At first it seems a complex process, but it's pretty straightforward when you've been through it a few times.
In a nutshell the process is this:
(I'm assuming you've set up your iPhone/iPod touch as a test device)
Via the iPhone Developer Portal
Create an App ID
(give your application a name, this is just for reference on the website and nothing to do with your own build of your application)
enter a string to identify it, like com.yourcompany.appname
(this is important and should be the same as in your .plist file inside Xcode)
Click and Save this
Go to Provisioning
There are 2 provisioning profiles you'll need
a) development - so you can install your application on a test device (i.e. your iPhone / iPod touch)
b) distribution - if you want to sell the application via the App Store
You can create the profiles by selecting your App ID, created in the previous step, from the drop down list and clicking Save
In a few moments (usually, though it can be longer) the certificate is available for download. Download this to your Mac and drop it onto the Xcode icon. Sometimes the development profile doesn't work for me like this and I drop it directly into the Organiser window in Xcode that shows my connected device.
Besides, if you are in a team account, team admin need to edit Development Provisioning Profiles, and add modify your certificates privilege.
In Xcode inside 'Edit Project Settings' you can select the certificate you wish to code sign with. Usually for debug I sign with the development certificate. Follow the instructions on the apple site and clone the release profile and call it something like release and sign this with your distribution profile. (You won't be able to load the app onto your phone with the distribution profile selected)
Make sure you select the target device as Device and not Simulator when building for the App Store!
Hope that helps, it's from memory so apologies if I've skipped some small steps.