Download Apple Developer Certificate



To better protect Apple customers from security issues related to the use of public key infrastructure certificates and enhance the experience for users, Apple products use a common store for root certificates. You may apply to have your root certificate included in Apple products via the Apple Root Certificate Program. Certificate Transparency and Certificate Trust APIs. Strong encryption for your network connections is not enough. To help ensure your app is connecting to the right server, employ Apple’s certificate trust APIs and Certificate Transparency. Certificate, Key, and Trust Services; Certificate Transparency website; iOS trusted root certificates.

Prepare Your Institution for iOS 13 or macOS Catalina

If you’re a system administrator, review these documents to prepare for iOS 13 and macOS Catalina.

Download Apple Developer Certificate Download

End-of-Life for SHA-1 Certificate Support

In 2017, a security update to Apple’s operating systems removed support for SHA-1 signed certificates used for Transport Layer Security (TLS) in Safari and WebKit. Make sure to use SHA-256 signed certificates.

Making Secure Connections

Join the Apple Developer Program to reach customers around the world on the App Store for iPhone, iPad, Mac, Apple Watch, Apple TV, and iMessage, and on the Safari Extensions Gallery. You’ll also get access to beta software, advanced app capabilities, extensive beta testing tools, and app analytics. 5) In your browser, login to your developer account at developer.apple.com, then select Certificates, Identifiers & Profiles. 6) In this next step, make sure you select the Certificates section from the sidebar, then click on the ” + ” icon at the top.

A range of APIs on Apple platforms enable your apps to employ secure network connections and to benefit from OS-level security policies.

App Transport Security (ATS)

ATS establishes best-practice policies for secure network communications using Apple platforms, employing Transport Layer Security (TLS) version 1.2, forward secrecy, and strong cryptography.

Secure Transport API

Use Apple’s secure transport API to employ current versions of the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) cryptographic protocols for network communications.

Supported Algorithms

Starting with iOS 10 and macOS v10.12, the RC4 cipher suite is disabled by default. In addition, Apple recommends that your servers use certificates signed with the SHA-2 cryptographic function.

DeviceCheck and the App Attest API

Protect against security threats to your iOS apps and reduce fraudulent use of your services by managing device states and asserting app integrity. The DeviceCheck services provide information that you can integrate into an overall anti-fraud strategy for your app and risk assessment for a given device.

Using the DeviceCheck service, a token on your server can set and query two binary digits of data per device — for example, to flag a device you‘ve determined to be fraudulent — while maintaining user privacy. And with App Attest, you can generate a special cryptographic key on a device running iOS 14 or later, and use that key to validate the integrity of your app before your server provides access to sensitive data.

Certificate Transparency and Certificate Trust APIs

Strong encryption for your network connections is not enough. To help ensure your app is connecting to the right server, employ Apple’s certificate trust APIs and Certificate Transparency.

Protecting User Data

Apple platforms provide a variety of features for protecting user data.

Purpose Strings

Purpose strings let you statically declare the sensitive data and resources your app employs.

Copying and Pasting Sensitive Data

Copying and pasting sensitive data in iOS can take advantage of privacy options.

Keychain and iCloud Keychain

Keychain and iCloud Keychain provide a secure repository for sensitive user data, such as certificates, keys, passwords, and notes.

App Sandboxing

Protect Mac systems and users by limiting the privileges of an app to its intended functionality, increasing the difficulty for malicious software to compromise users’ systems.

Executing Code Securely

Apple platforms protect users with secure code execution. Xcode, Apple’s integrated development environment (IDE), directly provides code signing for iOS, watchOS, and tvOS apps, as well as for macOS apps that you distribute through the Mac App Store.

Sign Your Apps with Developer ID

Gatekeeper on macOS helps protect users from downloading and installing malicious software distributed outside the Mac App Store by checking for a Developer ID certificate.

Notarize Your Apps

If distributing your Mac app outside of the Mac App Store, sign and upload your app to Apple to be notarized to certify your app is genuine and to perform a security check.

Cryptographic Interfaces

Apple platforms offer a comprehensive set of low-level APIs for developing cryptographic solutions within your apps.

Apple CryptoKit

Perform cryptographic operations securely and efficiently in your app.

Common Crypto Library

Download Apple Developer Certificate

The Common Crypto library supports symmetric encryption, hash-based message authentication codes, and digests.

CryptoTokenKit for Smart Card Support

The CryptoTokenKit framework provides first-class access for working with smart cards and other cryptographic devices in macOS.

SecKey API for Asymmetric Keys

SecKey provides a unified asymmetric key API across Apple platforms.

Security Fundamentals and Resources

These resources provide background information and support for security on Apple platforms.

Guides

Programs

corecrypto

Both Security Framework and Common Crypto rely on the corecrypto library to provide implementations of low level cryptographic primitives. This is also the library submitted for validation of compliance with U.S. Federal Information Processing Standards (FIPS) 140-2 Level 1. Although corecrypto does not directly provide programming interfaces for developers and should not be used by iOS or macOS apps, the source code is available to allow for verification of its security characteristics and correct functioning.

This article is intended for system administrators for a school, business, or other organization.

Download Apple Developer Certificate Template

Your organization can use the Apple Developer Enterprise Program to create and distribute proprietary enterprise iOS apps for internal use. You must establish trust for these apps before you can open them.

If you install an app by Mobile Device Management (MDM), trust is automatically established. If you manually install an app, you must also manually establish trust.

Apple recommends that you use an MDM solution to distribute the apps. This method is secure and doesn’t require user interaction. You can also install custom apps from a secure website that your organization operates. If you don’t install apps from your organization, download and install apps only from the Apple App Store. This is the best way to protect your iPhone, iPad, or iPod touch.

Manually install and trust an enterprise app

When you first open an enterprise app that you've manually installed, you see a notification that the developer of the app isn't trusted on your device. You can dismiss this message, but then you can't open the app.

After you dismiss this message, you can establish trust for the app developer. Tap Settings > General > Profiles or Profiles & Device Management. Under the 'Enterprise App' heading, you see a profile for the developer.

Tap the name of the developer profile under the Enterprise App heading to establish trust for this developer.

Then you see a prompt to confirm your choice. After you trust this profile, you can manually install other apps from the same developer and open them immediately. This developer remains trusted until you use the Delete App button to remove all apps from the developer.

You must be connected to the Internet to verify the app developer's certificate when establishing trust. If you're behind a firewall, make sure that it's configured to allow connections to https://ppq.apple.com. If you aren't connected to the Internet when you trust an app, the device displays 'Not Verified' instead. To use the app, connect to the Internet and tap the Verify App button.

After you verify an app for the first time, your iPhone, iPad, or iPod touch must reverify the app developer's certificate periodically to maintain trust. If you can't reverify, you may see a message that verification will expire soon. To maintain trust, connect your device to the Internet, then tap the Verify App button or launch the app.