Warning

iOS Support Status: html2app does not yet support iOS apps. This documentation is likely incomplete and may not be accurate. Please check back later for updates.

Create Certificates & Profiles

iOS signing requires two distinct files: a P12 Certificate and a Provisioning Profile. This guide explains how to obtain these using either a Mac (Option A) or via the command line on Mac, Windows, or Linux (Option B).

1. The CSR (Certificate Signing Request)

Before getting a certificate, you must create a CSR. You do not get this from Apple; you create it and upload it to the Apple Developer Portal.

Option A: Create a CSR on a Mac (UI)

Open Keychain Access.
Go to Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority.
Enter your email, select Saved to disk, and click Continue.

Option B: Create a CSR using OpenSSL (Mac, Windows, Linux)

# Generate a private key and a CSR
openssl req -new -newkey rsa:2048 -nodes -keyout private_key.key -out ios_csr.csr

After running the command, you'll find two files: private_key.key and ios_csr.csr.

2. Upload CSR to Apple Developer Portal

Now that you have your CSR, upload it to the Apple Developer Portal to receive your .cer file:

Go to the Apple Developer Portal
Navigate to Certificates, Identifiers & Profiles → Certificates
Click the + button to create a new certificate
Select the certificate type:
- iOS App Development for development signing
- App Store and Ad Hoc for distribution signing
Upload your ios_csr.csr file
Apple generates and provides a .cer file for download

Save this .cer file—you'll use it in the next step to create your P12 certificate.

3. The P12 Certificate (.p12)

After downloading your .cer file from the Apple Developer Portal, you must combine it with your private key into a .p12 file to use it for signing.

Option A: Export a P12 on a Mac (UI)

Open Keychain Access and find your certificate in My Certificates.
Expand the certificate to ensure the private key is linked.
Right-click the certificate and select Export....
Select Personal Information Exchange (.p12) as the file format and set a password.

Option B: Create a P12 using OpenSSL (Mac, Windows, Linux)

If you generated your CSR using OpenSSL, you can combine the certificate and key manually:

# 1. Convert Apple's .cer (DER) to .pem
openssl x509 -in ios_certificate.cer -inform DER -out ios_certificate.pem -outform PEM

# 2. Combine the .pem certificate and your private key into a .p12
openssl pkcs12 -export -inkey private_key.key -in ios_certificate.pem -out ios_certificate.p12

Note on Aliases: iOS P12 files do not require an alias. Apple's tools identify the certificate by its internal metadata.

4. The Provisioning Profile (.mobileprovision)

This file is downloaded directly from the Apple Developer Portal. It links your App ID, your Certificate, and your authorized devices (for Ad-hoc) or Store permissions.

Summary: Files Involved

Six files are involved in the iOS signing process:

File	Purpose
`.csr`	Certificate Signing Request—upload to Apple to receive `.cer`
`.cer`	Certificate from Apple—convert to `.pem`
`.key`	Private key—combined with `.pem` to create `.p12`
`.pem`	PEM-formatted certificate—intermediate format for combining with `.key`
`.p12`	Final certificate bundle (needed for html2app platform)
`.mobileprovision`	Provisioning profile (needed for html2app platform)

The .p12 and .mobileprovision files are what you need to build and sign your iOS app with the html2app platform.

Advanced: OpenSSL parameters (req / x509 / pkcs12)

These commands are a common workflow: create a private key + CSR (req), convert Apple's certificate to PEM (x509), then export a P12 bundle (pkcs12).

1) Create a private key + CSR: openssl req

req: X.509 certificate request and CSR utilities.
-new: Create a new CSR.
-newkey rsa:2048: Generate a new 2048-bit RSA private key.
-nodes: Do not encrypt the private key (no passphrase prompt).
-keyout private_key.key: Output file for the generated private key.
-out ios_csr.csr: Output file for the CSR.

2) Convert Apple's .cer (DER) to PEM: openssl x509

x509: X.509 certificate display and conversion utilities.
-in ios_certificate.cer: Input certificate file from Apple.
-inform DER: Input format is DER (binary), which is typical for .cer.
-out ios_certificate.pem: Output PEM certificate file.
-outform PEM: Output format is PEM (text/base64).

3) Export a P12 bundle: openssl pkcs12

pkcs12: PKCS#12 archive utilities (bundle cert + private key).
-export: Create a new .p12 file (will prompt for an export password unless -passout is used).
-inkey private_key.key: The private key that matches the certificate.
-in ios_certificate.pem: The certificate to include in the bundle.
-out ios_certificate.p12: Output P12 file.

Tip: The P12 export password is what you'll enter when uploading the certificate.

#Create Certificates & Profiles

#1. The CSR (Certificate Signing Request)

#Option A: Create a CSR on a Mac (UI)

#Option B: Create a CSR using OpenSSL (Mac, Windows, Linux)

#2. Upload CSR to Apple Developer Portal

#3. The P12 Certificate (.p12)

#Option A: Export a P12 on a Mac (UI)

#Option B: Create a P12 using OpenSSL (Mac, Windows, Linux)

#4. The Provisioning Profile (.mobileprovision)

#Summary: Files Involved

#Advanced: OpenSSL parameters (req / x509 / pkcs12)

#1) Create a private key + CSR: openssl req

#2) Convert Apple's .cer (DER) to PEM: openssl x509

#3) Export a P12 bundle: openssl pkcs12