Security Profiles

Summary

Security Profiles securely store your credentials so you can easily reference them when sending push notifications or building your app in the cloud.

Here’s what you’ll need:

Cloud Builds

Push Notifications

You’ll need two sets of Apple certificates when your app goes to production, which means you’ll eventually need two Security Profiles: one for development and one for production.

We’ll guide you through creating a development profile with the credentials that you need.

Create a Profile

There are two types of profiles: development and production. The type must match your Apple certificates, which can also be for development or production.

We will generate a tag from the name you give your profile. The tag is how you’ll reference your profile in code and API calls.

iOS Setup

You’ll need an Apple Developer account (Individual or Organization). See comparing memberships.

Registering your App ID

Every app must register an ID with Apple.

Device Registration

Devices must be explicitly registered with Apple for sending push notifications during development.

Certificate Signing Request

Before you can get a certificate from Apple, you’ll need to generate a certificate signing request file. It can be created on Mac OSX by using Keychain Access and on other platforms by using OpenSSL.

Using Keychain Access

Using OpenSSL

Extra steps for Windows

For Windows, download OpenSSL (choose a pre-compiled self-installer) and install.

Open up command prompt (run as administrator) and change directories to the bin folder within the OpenSSL installation.

$ cd C:\OpenSSL-Win64\bin
$ openssl genrsa -out keyname.key 2048
$ openssl req -new -key keyname.key -out CertificateSigningRequest.certSigningRequest

iOS App Certificate & Provisioning Profile

Before you can generate App Certificates & Provisioning Profiles, you’ll need to register your app and any devices, and obtain a .certSigningRequest.

App Certificates & Provisioning Profiles are for signing your app and giving it access to certain devices.

Certificate

There are two types of Apple certificates: development and production. We’ll guide you through generating credentials with a development certificate.

Next, we’ll need to convert the certificate from a .cer file to a .p12 file. It can be converted on Mac OSX by using Keychain Access and on other platforms by using OpenSSL.

Using Keychain Access

Using OpenSSL

$ openssl x509 -inform DER -outform PEM -in ios_development.cer -out ios_development.cer.pem
$ openssl pkcs12 -export -inkey keyname.key -in ios_development.cer.pem -out Certificates.p12

Provisioning Profile

Provisioning profiles give your app access to be installed, or provisioned, on specific devices. For iOS App Development provisioning profiles, devices are selected manually.

Attach Credentials

iOS Push Certificate

Before you can generate a Push Certificate, you’ll need to generate an App Certificate.

There are two types of Push Certificates: development (for dev pushes) and production (for prod pushes). We’ll guide you through generating a development certificate.

Step through the steps. Upload the .certSigningRequest you created to generate a certificate. Then, download your certificate. It should be a .cer file.

Next, we’ll need to convert the certificate from a .cer file to a .p12 file. We’ll use Keychain Access, but it can also be done with OpenSSL.

Attach Credentials

Note for users of Xcode 8 and higher.

If you're using the latest version of Xcode, you will likely need to activate the Push Notifications capability before your app is able to receive notifications.

To do this, simply navigate to the Capabilities section in your app's overview within Xcode and toggle Push Notifications, as seen below.

Android App Keystore

The Android keystore, used for signing apps, can be generated using keytool, which is included in the Java JDK. Change MY-RELEASE-KEY and MY_ALIAS_NAME to be relevant to your app. The tool will ask you to enter a keystore password and a key password.

$ keytool -genkey -v -keystore MY-RELEASE-KEY.keystore -alias MY_ALIAS_NAME -keyalg RSA -keysize 2048 -validity 10000

Attach Credentials

Android FCM Project & Server Key

Google recently rebranded their Cloud Messaging service from Google Cloud Messaging (GCM) to Firebase Cloud Messaging (FCM).

If you have an existing security profile with GCM credentials, you may want to make another with FCM credentials and switch your app over to FCM.

Generating a Server key and Sender ID

A Google FCM Sender ID and Server key are needed to send push notifications to Android devices.

Attach Credentials

Now that you’ve created your Server key and Sender ID, you need to attach it to your security profile.

Services

    API

      General