. Log into your Apple Developer account and navigate to Certificates, Identifiers & Profiles. Add a new certificate.
Under the “Register a New Provisioning Profile” section select “App Store” from the “Distribution” section. From the drop down menu, select your app ID. Click Continue. Select the certificate you just created. Click Continue. Fill in the name of your choice. The name is not visible to end-users. Click Generate. Download the provisioning profile.
I've been looking into this, and it turns out that it doesn't have to be as hard as how David describes it. The solution is actually quite simple:
The certificate is a base64-encoded DER certificate. What you need to do is the following:
Base64-decode the certificate:
base64 -d certificate > certificate.crt
Test the certificate with OpenSSL:
openssl x509 -inform DER -in certificate.crt -noout -text
Or, if we pipe it:
cat certificate | base64 -d - | openssl x509 -inform DER -noout -text
The -text
option makes openssl give all the details, but you can specify according to your wishes. Suppose, for example, that you are only interested in whether the certificate is an actual Distribution certificate, you can use the -subject
option instead and look at the CN=
field.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With