Getting certificates and provisioning profiles for iOS on Windows

November 15th, 2011    by sigman    1926
  Tips   actionscript, mobile

Despite what most people think adn website tells you, you can create certificates and provisioning profiles without Mac and keychain. This can be done on Windows with few easy steps described in this article.

Article imported from


Steps for development and distributions are the same.

1. Install Win32 OpenSSL Light. It requires MS Visual C++ 2008 Redistributable Package. Both download links are available here

2. After installation open cmd and navigate to OpenSSL-Win32\bin if this is the folder you install it to.

First set the env variable:

set RANDFILE=.rnd then


Then type:



3. First generate the key:

genrsa -out thekey.key 2048


4. Next generate certificate signing request, C stands for your country code:

req -new -key thekey.key -out certificate.csr  -subj "/, CN=firstname lastname, C=IE" -config "openssl.cfg"

Note: -config "openssl.cfg" is necessary only if you previously got the warning you couldn’t open the config file

5. Log on to, go to iOS Dev center, click on Certificates, Identifiers & Profiles. Click on Certificates and select Deveopment or Production category depending what you want to do. Create new certificate and when asked to upload the cert signing request select the certificate.csr file you just created. Download it. For development certificate it will be ios_development.cer, for distribution ios_distribution.cer.

6. Next go back to your openssl and generate pem file:

x509 -in ios_distribution.cer -inform DER -out ios_distribution.pem -outform PEM


7. Now you will convert the pem file into p12:

pkcs12 -export -inkey thekey.key -in ios_distribution.pem -out iphone_dist.p12


For development obviously you will use ios_development.pem as intput and iphone_dev.p12 as output, whatever you like really.


8. Next you need to create a new provisioning profile. Go to Provisioning Profiles, click create new, select category, iOS APP Development or App Store for production. For getting the development provisioning you will need to select a device that you added. Next select App ID and then certificate that you just created. Bear in mind that you need separate two certificates for development and distribution - but the process of creating them is the same.

When you finish everything you are ready to 'compile' your iOS app. You will need your .mobileprovision file and .p12. Plug your iDevice, open iTunes and drag development provisioning and the generated .ipa file to the apps category in iTunes, next select that app in iDevice section and sync. For distribution you will need to use MacOS on Mac or VM to install Application Loader and upload your app to the AppStore.