Ans :
When you create a certificate through Apple's developer portal, you have to create your key pair and send a "Certificate Signing Request," which at first is likely pretty confusing to developers just trying to see their application run on a device.
If you visit the developer portal, you'll find you can create certificates for Development or Distribution. These certificates are rooted to different authorities, so that the two worlds are never confused (though all iOS devices trust both in a seemingly equal fashion).
Provisioning Profiles - Probably the most confusing component in the system, a provisioning profile indicates the devices for which an application is correctly signed. If you visit the developer portal, you'll notice you can create two types (again called Development and Distribution). Provisioning profiles say "applications with this Identifier signed with this Certificate's private key are okay to run on these devices." Now that you know a provisioning profile is tied to a certificate, you can see why you have to decide whether to create a Development or Distribution profile. Development profiles are limited to 100 devices. Distribution profiles can either be Ad-Hoc or App Store distribution profiles. I am not sure whether Ad Hoc profiles have device limits.
You might ask, then, why not always use a Distribution profile? It can deploy to an unlimited number of devices, and is still attached to a certificate owned by the developer. Another piece of Apple's security puzzle are Entitlements. In an iOS application's bundle, you'll find Entitlements.plist, which is a list of capabilities that an application wants. When signing your application using a certificate intended for distribution, Xcode (really the signing utility) will not allow an entitlement with get-task-allow set to YES. This is because get-task-allow is what allows a debugger to connect to a process, and Apple doesn't want that happening on apps meant for distribution.
Short Ans :
1. A Certificate authenticates you as an entity. It can represent you as an individual, or your company.
2. The Identifier is a unique ID for your mobile app.
3. A provisioning profile associates your certificate with the App ID. It is the link between #1 and #2 above.
Certificates - This is a cryptographic certificate granted to you by Apple. It works just like SSL where you get a certificate signed by an authority. Apple signs the private key that you use to sign different pieces of your application. Different certificates create different types of trust. Some allow you to sign and submit your application for the App Store, while others allow your application's web server to send push notifications to users via APNS. In the latter case, for instance, Apple uses this certificate to trust the web server sending the push notification. Otherwise, it would be easy for an attacker to spoof a valid push notification and spam users. The most common certificate you would create signs the key you use to deploy your application to a device or submit it to the App Store.
When you create a certificate through Apple's developer portal, you have to create your key pair and send a "Certificate Signing Request," which at first is likely pretty confusing to developers just trying to see their application run on a device.
If you visit the developer portal, you'll find you can create certificates for Development or Distribution. These certificates are rooted to different authorities, so that the two worlds are never confused (though all iOS devices trust both in a seemingly equal fashion).
Provisioning Profiles - Probably the most confusing component in the system, a provisioning profile indicates the devices for which an application is correctly signed. If you visit the developer portal, you'll notice you can create two types (again called Development and Distribution). Provisioning profiles say "applications with this Identifier signed with this Certificate's private key are okay to run on these devices." Now that you know a provisioning profile is tied to a certificate, you can see why you have to decide whether to create a Development or Distribution profile. Development profiles are limited to 100 devices. Distribution profiles can either be Ad-Hoc or App Store distribution profiles. I am not sure whether Ad Hoc profiles have device limits.
You might ask, then, why not always use a Distribution profile? It can deploy to an unlimited number of devices, and is still attached to a certificate owned by the developer. Another piece of Apple's security puzzle are Entitlements. In an iOS application's bundle, you'll find Entitlements.plist, which is a list of capabilities that an application wants. When signing your application using a certificate intended for distribution, Xcode (really the signing utility) will not allow an entitlement with get-task-allow set to YES. This is because get-task-allow is what allows a debugger to connect to a process, and Apple doesn't want that happening on apps meant for distribution.
Short Ans :
1. A Certificate authenticates you as an entity. It can represent you as an individual, or your company.
2. The Identifier is a unique ID for your mobile app.
3. A provisioning profile associates your certificate with the App ID. It is the link between #1 and #2 above.
Looking forward to reading more. Great post. Much thanks again. Cool.what are ssl certificates
ReplyDelete