• 14 July 2023

Apple tries to make signing IPAs complicated to stop people from sideloading. Starfiles is here to help. This post will demonstrate how to make a certificate in a simple step-by-step format (with screenshots).

Before we get started, confirm you have a developer account. You can get a developer account from Apple’s developer portal, they cost $99 + tax per year, if you don’t want to spend $99 on a developer account, there are many cheap signing services that handle it for you,  Anyways, now that you have your developer account ready, here’s how to make a certificate.

Step 1 - Generating a Certificate Signing Request (CSR)

  1. Open the “Keychain Access” app on a Mac.

  2. Navigate to “Keychain Access”->“Certificate Assistant”->“Request a Certificate From a Certificate Authority” in the menubar.

  3. Fill out your email, a common name (can be anything), and a CA email (the email address of your developer account), then select “Saved to Disk” and click “Continue”.

Great, you now have a CSR file saved to your computer. The CSR file will be used to request a certificate from Apple.

Step 2 - Create a Certificate (CER)

  1. Login to the Apple developer portal.

  2. Under “Certificates”, create a new certificate.

  3. Select “iOS Distribution (App Store and Ad Hoc)” and click “Continue”.

  4. Upload the CSR file you created in step 1 and click “Continue”.

  5. Click “Download”

Awesome! You now have a CER file, next, we’ll covert it to a P12 which we’ll use to sign apps.

Step 3 - Convert the CER file into a P12

  1. Reopen “Keychain Access” on your Mac.

  2. Make sure you have the “login” tab selected on the left sidebar, then click “Certificates”.

  3. You will see a list of certificates (which I have covered in red in the screenshot), drag your CER file into the list.

  4. Right click the certificate you just imported (the expiration date should be exactly 1 year from the creation date), then click “export”.

  5. Save the file as a P12 and set a password do not forget the password.

You now have the P12 file, that is what you’ll need to sign apps.

Step 4 - Create an Identifier

  1. Reopen the developer portal, and navigate to “Identifiers”.

  2. Click the blue + button, then ensure you have “App IDs” selected, then continue.

  3. You will be asked to select an identifier type, select “App” and continue.

  4. Set your bundle ID to “Wildcard” and write com.*, your description can be anything.

  5. Click “continue”.

Your developer account now has an identifier set, this will be used to create the mobileprovision.

Step 5 - Create a Profile (mobileprovision)

A mobileprovision defines the list of devices permitted to use your certificate. Before continuing, make sure you have every device you want to use to sideload linked to your developer account (this can be done in the device tab). If you’re using Starfiles API to create profiles and register devices, you only need to add one device to the profile, you can add the rest later using our API.

  1. Open the Apple developer portal.

  2. Select “Profiles” and create a profile.

  3. Select “Ad Hoc” and press “Continue”.

  4. Select the Identifier you made in the previous step, then click “Continue”.

  5. Select the certificate you made in step 2, then click “Continue”.

  6. Select the device(s) you want to allow to sideload, click “Continue”.

  7. Type any name for your profile, click “Generate”, then “Download”

You now have the certificate you need to sideload with, specifically the p12 and mobileprovision files, and possibly your p12 password.


Use these two certificates into the ESign application to try to install an IPA-shaped IOS application. Here is the tutorial https://www.youtube.com/watch?v=z_-OEsCFzS4