Create Certificates for iOS

This topic describes how to generate certificates for iOS during the required settings to launch your OEM app on the Tuya IoT Platform. You can choose between two methods to generate the certificates: Auto Generate Certificates and Manually Create and Upload Certificates.

Method 1: Auto Generate Certificates

1. Log in to the Tuya IoT Platform.

2. In the left-side navigation pane, choose App > OEM App > Required Setting, select the app to be launched, and then click the Certificate for iOS tab.

3. Select the Auto Generate Certificates option.

   

4. In the Auto Generate Certificates section, set Apple ID and other fields to automatically generate the distribution certificate and push certificate within one minute or more.

Method 2: Manually Create and Upload Certificates

Preparation

1. You must register and join the Apple Developer Program to launch apps on the App Store.
2. Prepare a macOS computer to create the certificate.

Create an App ID

1. Log in to the Apple Developer platform and select Certificates, Identifiers & Profiles.

   

2. Go to the Identifiers page and click +.

   

3. Select the App IDs option and click Continue.

   

4. In the Description field, enter the description of your app, such as the app name. Set Bundle ID to Explicit and enter the bundle ID of your app.

   

5. In the Capabilities section, select the following options:

   • Access WiFi Information
   • Associated Domains
   • Push Notifications
   • Sign In with Apple, Enable as a primary App ID (optional)

   

   • Starting from v3.15, if your app supports login with accounts of third-party platforms, such as Facebook, WeChat, and Tencent QQ, the Sign in with Apple feature must be enabled for your app. Otherwise, the app might fail the Apple App Store review.
   • Starting from v3.15, due to the updates of certain third-party SDKs, you must enable the Associated Domains feature to build your app as expected.
   • If your app provides value-added services, additional permissions are required.

6. Click Continue, confirm the settings, and then click Register.

   If the error message An App ID with Identifier ‘com.xxx.xxx’ is not available. Please enter a different string. is returned, the bundle ID has been used. Then, click Back and change the bundle ID.

   

7. If no error message is returned and the App ID is displayed on the Identifiers list, the App ID is created.

   

Enable Sign in with Apple

The Sign in with Apple feature is new to iOS 13. This enables login to your app with an Apple account and no registration is required. For more information, see Sign in with Apple.

Starting from v3.15, if your app supports login with accounts of third-party platforms, such as Facebook, WeChat, and Tencent QQ, the Sign in with Apple feature must be enabled for your app. Otherwise, the app might fail the Apple App Store review.

1. Go to the Identifiers page and click the App ID of your app.

   

2. In the Capabilities list, select Sign In with Apple and save the setting.

   

Create a CSR file in the .certSigningRequest format

1. Open the Keychain Access application on macOS, and on the menu bar, choose Keychain Access > Certificate Assistant > Request a Certificate From a Certificate Authority.

   

2. On the Certificate Assistant page, set User Email Address and Common Name, select Saved to disk, and then click Continue.

   

3. Save CertificateSigningRequest.certSigningRequest to a local directory.

Create the distribution certificate in the .p12 format

1. Choose Certificates, Identifiers & Profile > Certificates and click +.

   

2. Selec iOS Distribution (App Store and Ad Hoc) and click Continue.

   If this option is not available and the system indicates that the number of certificates has exceeded the upper limit, return to the previous page and delete the unnecessary certificates. The deletion does not affect the normal use of the launched apps. The certificates are only required when you build and launch apps.

   

3. Click Choose File… to select the newly generated CSR file and click Continue.

   

4. Click Download to download the ios_distribution.cer file to a local directory, double-click the file, and then import it to the keychain.

   The .cer file must be imported to the keychain before it can be exported as a .p12 file. Continue with the follow-up steps.

   

5. Open the Keychain Access application, choose Category > My Certificates, and then find the newly imported certificate. Right-click the certificate and select Export.

   

6. Save the certificate as App Distribution Certificate.p12, select the file format Personal Information Exchange (.p12), and then click Save.

   

7. Create a password for the distribution certificate, note it down, and then click OK.

Create a push certificate in the .p12 format

Different from the distribution certificate, if multiple applications are associated with your account, a push certificate must be created for each application.

1. Choose Certificates, Identifiers & Profile > Certificates and click +.

   

2. In the Services section, select Apple Push Notification service SSL (Sandbox & Production) and click Continue.

   

3. Select the bundle ID of the app from the App ID drop-down list and click Continue.

   

4. Click Choose File… to select the newly generated CSR file and click Continue.

   

5. Click Download to download the aps.cer file to the local directory, and double-click the file to import it to the keychain.

   The .cer file must be imported to the keychain before it can be exported as a .p12 file. Continue with the follow-up steps.

   

6. Open the Keychain Access application, choose Category > My Certificates, and then find the newly imported certificate. Right-click the certificate and select Export.

   

7. Save the certificate as App Push Certificate.p12, select the file format Personal Information Exchange (.p12), and then click Save.

   

8. Create a password for the push certificate, note it down, and then click OK.

Create the configuration file in the .mobileprovison format

1. Choose Certificates, Identifiers & Profile > Certificates and click +.

   

2. In the Distribution section, select App Store and click Continue.

   

3. Select the bundle ID of the app from the App ID drop-down list and click Continue.

   

4. Select the newly created distribution certificate and click Continue.

   If multiple certificates appear on the page, they can be distinguished by expiration time. Each certificate is valid for one year. If the certificates cannot be distinguished, we recommend that you return to the list of certificates, delete the unnecessary certificates, and then redo this step. The unmatched certificate might cause the app building to be failed.

   

5. Enter your app name in the Provisioning Profile Name field and click Generate.

   

6. Click Download to download the configuration file.

   

Upload the certificates and configuration file to the Tuya IoT Platform

1. Log in to the Tuya IoT Platform. In the left-side navigation pane, choose App > OEM App > Required Setting, select the app to be launched, click Certificate for iOS, and then select Manually Create and Upload Certificate to upload certificates and configuration file.

   

2. In the Certificate for iOS section, upload the configuration file and distribution certificate, enter the certificate password, and then click Save.

   

3. In the iOS Push section, upload the push certificate, enter the certificate password, and then click Save.

   

Things to note

• The distribution certificate takes effect only after you rebuild the app.
• The push certificate is valid for one year, and after it expires, the push notifications are disabled. To enable push notifications again, create and upload the push certificate. In this case, you do not need to rebuild the app.
• Your developer account must be annually renewed. If the account expires, your app will not be able to found on the App Store. After the renewal, your app can be found again.
• Starting from April 2020, Sign in with Apple must be configured for the apps that enable the third-party login feature before they can be launched on the App Store. For more information, see New Guidelines for Sign in with Apple.
• Starting from v3.15, due to the updates of certain third-party SDKs, you must enable the Associated Domains feature to build your app as expected.
• If you get the error Sign Up Not Completed when logging in to the App using the Apple ID, log in to the Apple Developer again and recheck the option Sign In with Apple in the Capabilities list and save (save one more time after uncheck). If you used Auto Generate Certificates , you could refer the above steps to recheck the option or contact the relevant docking business for help .