HexSign can issue every certificate type the App Store Connect API exposes — including iOS Development, iOS Distribution, Developer ID Application, Developer ID Installer, Mac Installer Distribution, Pass Type ID, and Apple Push. The flow is the same for each: pick a type, pick a CSR, and HexSign hands the request to Apple.

Issue a new certificate

1
Open Certificates and click "New certificate"
From the Certificates tab in the sidebar, click the New certificate button in the top-right.
2
Pick a type
Choose the certificate type that matches what you're signing (App Store builds use iOS Distribution; TestFlight or local Development uses iOS Development; notarized macOS apps use Developer ID Application).
3
Pick or generate a CSR
Either pick an existing CSR from your CSR vault or have HexSign generate a fresh one (the private key is encrypted with a dedicated AWS KMS key).
4
Submit
HexSign forwards the request to Apple's API, ingests the resulting .cer, and stores it next to the originating CSR. The new certificate is immediately visible in the dashboard and on the relationship graph.

Download a .p12

If HexSign generated the CSR, it can also export the certificate as a password-protected PKCS#12 (.p12) file that pairs the certificate with its private key. Click Download .p12 from the certificate's detail page, set a strong export password, and import the .p12 into the keychain or CI secret store.

Revoke a certificate

Revoking a certificate tells Apple to mark it invalid. Any provisioning profile that was signed with that certificate becomes invalid until it's regenerated against a new one. HexSign shows the dependent profiles before you confirm so the blast radius is never a surprise.

1
Open the certificate's detail page
Click the certificate from the Certificates list or from the relationship graph.
2
Review dependents
The detail page lists every provisioning profile that uses this certificate. Decide which need to be regenerated against a replacement certificate before you revoke.
3
Confirm revocation
Click Revoke and confirm. HexSign sends the revoke call to Apple and updates the local copy. The certificate stays in the audit log but moves to the revoked filter.

Issue a new certificate

Open Certificates and click "New certificate"

From the Certificates tab in the sidebar, click the New certificate button in the top-right.

Pick a type

Choose the certificate type that matches what you're signing (App Store builds use iOS Distribution; TestFlight or local Development uses iOS Development; notarized macOS apps use Developer ID Application).

Pick or generate a CSR

Either pick an existing CSR from your CSR vault or have HexSign generate a fresh one (the private key is encrypted with a dedicated AWS KMS key).

Submit

HexSign forwards the request to Apple's API, ingests the resulting .cer, and stores it next to the originating CSR. The new certificate is immediately visible in the dashboard and on the relationship graph.

Download a .p12

Revoke a certificate

Open the certificate's detail page

Click the certificate from the Certificates list or from the relationship graph.

Review dependents

The detail page lists every provisioning profile that uses this certificate. Decide which need to be regenerated against a replacement certificate before you revoke.

Confirm revocation

Click Revoke and confirm. HexSign sends the revoke call to Apple and updates the local copy. The certificate stays in the audit log but moves to the revoked filter.

Create and revoke Apple Developer certificates

Issue a new certificate

Open Certificates and click "New certificate"

Pick a type

Pick or generate a CSR

Submit

Download a .p12

Revoke a certificate

Open the certificate's detail page

Review dependents

Confirm revocation

Related articles

Generate and store CSRs in the HexSign vault

Rotate an expiring signing certificate without breaking releases

Regenerate or update a provisioning profile

Take control of your Apple Developer assets.

Create and revoke Apple Developer certificates

Issue a new certificate

Open Certificates and click "New certificate"

Pick a type

Pick or generate a CSR

Submit

Download a .p12

Revoke a certificate

Open the certificate's detail page

Review dependents

Confirm revocation

Related articles

Generate and store CSRs in the HexSign vault

Rotate an expiring signing certificate without breaking releases

Regenerate or update a provisioning profile

Take control of your Apple Developer assets.