Update on 2013-08-31: copied the CSR generating instruction below, just in case.
I believe setting up keys, certificates, and profiles of all kinds for iOS development is the most complicated part of all the development. And if you thought that would need to be done once, then no. Actually, you’ll have to renew your certificates and profiles every year.
To sign your apps, you should have your own developer certificate. You generate a CSR (Certificate Signing Request) with the Keychain Access app, then it’s approved on the developer portal, and you get your certificate. But: by default, every time you generate a new CSR, Keychain creates a new private/public keypair, which in turn invalidates your credentials in provisioning profiles. They have to be regenerated as well.
Xcode is supposed to simplify some of the steps, but in fact complicates the process more. The iOS Development Team provisioning profile (apparently, managed by Xcode itself) was pending in Xcode and portal for about 15 minutes, and I couldn’t do anything with it. The issue resolved itself, but I don’t like this “it should work, and you should wait” approach.
On the other hand, I understand Apple and its desire to control and manage as much as possible. It does try to secure a lot of information and make developers use secure connections, which is good. I don’t think the situation with the developer credentials will drastically change any time soon.
What you and I should take from this post is at least this link: how to reuse private key for CSR. It’s a little bit more complicated process of generating a new CSR from your existing private key, but it will save you lots of time and nerves later. Here’s a copy of the instruction from StackOverflow:
First, you need to export your private key from the keychain as a p12 file.
Open keychain and select your private key
Right-click and select “Export”
Use a p12 file type
Enter a password to export.
Run the following openssl command to convert your password-protected p12 file to a pem. openssl will prompt for the password you used when exporting it.