Setting up iOS application signing (Certificates, Provisioning Profiles)

NOVASOLUTIONS.TECHNOLOGY is engaged in the development, support and maintenance of iOS, Android, PWA mobile applications. We have extensive experience and expertise in publishing mobile applications in popular markets like Google Play, App Store, Amazon, AppGallery and others.
8+Years of work900+Completed projects100+In house employees19+Partners
Development and support of all types of mobile applications:
Information and entertainment mobile applications
News apps, games, reference guides, online catalogs, weather apps, fitness and health apps, travel apps, educational apps, social networks and messengers, quizzes, blogs and podcasts, forums, aggregators
E-commerce mobile applications
Online stores, B2B apps, marketplaces, online exchanges, cashback services, exchanges, dropshipping platforms, loyalty programs, food and goods delivery, payment systems.
Business process management mobile applications
CRM systems, ERP systems, project management, sales team tools, financial management, production management, logistics and delivery management, HR management, data monitoring systems
Electronic services mobile applications
Classified ads platforms, online schools, online cinemas, electronic service platforms, cashback platforms, video hosting, thematic portals, online booking and scheduling platforms, online trading platforms

These are just some of the types of mobile applications we work with, and each of them may have its own specific features and functionality, tailored to the specific needs and goals of the client.

Offered services
Showing 1 of 1 servicesAll 1735 services
Setting up iOS application signing (Certificates, Provisioning Profiles)
Medium
from 1 business day to 3 business days
FAQ
Our competencies:
Development stages
Latest works
  • image_mobile-applications_feedme_467_0.webp
    Development of a mobile application for FEEDME
    756
  • image_mobile-applications_xoomer_471_0.webp
    Development of a mobile application for XOOMER
    624
  • image_mobile-applications_rhl_428_0.webp
    Development of a mobile application for RHL
    1052
  • image_mobile-applications_zippy_411_0.webp
    Development of a mobile application for ZIPPY
    947
  • image_mobile-applications_affhome_429_0.webp
    Development of a mobile application for Affhome
    862
  • image_mobile-applications_flavors_409_0.webp
    Development of a mobile application for the FLAVORS company
    445
Show more works

iOS Application Signing Setup (Certificates, Provisioning Profiles)

Apple's signing system is one of the most frequent time-wasters in iOS development. Xcode can manage signing automatically, but in CI/CD environments, team workflows, or with multiple entitlements, automatic management breaks unpredictably. Build fails with "No signing certificate found," and Xcode stays silent about the real cause.

What Breaks and Why

Problems usually arise in three situations.

Expired certificate in keychain. Apple Developer Certificate valid one year. When it expires, old Provisioning Profiles tied to it become invalid automatically. Xcode sometimes doesn't report expiration explicitly—just can't find needed signature. Check current status: Keychain Access → My Certificates → look for iPhone Distribution or Apple Distribution with correct date.

Bundle ID and Provisioning Profile mismatch. Profile created for specific App ID. Wildcard profile (com.example.*) convenient for quick dev, but doesn't support most entitlements: Push Notifications, Associated Domains, App Groups, HealthKit—all require explicit App ID. Project with Push enabled but wildcard profile—build passes, but entitlements don't apply, and APNS won't work.

CI/CD without keychain access. Fresh CI agent has neither certificates nor profiles. Standard approach—match (Fastlane): encrypted repository with certificates that match downloads and imports before build. Alternative—Xcode Cloud with automatic management, but it's not flexible for custom steps.

Complete Setup Process

Apple Developer Portal

  1. Create App ID (Identifiers → App IDs) with explicit Bundle ID and needed Capabilities
  2. Create Certificate Signing Request via Keychain Access: Certificate Assistant → Request a Certificate
  3. Upload CSR to Apple Developer Portal, download certificate, install in Keychain
  4. Create Provisioning Profile, binding App ID + Certificate + needed devices (Development) or without devices (Distribution)

Xcode Configuration

In Signing & Capabilities select Manual signing. Specify Team, Bundle Identifier, and select profile explicitly. For multiple targets (main app + Extension)—each target needs its own Provisioning Profile.

<!-- Example entitlements file for app with Push + App Groups -->
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" ...>
<plist version="1.0">
<dict>
    <key>aps-environment</key>
    <string>production</string>
    <key>com.apple.security.application-groups</key>
    <array>
        <string>group.com.example.app</string>
    </array>
</dict>
</plist>

Entitlements in .entitlements file must match exactly what's enabled in App ID on Portal. Mismatch → reject on archive with Provisioning profile doesn't support the ... entitlement.

Fastlane match for Teams

# Matchfile
git_url("https://github.com/your-org/ios-certificates")
storage_mode("git")
type("appstore") # or "development", "adhoc"
app_identifier(["com.example.app", "com.example.app.notification-extension"])
username("[email protected]")

fastlane match appstore --readonly  # on CI, read-only
fastlane match development          # on local machine, update

--readonly on CI is important: prevents accidental profile regeneration during build.

Multiple Extension Targets

Notification Service Extension, Share Extension, Widget—each needs separate App ID (e.g., com.example.app.widget) and separate Provisioning Profile. App Groups let them share data via UserDefaults(suiteName:) or common file container. App Group must be enabled in App ID of each target.

Common Mistakes

  • Download Provisioning Profile manually and put in ~/Library/MobileDevice/Provisioning Profiles—works locally, breaks on CI and for other developers
  • Forget to update profile after adding new device to Portal (for Development)
  • One certificate for whole team instead of Certificate per developer—when one certificate is revoked, builds fail for everyone

Workflow

Audit current state: certificates in Keychain, profiles in Portal, entitlements in project.

Align App ID, Capabilities, and Provisioning Profiles.

Setup Fastlane match or Xcode Cloud for team work and CI/CD.

Test build on simulator and real device, archive, and verify via Altool or Transporter.

Timeline

One-off signing setup for one target—2–4 hours. Multiple Extensions, App Groups, CI/CD setup via Fastlane match—1–2 days.