Cloud-managed certificates are associated with your Apple Developer Program membership and managed remotely. In Xcode 13 or later, Xcode will cloud sign any apps or software for distribution when you’re using the Xcode Organizer archive and distribution workflow. Additional permissions are available in App Store Connect to enable Admins and Developers to sign apps and software with these certificates.
Certificate management and rotation
A new cloud-managed certificate is automatically created 90 days before expiration when new signing requests are received. The newest certificate is used when software signing request are received. Account Holders and Admins can also initiate certificate rotation in Certificates, Identifiers & Profiles if signed software needs to run on devices for longer than 90 days. Manual certificate rotation is available once the certificate has less than half of its validity duration left (often 180 days).
Required role: Account Holder or Admin.
Configure for local signing
Xcode 13 or later will cloud sign any apps or software for distribution if you’re using the Xcode Organizer archive and distribution workflow, and a local signing certificate is not found. You can configure Xcode to locally sign software by adding an active Apple Distribution certificate to your keychain before signing for distribution or by using the manual signing processes.