What is the purpose of a distribution certificate in ios - ios

Im a web tester but recently i was assigned to mobile testing. The ios devs gave me two files, a .p12 file and a provisioning profile file. My question is what is the purpose of the .p12 file? When I go to xcode, they only ask me to input the provisioning profile in the signing field (but I added the .p12 file to my keychain as I was told). So my question is, what was the purpose of that .p12 file and why do I need to have it installed into my keychain when in Xcode it only asked me for the provisioning profile and I can now build the app and test it?

The .p12 file is the encrypted certificate used to generate the provisioning profile. This ensures that you are allowed to use the provisioning profile, and the provisioning profile is how the system knows what users are or are not allowed to run your app (or in the case of distribution, who's allowed to distribute the app).
More info on all this here: https://support.magplus.com/hc/en-us/articles/203808748-iOS-Creating-a-Distribution-Certificate-and-p12-File

Related

iPhone has denied the launch request - On provision profile

A company that I am developing a project for, gave me a .mobileprovision file and a .p12 certificate to add APNS to their project. As long as I've added their provision profile to my project in XCode, XCode keeps saying "iPhone has denied the launch request." when I try to build project on my physical device.
I've tried deleting certificate Apple Worldwide Developer Relations Certification Authority, and adding another user account to mac but non of them worked. Only when I disabled Debug executable, the app launched successfully, but it's not a solution because I need to debug the app.
Should I tell them to add my device UDID to their account's devices on developer.apple.com?
You've been given an Adhoc distribution provisioning profile, which don't allow the debugger to attach (they're missing the get-task-allow entitlement), as they're for use when you distribute your app for testing, not local development.
If you need to debug, they'll have to supply you with a development p12 certificate and a matching provisioning profile.
You are trying with Development Profile vs Distribution Profile?
Distribution Profile:
With AdHoc Distribution profile, you can't debug any app it should be used for distribution only.
Development Profile:
If you didn't add your device UDID to the provisioning profile, you can try to do that and re-generate the provisioning profile and download it.
In Keychain Access, you will get to know which profile you received from the team,
gave me a ".mobileprovision" file and a ".p12" certificate
That seems like a red herring. I would suggest ignoring both of those. If they want you to work on their app, they simply make you a team member. Done! Your own dev center membership is then sufficient to debug on device.

Delivering IPA for testing purpose

My Client is demanding IPA file of the app. And they have provided me with development provisioning profile only. They dont want me to use my own developer account. What else i need to generate IPA? Please help me out generating that.
Thanks
Alongwith the provisioning profile, you'll need the .p12 of the developer account certificate that it was created for.
So... they'll need to export their developer account certificate's private key as a .p12 file.
This can be done via Keychain Access and they can opt to have any or no password while exporting it.
Then, you will need to import this p12 into your own Keychain Access.
That's it.
Finally, go to your app's build settings and specify the Code Signing Identity that will basically be whatever the p12 you imported and the Provisioning Profile that they provided.
Archive and export
:)
They will have to export their Distribution certificate and also send you the Distribution Provisioning profile.
Here is an example how to export the distribution certificate
You'll install the certificate and provisioning profile provided by your client and sign the ipa file with it.

Issue with signing app with wildcard profile

I developed an iPad application to a client. My client has Apple Enterprise license. But they dont allow me to sign the app with their certificate. They just ask me to provide .xarchive file so that they can sign the app and create the ipa file.
This is how I have done that
1. Create a appid with com.mycompany.myapp.abc
2. Create a adhoc profile using above appid with my developer portal
3. set the bundle ID of my app com.mycompany.myapp.abc
4. Set the code signing identity to above profile in my app's target
5. archive the file using xcode 4.6.1
6. export the xarchive file and send to the client
7. Ask client to create a inhouse Dis profile with com.mycompany.myapp.* appid
8. Ask client to open the xarchive file using xcode and sign the app with inhouse profile and create the ipa file
They have followed above instructions in 7,8 and have created the ipa file. But when we try to install the ipa file using xcode to a device it gives following error.
Does above procedure has any problem. Can some one explain the issue.
EDIT:
for testing purpose I created adhoc profile with com.mycompany.* and created an ipa file by signing above xarchive file, it gives the same error message. But If I sign the xarchive file with profile crated with com.mycompany.myapp.abc bundle id works fine.
TL;DR:
Find out what the client's (provisioning profile's) entitlements are and make sure you match them.
The error is trying to say that the entitlements in your provisioning profile and their provisioning profiles differ. The difference could be a keychain group, push notification environment or something else.
The reason why Xcode asks you to choose a provisioning profile twice (once when archiving, once when distributing) is that all the provisioning profile entitlements are picked up in archive stage and mostly ignored in the distribution stage.
This makes it all too easy to distribute with the wrong entitlements, especially if your archive stage accidentally picked up a wildcard profile. Not your case, but that's why you should burn wildcard profiles with fire.
There are clever re-signing scripts (a.k.a. "Distribute..." button replacements) that will try to make the entitlements right by mashing what they find in the end user provisioning profile into your binary but I think the best solution is to make sure your provisioning profile's entitlements and any extra entitlements you add to your app matches their provisioning profile's.
I find Xcode's provisioning profile/entitlement system to be error prone. On hand you have entitlements that are basically part of your app's identity and may as well be set in stone (TODO: make your CI server check them). And on the other hand you have Xcode's build phase gleefully changing your app's entitlements based on its automatic/random provisioning profile selection. Silly.
You should follow the below step to make adhoc distribution .ipa for client
set bundle identifier in target info.plist
select the ad hoc distribution profile in target as well as in project
select iOS device then product-> archieve
organizer will pop up then select the archive and select "distribute" -> Adhoc Enterprise distribution
select the correct ad hoc distribution profile then save this .ipa file.
then send it to the client and let him know that before archiving or building the app we need correct adhoc provisioning profile . so there is no need to repeat the process at your end to set the provisioning or other stuff just distribute it .
How to distribute your iOS app over the air:
Just need to place the .ipa file and plist on a server and set the path in the above link example.

Do the distribution profiles come from distribution certificate?

The client has given me the distribution profiles, how can i add the profiles in xcode 5?
As far as i know distribution certificates are responsible for distribution profiles. Importing distribution certificate enables and add all the distribution profiles in xcode. Without certificate distribution profiles can't be used.
Please correct me if i am wrong and suggest the work around for importing profiles in xcode 5.
Deployment phase is new for me.
Thanks
Importing the profiles is just double clicking on them. You can't use the profile without the private key for the certificate that was used to generate the profiles. This need to be exported from the keychain (usually as a p12 file) and imported onto your development machine.
It is possible that the client exported a package containing all of this info using Xcode, then double clicking should install everything required.
Importing distribution certificate enables and add all the distribution profiles in xcode
No, importing one doesn't automatically import the other.
There are no workarounds, you need to be supplied with both the certificate (private key) and the profiles.
A distribution profile is basically a way to make a trust relationship between a particular distribution certificate (which identifies your organisation as a registered Apple development organisation), a particular app or group of apps (identified by an AppID like com.foo.bar.myawesomegame), a set of valid devices where the app can be installed (in the case of ad-hoc distribution; in the case of App Store distribution this is not required), and a set of enabled services, like In-App Purchases.
In your particular situation, if the client wants to test your app, and you are provided with a valid distribution provisioning profile (a file with .mobileprovisioning extension), you also need to install a valid distribution certificate on your computer. The client can download this certificate from http://developer.apple.com (Member Center) and send it to you so you can import it on your machine with a double click on the .cer file.
To enable external users test an app, there's a simpler process, providing that your organisation is a registered Apple development organisation: First, you generate a distribution certificate from http://developer.apple.com. Then, you create a distribution (ad-hoc) provisioning profile and add the distribution certificate and the UUIDs of the iPhones the client wants to use for testing. The client can get the UUIDs from the iTunes app, for example. Then, you can download both the certificate and the distribution profile to your computer, double click to import them into Xcode, and finally sign the app (.ipa file) so that the client can test it on their own devices. You can do that by choosing Product, Archive in Xcode and selecting your distribution certificate and provisioning profile.

Problems validating iOS App build

I'm working with a developer to create an iOS App for a client. I created my certificates, provisioning profiles, etc, and then sent it to the developer to build the App. They have then sent me back the build as an .xarchive file, which I have loaded up into Xcode.
On the Archives tab, I then go to validate it, but the developer certificate I created in iTunes connect is invalid.
I created both my developer and distribution signature inside the same iTunes Connect account, and they're both loaded up in Keychain along with my WWDR certificate.
Make sure you downloaded and dragged your provisioning files to XCode as well.
When producing a build using a Distribution Certificate you need to make sure that you have a properly generated Distribution Certificate in the iOS Provisioning Portal. Select the Certificates -> Distribution tab and make sure you have a distribution certificate listed. If there is one and you do not have the original private key on your machine, you will need to obtain the private/public key pair from the original machine, or revoke and recreate the certificate.
Also, make sure you have created a Distribution provisioning profile and that it is being used in conjunction with this Distribution Certificate.
Also, check to be sure you have a distribution provisioning profile for your app for app store.
Other problems include the App ID differing from the Bundle Identifier and it has trouble associating it with the provisioning profile. Most commonly when the Bundle Identifier is derived from the ProductName and the case of the characters doesn't match the case of the characters in the App ID on the provisioning portal.
You can get around this by typing in the bundle identifier into the AppName-info.plist file.
I finally worked it out! I had the right certificates, but had only created a development provisioning profile. I created this in iTunes Connect and then it worked perfectly. Hope this helps someone else who has a similar problem.
Easiest way to ensure you have everything I needed is to remember that you need separate certificates and provisioning profiles for development and distribution. They can all be created in iTunes Connect, and you just need to download them and run the file to ensure Xcode finds them.

Resources