Selfsigned certificate and provisioning profile for Xcode iOS building

Doesn’t work in Xcode 10

Xcode now allows anyone with an Apple ID to build and run app, from anywhere. But, what if, I’m jailbroken and not satisfied with 7-days expiration? Or I’m trying to build an open-source app, but can’t build because the bundle id is already taken and submitted to iTunes?

Since we are jailbroken, everything should just work if we use selfsigned certificate. But somehow, Xcode just keeps asking for a “provisioning profile”, and which is kind of messy to play around. But finally I got it working.

Provisioning profile, is a Cryptographic Message Syntax (CMS) signed property list (plist), which includes team, app, and permission info.

For those who don’t want to bother with cert generating and plist signing, you can just take, import the p12 into keychain, open provisioning profile in Xcode, and skip to the last step, and you are all set.

If you’d like to create the cert from scratch, here’s the detailed steps.

Create selfsigned certificate for code signing

Things is different here because we are going to sign the plist, so for key usage you need not only “Code Signing”, but also “Any” and “Email Protection”, everything else should be famillar if you tried to create a code signing cert in the past. Note that you need to fill in “Organizational Unit”, and this will be your team id, so don’t leave white space in here.

Choose Code Signing type and don’t forget to check the “Let me override defaults”
Fill in the Organizational Unit, everything else can leave blanked
Any and Email Protection must be included or you can’t sign the profile later

Create provision plist

Now you have a working certficate, it’s time to create the provision plist. Here is the template plist file:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "">
<plist version="1.0">
	<string>selfsigned: any app</string>
	<string>Self Signed Provisioning Profile</string>

Here’s a few thing you need to change in this plist.

  • Paste your certificate content after DeveloperCertificates entry. Open and run “security find-certificate -c “iPhone Developer” -p” and copy things between the dashes.
  • Change all the team identifier SELFSIGNED if you chose your own “Organizational Unit” name when creating cert.
  • Change the CreationDate, ExpirationDate, and TimeToLive to match your cert’s validation info.
  • (Optional) Run “uuidgen” in Terminal and change the UUID entry.

Signing the provision profile

After you modified the plist, the easiest way should be running

security cms -S -N "iPhone Developer" -i provision.plist -o provision.mobileprovision

Though, for some reason, my machine keep running into error. If you have the same problem, export the cert and private key from keychain and sign it with openssl. (Note that the openssl cli utility comes with mac does not have cms function, you might need to compile one yourself or find another platform)

openssl cms -sign -nodetach -in provision.plist -out provision.mobileprovision -inkey CodeSigning.key -signer CodeSigning.crt -outform DER


Configure Xcode to use the certificate and provisioning profile

So we finally got everything set up, but wait! There’s the last step.

First open the .mobileprovision file in Xcode, it will not react or pop anything, but you can check “~/Library/MobileDevice/Provisioning Profiles” directory if your generated uuid is there.

Then go to project’s “Build Setting” – Signing, select your certificate in “Code Signing Identity”, change “Code Signing Style” to “Manual”, leave “Development Team” empty, and select your provisioning profile in both “Provisioning Profile” and “Provisioning Profile (Deprecated)”


Now check the Gerenal tab, and it should not complaint about signing anymore.


您的电子邮箱地址不会被公开。 必填项已用 * 标注

To create code blocks or other preformatted text, indent by four spaces:

    This will be displayed in a monospaced font. The first four 
    spaces will be stripped off, but all other whitespace
    will be preserved.
    Markdown is turned off in code blocks:
     [This is not a link](

To create not a block, but an inline code span, use backticks:

Here is some inline `code`.

For more help see