IMPORTANT: As of June 2, 2017 you can only use the Intel XDK certificate management tool to download existing build certificates and convert "legacy" certificates. See this forum post for an example of the error messages you will see if you try to create or import a build certificate with an older version of the Intel XDK. Follow these PhoneGap Build instructions to create an Android build certificate and see this doc that explains how to export and build your mobile apps with PhoneGap Build and Cordova CLI.
To submit an app for distribution with most major app stores, you must digitally sign your app with a certificate. If you used the Intel XDK to build an app your certificate was stored in your online Intel XDK account and can be downloaded using the Intel XDK certificate management tool. To access this tool and your user account, click the person icon in the upper-right of the Intel XDK toolbar. See this Wikipedia article to learn more about code signing and digital certificates.
This quick, upgrade, overview video shows how you convert an existing Android "legacy" certificate to a "new" certificate that can be accessed using the Intel XDK certificate management tool. If you published an Android app to the Google Play store using an older version of the Intel XDK (prior to release 3088 in March of 2016) your app was probably signed with a "legacy" certificate. You must continue to use your legacy certificate to sign updates to such an app. The conversion process simply transforms the "legacy" certificate that was automatically created for you by older versions of the Intel XDK (releases prior to 3088 in March, 2016) into a format that can be managed by the Intel XDK certificate management tool and used with other Cordova compatible build systems (such as PhoneGap Build and Cordova CLI). This converted "legacy" certificate is what you must download to sign updates to applications that you have previously submitted to an Android store.
The "legacy" conversion process is done only once, if you do not see a "legacy" conversion option it means you either have already performed this operation or never had a "legacy" certificate. During the "legacy" conversion process you will be prompted to download and save a copy of your converted "legacy" certificate. This is done to insure that you have a copy for safe keeping. You can leave the converted certificate in your Intel XDK account; however, we highly recommend that you download a copy and keep it (and the password) safe so you have it to use with other Cordova CLI compatible build systems.
DO NOT LOSE YOUR ANDROID CERTIFICATE OR FORGET THE PASSWORD!! Intel does not retain copies of any keystores that you delete from your account. Likewise, Intel does not keep a copy of your keystore password, thus we have no means to recover a keystore or its password if you delete your keystore from your account in the certificate management tool.
Please see the PhoneGap Build reference (above) for information on how to create Android and iOS certificates outside of the Intel XDK.
Instructions regarding how to create or import a build certificate into the Intel XDK certificate management system have been deleted from this documentation. Instructions regarding how to download an existing Android certificate are provided below. There is no need to download existing iOS certificates because you can generate a new set using your Apple Developer account. Android is the only system that requires that you continue to use the same certificate for each update to a previously published app.
Viewing Keystores in Your Intel XDK Account
To view the Android keystores associated with your Intel XDK account:
- In the upper-right toolbar, click the person button.
- Below DEVELOPER CERTIFICATES, click the Android tab.
- If you have never created a keystore your screen might resemble this:
The image above shows the Android keystores tab. To view any iOS P12 certificate files in your account, click the iOS tab just below the DEVELOPER CERTIFICATES title.
IMPORTANT: the Intel XDK no longer supports creation of new build certificates. If you have a new account, or have never created a build certificate, you will see an empty list, similar to the image shown above.
If you have one or more certificates stored in your account, you should see something similar to the following:
In that case, see the section below, titled Downloading an Android Keystore. There is no need to download your iOS build certificates, it is easier to create a new set of iOS build certificates.
If you see a legacy certificate that was automatically created by an older version of the Intel XDK build system, use the icon to convert this existing "legacy" certificate to an equivalent Android certificate that can be downloaded and used with other Cordova CLI compatible build systems. See the next section, titled Converting a Legacy Android Keystore, for details on how to to download those keystores.
Converting a Legacy Android Keystore
If you built an Android (or Crosswalk for Android) app with an older release of the Intel XDK you may see an existing "legacy" Android certificate listed in the certificate management console. If you have a legacy certificate it was automatically created by an older version of the Intel XDK. In that case, click the icon to the right of your legacy Android certificate to convert it to a standard Android keystore format that can be downloaded and used with any Cordova or PhoneGap compatible build system.
IMPORTANT NOTE: Deleting an Android keystore means you can no longer use that keystore to sign Android APK files. Once you publish an APK to the store with a keystore, you must continue to use that same keystore to sign all updates to your published application!
IF YOU LOSE YOUR ANDROID KEYSTORE OR PASSWORDS YOU WILL NOT BE ABLE TO PUBLISH UPDATES TO YOUR ANDROID APP!
The Intel XDK can only download keystores that appear in the certificate manager! If the keystore you are looking for is not listed in the Certificate Management there is no keystore in the Intel XDK database. All the keystores stored in the Intel XDK database, under your account, are shown in the certificate management tool. Make sure you are logged into your Intel XDK account before checking the certificate management panel.
Downloading an Android Keystore
Click the icon to download a keystore.
IMPORTANT: After downloading your Android keystore be sure to save a copy in a safe and secure location place. Also, you MUST remember to write down and keep in a secure location the certificate alias, the signing key passphrase and (if unique) the keystore passphrase. You will need these to unlock the selected certificate files before you can build your app using a Cordova compatible build system.
Using the Projects Tab to Select an Android Keystore, iOS P12 Certificate, Provisioning File or Windows Publisher ID
On July 10, 2017, the Intel XDK cloud-based build servers were retired. You can no longer build a Cordova mobile app directly using the Intel XDK, with any version of the Intel XDK. You can build your mobile app using either PhoneGap Build or Cordova CLI. See Export to PhoneGap* Build and Cordova* CLI for instructions on how to build your mobile app using these external tools.
It is not necessary to select an Android or iOS build certificate or provide a mobile provisioning file when using the Export to PhoneGap* Build and Cordova* CLI tool. Any errors generated by the certificate and/or provisioning fields in the Build Settings section of the Projects tab are ignored by the export tool. If the export tool is issuing a warning due to errors in these fields, upgrade to the latest version of the Intel XDK. The initial versions of the Intel XDK that included the Cordova export tool did not properly ignore those errors.
You can specify your Windows credentials (in the Build Settings section of the Projects tab) before you export for building a Windows app, which will then include your Windows Publisher ID and other Windows build options in the exported config.xml file. This is useful for use with Cordova CLI. If you are using PhoneGap Build you should use their certificate management tool.
Submitting Your App to App Stores
To submit your signed app to:
The Google Play Store, log into your Google Play* developer account. Make sure your Android distribution certificate used to sign your built app has a 25 year expiry length and is valid until October 2033.
The Apple App Store, log into your Apple developer account and click Member Center. Make sure your iOS distribution certificate used to create the P12 file used sign your built app is the right one.
The Windows Store, log into your Windows developer account and click Dashboard.
Technical Details about Certificates, Keystores, and Windows Universal Apps
- Android app documentation about signing apps: Signing Your Applications
- Apple iOS documentation about signing apps: Maintaining Your Signing Identities and Certificates
- Android keystores are based on the Java* conventions for public key cryptography and consist of a certificate, a private key, and a keystore.
- For an article about code signing on Android, see this blog, especially under the heading The Role of Code Signing.
- What’s New in Windows 10 for Cordova
- Guide to Universal Windows Platform