V2 Distribution certificates Apple

This article explains

What is a distribution certificate
When AppMachine automatically generates one
In what specific case you need to upload one yourself
The restriction of more then 3 certificates per account and how to solve

What is a distribution certificate?

A distribution certificate identifies your team/organisation within a distribution provisioning profile and allows you to submit your app to the Apple App Store. It is -in a certain way- the digital signature of your Apple developer account.

When users download your app from the App Store, the digital signature tells them that your app is created by a trusted developer and is safe to install.

When does AppMachine automatically create an iOS Distribution Certificate on my Apple developer account?

AppMachine will create a new iOS Distribution Certificate on your Apple Developer account when:

You have never published an iOS app via AppMachine and/or on this developer license before.
The iOS Distribution Certificate that was created on your developer license during a previous publication of your app has expired.

When do I have to upload an iOS Distribution Certificate myself?

Apple has set a limit to the amount of distribution certificates that can be active on a developer license simultaneously.

An Apple Developer license enrolled in the iOS Developer Program (App Store publishing) is limited to three simultaneously active iOS Distribution Certificates.

An Apple Developer license enrolled in the iOS Developer Enterprise Program (Enterprise publishing) is limited to two simultaneously active iOS Distribution Certificates.

You will have to upload an iOS Distribution Certificate yourself when there is no more room on your developer license to create a new distribution certificate, and if we are not yet in possession of an iOS Distribution Certificate which was created on your developer account during a previous app publication.
When you are connecting to your App Store Connect account, you might see an error like this:

When uploading an iOS Distribution Certificate for your app, AppMachine requires you to upload a combined export of the certificate and its private key. This combined export will result in a .p12 file, which you will be able to upload in AppMachine. If you've secured the .p12 with a password, then please also make sure to provide this, as without it we will not be able to code-sign your application successfully.

Alternatively, you can also choose to remove an existing iOS Distribution Certificate from your account to free up space so that our systems can create one. The consequences of removing a distribution certificate differ per account type:

iOS Distribution Certificate (App Store)
If your Apple Developer Program membership is valid, your existing apps on the App Store won't be affected. However, you'll no longer be able to upload new apps or updates signed with the removed certificate to the App Store.
iOS Distribution Certificate (Enterprise)
Users will no longer be able to run apps that have been signed with this certificate. You must distribute a new version of your app that is signed with a new and valid distribution certificate.

V2 Distribution certificates Apple Print

Related Articles