import_certificates_match.mo
Owner: Louis Lagrange
When using Fastlane's Match, you might want to update the certificates or provisioning profiles manually if you don't have enough rights on the publisher's Apple developer account (meaning that you're unable to create certificates and provisioning profile by your own or by using match).
Prerequisites (~10 min)
A
.p12
distribution certificate and its password, saycert.p12
A
.mobileprovision
provisioning profile, sayprofile.mobileprovision
An Apple developer account that has read access to the publisher's Apple developer account (check by logging in)
Write access to the Match git repo, say
certificates.git
The app's bundle identifier:
BUNDLE_IDENTIFIER
A
list_certificates
lane in yourFastfile
:
Steps (~20 min)
Install the distribution certificate in your
Keychain
(double click)In your
Keychain
, under "My certificates", export the certificate in the.cer
format (right click), saycert.cer
Find the new distribution certificate's ID
Run
bundle exec fastlane ios list_certificates
with the account that has access to the publisher's Apple developer accountFind the line corresponding to the new distribution certificate and note the certificate ID
CERT_ID
Extract the private key from
cert.p12
:openssl pkcs12 -nocerts -nodes -out cert.pem -in cert.p12
Open
cert.pem
in a text editor and make sure it starts with-----BEGIN RSA PRIVATE KEY-----
. If it's the case, go directly to 7.Convert the private key to a RSA private key:
openssl rsa -in cert.pem -out cert.pem
Find the password of the Match git repo's branch (
MATCH_PASSWORD
) in your secret filesCypher the private key with the Match algorithm:
openssl aes-256-cbc -k ${MATCH_PASSWORD} -in cert.pem -out ${CERT_ID}.p12 -a
Cypher the public key:
openssl aes-256-cbc -k ${MATCH_PASSWORD} -in cert.cer -out ${CERT_ID}.cer -a
Cypher the provisioning profile:
openssl aes-256-cbc -k ${MATCH_PASSWORD} -in profile.mobileprovision -out AppStore_${BUNDLE_IDENTIFIER}.mobileprovision -a
Clone the Match git repository.
Checkout the
MATCH_GIT_BRANCH
.Remove the old certificates and provisioning profiles and add the new ones.
Last updated