We are building a desktop app using electron.
When installation we want to have a publisher or windows code signing certificate. How do i do that?
Do i need to buy a certificate?
Related
We have a series of iOS Enterprise applications that were built with Telerik Cordova (discontinued in May 2018). Those apps are in the process of being converted to a new platform, but in the mean time they must continue to service client needs.
The distribution certificate the apps were built with is valid for another 14 months or so, but the provisioning profiles expire in a few days. Since these are Enterprise apps they will expire with the profiles.
Unfortunately, Telerik can no longer rebuild the apps using an updated profile for us. We have re-signed the apps using new provisioning profiles (using both iReSign and Terminal). When we try to side-load the resulting IPAs through the XCode Devices panel, we get an error stating that the entitlements do not match and the apps are not installed.
The question was raised as to whether or not we not need to re-sign the apps since the certificates are still valid. Perhaps it would be possible to just replace the .mobileprovision file on the device somehow? I gave it a try using iTunes Sync but I cannot confirm whether the file actually went to the device or not.
Question: Is it possible to just update the *.mobileprovision on the device without re-signing the app? If so, could someone please give me the steps or direct me to a link to perform the steps?
Alternate Question: Otherwise, any thoughts on how to resolve my Entitlements issue? The app only needs Push Notifications, but Game Center and In-App Purchases are also enabled. These are reflected in the App ID and provisioning profile, and the distribution certificate is of type Apple Push Services.
I should point out that I am not an admin on the Apple Developer portal for the project as I am an outside consultant, so my portal access is strictly read-only.
Thanks in advance for any direction provided!
If the applications were distributed to the devices by an MDM, then you can push a new provisioning profile to them using the MDM.
If the applications were installed over the air from a web server or directly using iTunes or Apple Configurator, then you need to replace the entire application package on the device. This requires the app to be re-signed, since the changed .mobileprovision file will change the package signature.
If you don't have the original, app ID with matching entitlements in the developer portal, then you will need to delete the existing application from the device before installing the new, re-signed application. You won't be able to do an in-place upgrade.
I'm using the NEVPNManager to create a personal VPN for my iOS app which is working. Now I'm trying to install a root CA certificate that can be used by all apps. I understand the user will need to trust this certificate under General -> About - Certificate Trust Settings. I'm trying to automate as much of this process as possible. The two ways I've found to attempt to do this are either:
1) Open Safari with a URL to the root certificate hosted on a website and iOS will prompt the user to install the certificate as a profile.
2) Install the certificate pragmatically within the app.
Option #1 works, but after the user installs the certificate they are not take back to the app and still have to manually go in and trust the certificate in the Certificate Trust Settings.
With option #2 if SecItemAdd is used it is only added to the keychain for the sandbox for my app and not available to other apps. The only option I have seen to make if available to other apps it to increase it's trust level as shown here, but this seems to require an old open source library from Apple that I was not able to get to build.
So, what is the best option to accomplish installing the root certificate and prompting the user to make it trusted? If it is possible through #2, any ideas how I build and then incorporate that library into my app? If I'm left with #1, what is the best way to simplify the process for the user?
SecTrustSettingsSetTrustSettings and related symbols are private API and your app will be rejected by Apple on submission. Even if you manage to compile this open source, it will still export the private symbols, and your app will be rejected.
Instead, you should use the openURL: API and point to a .p12 file, either locally hosted (by using an in-app web server) or remote. The .p12 file should include the certificate chain.
This will open the Settings app and ask the user to install the certificate. Once the user installs, all applications on the device will trust it.
I'm developing apps for other companies. My customers want their app in App Store to show as published by their own company, not mine. Also, they don't want to give me their private key for signing apps for App Store distribution. I don't want the key myself, because I don't want any legal responsibility related to the key being lost or stolen.
They can add me as a developer on their company's team inside the Apple Developer portal, and this gives me access to publish new builds for testing. In this situation, I must sign my app with their distribution certificate, or my builds would be rejected when uploading them. Is that correct?
A possibility is that I send them the app as an IPA-file, using their app's bundle id, and sign it with my own certificate. They would then resign the app with their distribution certificate and submit it to iTunes Connect using Application Loader or similar. What is the easiest way for them to do the re-signing? Will they have to use Xcode to upload the IPA, or manually run codesign on the command line?
I'm looking to make this as easy as possible. The people receiving the builds (IPA-files) are not developers.
Try this one, you can sign IPA package by your certificate and send it to them, then ask them to re-sign it using their own certificate.
How to Re-Sign an iOS App from an External Developer
In this scenario, the customer will have to resign the IPA file they recieve from the developer and upload it to iTunes Connect themselves using Apple AppLoader or Xcode. To resign it, they will need the codesign binary provided by the Xcode command line tools (full Xcode not required, but will also work). Optionally, they can use Xcode to upload and re-sign an xcarchive.
There are some apps that give a UI to codesign, like iResign and AirSyncApp, that are more user-friendly than the command line.
Thanks to #alanc-liu for contributing information.
I have an iOS Enterprise Account, and I currently use HockeyApp for OTA app distribution. When I want to send an app to HockeyApp that utilizes this license, I make an in-house distribution profile for the app, archive it, and upload the file to HockeyApp, and it works fine. I am the agent of my team on the developer portal.
I want for other members of my team (including a Jenkins instance) to be able to sign applications with the same type of distribution profile that they can make. However, when someone tries to archive an app with the same distribution profile, they are unable to do so. Further, they are unable to apply for a distribution certificate unless they send me the .certSigningRequest file and I apply for it myself, then send it to them (I know this is incorrect but this seems like the only way to get them a certificate).
Basically, what do I need to do to enable another team member to archive an app for enterprise distribution?
Then you'll have to export your certificate and private key from Keychain Access and have others (including the Jenkins machine) import it into their keychain.
See: https://support.apple.com/kb/PH20122?locale=en_US
Our organisation (MyOrg) has a mobile application which we have licensed to another organisation (TheirOrg). In order to deploy the app for TheirOrg we need to make changes so it works in their environment (end points, icons, title, etc). So it makes sense to sign the app using their certificate. The goal is to have the ability to deploy the app either using our certificate or theirs.
This is what we've done so far:
'TheirOrg' has made a request for us (MyOrg) to join their
development team.
We joined the development team and downloaded the certificates. As I look in the KeyChain app I can see all certificates.
When it comes to deployment, through Archive option, I can see TheirOrg listed in the 'Development Team to use for provisioning' option. (This is great because this allows me to sign the app either using MyOrg or TheirOrg key.)
After selecting 'TheirOrg' from the dropdown and moving to the next screen I'm faced with the following error:
Here's my question: how do you instal the certificate locally through XCode (6.4)?
First of all you need to ask them the p12 certificate (Export from keychain - distribution certificate) & then install it. then follow below instructions.
If you want to archive your app and export it, then you have to create iOS Distribution certificate not development certificate.
Generate AdHoc Distribution provisioning profile
Download and double click on it.
Select that profile on build settings & then try to Archieve, it will work.