I am in the process of submitting my first Mac app to the Mac app store. Along the way, there is so much I have learned that it is getting hard to keep all the information in my brain’s RAM. Therefore, I am attempting to write blog posts to leave trails to the important steps in the process so that I can retrace them later. Here is my first on Certificates and Mac App Distribution.
Let’s first understand that there are two formats of app distribution:
- As Binaries like in iOS. Such files appear as Myapp.app
- As Installer Packages. Mac users are probably familiar with this. This is how you install a new Mac OS from the Mac App Store. It comes as an Installer Package.
Primarily there are five kinds of certificates when it comes to developing, testing and distributing Mac apps.
- Developer Certificate that is used to sign development versions of the app. This certificate is mainly used in Development and QA phases of application development cycle.
- 3rd Party Mac Developer Application Certificate used for distributing Mac apps via Mac app store.
- 3rd Party Mac Developer Installer Certificate used for distributing installer packages for apps via Mac app store.
- Developer Id Application Certificate used for distributing Mac apps outside of app store.
- Developer Id Installer Certificate used for distributing installer packages apps for apps outside of app store.
Apart from these certificates, there are two other for push notifications.
- Apple Push Notification service SSL (Sandbox) Certificate. This is used during development phase to establish connectivity between your notification server and the Apple Push Notification service sandbox environment. A separate certificate is required for each app you develop.
- Apple Push Notification service SSL (Production) Certificate. This is used in production environment.
There is one other
- Website Push ID Certificate for signing and sending updates for Websites. This is used if you want to integrate push notifications into your website. In OS X v10.9 and later, you can dispatch Safari Push Notifications from your web server directly to OS X users by using the Apple Push Notification service (APNs).
For you to sign your builds with these certificates properly, you need to have the intermediate certificates installed in your keychain. There are two of them.
- Worldwide Developer Relations Certificate Authority
- Developer ID Certificate Authority
The are installed by default but if you have inadvertently deleted them, you can get them by logging into developer.apple.com
Note: All the certificates sit in the Keychain Access app.