Sharing the iOS distribution certificate

December 13th, 2010

Due to Apple only allowing one member of an enterprise account to hold the role of Team Agent and that user having their certificate associated with that accounts distribution certificate, if you want to have multiple machines capable of signing a build with that distribution certificate we need a way to share that certificate's private key. Below are the steps I found for sharing that certificate and provisioning that second machine for producing a distributable build.

Exporting the certificate

  1. Open Keychain Access.
  2. In Category panel, select Certificates.
  3. Select the certificate you want to export (should be named something like: iPhone Distribution: [Original Developer Name]).
  4. Highlight both the certificate and its private key.
  5. Right-click and select Export 2 items.
  6. Select location to save p12 file.
  7. (Optional)Enter a password - this will be used to install it on the other machine.
  8. Press Save.

Importing the certificate

  1. Double click on p12 file (this should cause Keychain Access to open).
  2. If you set a password when exporting, enter it into the Enter Password prompt else just leave it blank and press OK.
  3. You should now have a new certificate in the login keychain. N.B. This certificate and private key will have the same name as it did on the first machine.
  4. Log into your Team Agent account on
  5. Select iOS Provisioning Profile link.
  6. Select Certificates->Development tab, download and install the certificate for the Team Agent.
  7. Double click the downloaded file to install it to the keychain.
  8. Select Certificates->Development tab, download and install the WWDR intermediate certificate.
  9. Double click the downloaded file to install it to the keychain.
  10. Select Provisioning->Distribution tab and download provisioning profile. N.B. the downloaded file should be a .mobileprovision file, if it's a .cer file you are in the Distribution tab of the Certificates section.
  11. Drag onto the Xcode icon to install.

Congratulations you should now be able to sign builds with the distribution certificate on multiple machines.

Possible roadblock:

When double-clicking on any of the any of the above files, you may see the following message:

"The system roots keychain cannot be modified"

To overcome this you'll need to manually add the files to the appropriate keychain by dragging them into that keychain. The AppleWWDRCA.cer should be dragged into System keychain and any development/distribution certificates into the login keychain.

What do you think? Let me know by getting in touch on Twitter - @wibosco