iosssl-certificatekeychainad-hoc-distribution

Command to check if iOS distribution certificate is installed


Is there any command to check if an iOS app distribution certificate is already installed in mac keychain. Identifying the certificate by using certificate name does not help since an apple developer account can have more than one distribution certificates and those certificates have the same name.


Solution

  • Unfortunately, code signing requires a considerable amount of information about the build state of your application (ex. Release vs. Debug, effective AppID, effective Signing Identity build configuration, effective Provisioning Profile configuration) as well as the certificate and key information that is stored in the current user's keychain. As a direct answer to your question: No, there isn't a one-shot 'checkMySigningIdentity' tool packaged with Xcode that can give you the fully automatic, binary Yes/No I suspect you are looking for. There are a cluster of tools exposed via the security CLI that could be used to validate signing identities or to interrogate the contents of installed certificates. For example, you could grep the contents of the output of security find-identity -v -p codesigning:

    bmusial@BKM-rMBP:~$ security find-identity -p codesigning -v
      1) A1B2C3D4E5F6198609D8AACF3F3041F05163A3EC "iPhone Developer: Bryan Musial (1234567890)"
      2) 8FDF5DCEC607FE669BB6C728CB51A1B2C3D4E5F6 "iPhone Developer: Bryan Musial (0987654321)"
         2 valid identities found
    

    And then look for the identifier in the parenthesis that matches the known Distribution certificate (clearly I only have Development certificates installed, but the same works for Distribution certificates). You could take it a step further and fetch the certificate in question from Keychain and then interrogate the User ID, Organization Unit, or Serial Number for an extra level of verification.

    The net result is that there isn't currently a one-touch CLI that you can use to get the pass/fail result you are looking for. You may, however want to look at open-source tools for scripts or script fragments you could use to build your own script.