HOWTO: get info from iTunes Distribution certificate and signing key (P12 file) and mobileprovision

Question

When dealing with iTunes apps, the Distribution certificate and signing key (P12 file)and signing key (P12 file) and .mobileprovision (plist file) are a bit of a mystery to me. I want to know how to get information from these files programmatically from the CLI.

How do you extract info from these files?

Answer 1

There is a wildcard .mobileprovision file for the entire Dev center account. It contains:

• Distribution provisioning ID
• Company identity
• certificates

Each app that has push notifications enabled has its own .mobileprovision file (it contains the push cert and the wildcard cert).

The most useful command I have found is to convert the .mobileprovision file to XML, you can then do what you wish with it:

openssl smime -inform der -verify -noverify -in my.mobileprovision

The CFPropertyList lib is a good PHP lib to interact with .mobileprovision files.

The Distribution certificate and signing key lives in a .p12 container. As the name suggests it contains:

• Certificate
• App signing private key

Here are some handy commands:

To get when cert expires:

openssl pkcs12 -in my.p12 -passin pass:1234 -nodes | openssl x509 -noout -enddate

To get the private key:

openssl pkcs12 -in my.p12 -passin pass:1234 -nodes | awk '/-----BEGIN PRIVATE KEY-----/,/-----END PRIVATE KEY-----/'

To get the cert:

openssl pkcs12 -in my.p12 -passin pass:1234 -nodes | awk '/-----BEGIN CERTIFICATE-----/,----END CERTIFICATE-----'

Get the sha1 of othe cert:

openssl pkcs12 -in my.p12 -passin pass:1234 -nodes |  openssl x509 -noout -fingerprint | cut -d "=" -f 2