Before any app can be submitted to the App Store, it has to be code-signed using your developer credentials. This involves creating an app ID, creating certificates and then setting the build settings to use these.
The app ID uses an internal name for your app that cannot contain any special characters. Since this ruled out Pic-a-POD, I just used picapod to match the web site. The app ID also needs a bundle identifier which is like com.domainname.appname. In my case this became com.picapod.picapod
To get certificates, I logged in to the Apple developer site and went to the Developer Certificate Utility. Since Pic-a-POD does not use iCloud or Push notifications I did not have to create a Provisioning Profile.
Creating the certificates is easy enough – since I was not code-signing my debug builds, I only needed to create the distribution certificate, which includes a certificate for the app itself as well as one for the installer. I followed the directions and used Keychain Access to request a certificate, then download and install it.
Now I went to the plist for my app and changed the Bundle Identifier to com.picapod.picapod and set the code signing identity to match my new certificate.
The instructions at iTunes Connect showed how to do a test build and uses Terminal to confirm that the installer was working OK. I did this and I could see from the build log that the app was code-signed, so it all looked good.
But when I went to the newly built archive in Xcode’s Organizer and tried to share it as a .pkg, the popup menu for selecting a code-signing identity was showing no options. I saved the .pkg without an identity, but the installer test in Terminal then failed.
I finally worked out that there should have been 2 different certificates: one for eh app and one for the installer. But the installer certificate had not downloaded with the app certificate, so I went back and created an installer certificate in it’s own. This fixed it and I was able to select the installer certificate’s identity when sharing the archive. The installer package built and the installer test in Terminal passed.