Generating a Keystore and PEM Certificate for Android App Signing

1. Generate a .pem Certificate

if you have a keystore, you can generate a .pem certificate from it using the following:

keytool -export -rfc -alias my-key-alias -keystore my-release.keystore -file developer_cert.pem

Replace my-key-alias with your actual key alias (found in signingReport). Replace my-release.keystore with the path to your .keystore file.

This will generate a file named developer_cert.pem containing the public key.

After generating the .pem certificate, you can send it to us and skip the rest of the steps.

2. Check if You Have a Keystore

Before generating a new keystore, check if you already have one.

Option 1: Locate Your Existing Keystore

The keystore is usually named release.keystore or debug.keystore.

  • Common locations:
    • Inside your project directory.
    • In /Users/your-user/.android/ (for macos) or \\Users\\your-user\\.android\\ (for Windows).
    • In the location specified in your Gradle signing config (check build.gradle).

To verify an existing keystore, run:

keytool -list -keystore /path/to/your.keystore
  • If the password is correct, it will list the aliases in the keystore.
  • If you do not have a keystore or forgot the password, proceed to Step 3 to create a new one.

3. Generate a New Keystore (If Needed)

If you don’t have a keystore or need to create a new one, run:

keytool -genkeypair -v \
    -keystore my-release.keystore \
    -alias my-key-alias \
    -keyalg RSA \
    -keysize 2048 \
    -validity 10000
  • You will be prompted to enter:
    • A keystore password (Save this securely).
    • Your personal/organization details (optional but recommended).
    • A key alias password (can be the same as the keystore password).

This command creates my-release.keystore in the current directory.

After creating the keystore, you can go to step 1 again to generate the .pem certificate.

4. Sign Your App

To sign your app, add the following to your android/app/build.gradle file:

android {
    ...
    signingConfigs {
        release {
            storeFile file("my-release.keystore")
            storePassword "your-keystore-password"
            keyAlias "my-key-alias
            keyPassword "your-key-alias-password"
        }
    }
    buildTypes {
        release {
            signingConfig signingConfigs.release
        }
    }
}
  • Replace my-release.keystore with the path to your keystore.
  • Replace your-keystore-password with the keystore password.
  • Replace my-key-alias with the key alias.
  • Replace your-key-alias-password with the key alias password.

Now you can run the following command to build a signed APK:

./gradlew assembleRelease

Done! 🚀

Your app is now signed, and you have a .pem certificate for API authentication.