I have an iOS Enterprise Account, and I currently use HockeyApp for OTA app distribution. When I want to send an app to HockeyApp that utilizes this license, I make an in-house distribution profile for the app, archive it, and upload the file to HockeyApp, and it works fine. I am the agent of my team on the developer portal.
I want for other members of my team (including a Jenkins instance) to be able to sign applications with the same type of distribution profile that they can make. However, when someone tries to archive an app with the same distribution profile, they are unable to do so. Further, they are unable to apply for a distribution certificate unless they send me the .certSigningRequest file and I apply for it myself, then send it to them (I know this is incorrect but this seems like the only way to get them a certificate).
Basically, what do I need to do to enable another team member to archive an app for enterprise distribution?
Then you'll have to export your certificate and private key from Keychain Access and have others (including the Jenkins machine) import it into their keychain.
See: https://support.apple.com/kb/PH20122?locale=en_US
Related
if external developer is developing the app for one client that is going to distribute the app in house, how should the developer export the app, so that the client can than distribute it in house.
Does developer need private key of In House Distribution certificate of the client? Are there other solutions to export the app for the client without getting the private key of In House Dist. certificate?
Solution
I came out with following solution:
get admin rights for iOS Enterprise program
create new certificate (or get the private key from team agent) (thanks to Z.pyyyy)
configure XCode to allow "don't sign code" like described here
in project and targets build settings use "don't sign code" for signing and automatic for provisioning profiles (it will take the provisioning profile for your team)
select right team
archive your project
use export for enterprise distribution (this creates ipa file)
distribute the ipa file
Actually, as an external developer, you don't need any of those certificate or signing identity stuff.
You can generate an unsigned ipa iOS application, send the unsigned ipa file to your client so that they can resign the application as they like.
You can refer to the following links:
Generating an unsigned IPA iOS application
and
How to Re-sign an iOS App from External Developers
As a contractor I am working for a company and my job is to build an iOS app and publish it for enterprise distribution. Now the problem is that the company which employed me is kind of sitting on their certificates. Here is what they gave me:
An enterprise distribution provisioning profile
An enterprise distribution certificate (no private key)
I think this is not enough to publish the app for enterprise distribution. What else will I need?
The problem is they are very uncooperative (it is a big company and my guess is the IT department is not happy that the job was given to an outsider), I do not even have a direct contact to them.
1) If they want you to build the app, they have to give you the private key for the distribution certificate.
2) Another option would be that you check in the code in their repository (what you're probably doing anyway) and they build and upload the app themselves.
3) Or they give you access to a machine running Xcode with the proper certificates and keys already installed.
If they are concerned about the security of the certificate, 2) would probably be the best option for them.
I work for a company developing their iPad app. None in the company is a technological geek to handle Xcode app deployment themselves. So for now, we do this:
I develop the app.
Create an ad hoc testing version and share the .ipa file with them.
They test and then I make a distribution version for further release.
What I want to establish as a permanent solution is
I develop and share the Xcode archive
They make all different versions for testing and release.
However I have been largely unsuccessful in doing so: for creating the archive, I have to sign/certify with my development profile. They could deploy it further from Xcode archive to an .ipa file, using their distribution certificate. However, they can not install it on their devices. I believe mainly because the development version requires my certificate/profile to be enabled on their devices :(.
Is there a way out? I need to provide them an archive which they could further sign and do whatever they want to do (either test on whatever devices they want to or release).
Thanks,
Nikhil
If you don't want to manage the device identifiers where you are deploying the device, you could use:
1) TestFlightApp.com (although I don't know what the current status of their offerings are -- since they've been acquired by Apple -- but they still have a "Sign Up" link on the top of their home page).
or
2) Apple's Enterprise Developer Program, which allows you to "Distribute In-house Apps".
You can sign application using their distribution certificate.
To do so c'est have to send you a p12 export of the certificate, the p12 contains the private key of the one creating the certificate and the certificate.
To export a certificate :
Go to the keychain access
Right click on the certificate
click export
In years gone by we found that we could only have 1 distribution certificate per logged on user so we created as many accounts as was need, 3 in our case, 1 for each developer program and logged onto the mac using the required account.
So anytime an app was developed and need to be distributed in-house I would log onto the mac using the enterprise account and archive and distribute for in-house and sent the resulting .ipa file and the provisioning profile to the users.
I have now discovered I can have multiple distribution certificates on the mac and am trying to see if I can distribute via in-house logged on to the mac as me and use my own profile or the team profile that link to the enterprise developer program.
The app build ok and generates the ipa file and I can install using iTunes but I get a faded icon on the iphone and when tapped it says installing but never does?
So, my two part question is:
a) is it possible to distribute in-house using my enterprise linked account logged on as me and using my profile or team profile
b) I read you do not need to give the user the profile, but I have always done this as was the requirement when I first learned to do this?
Thanks
a) Yes. I have 10 or so certificates (dev & dist) on my computer for various clients. I keep them in separate keychains for peace of mind. When it comes to time distribute your in-house binary, you archive in Xcode then hit the Distribute… button in the Xcode organizer, choosing the correct Enterprise profile.
b) This is no longer necessary as the Distribute… step mentioned above embeds the profile in the app. Things are much easier than they used to be.
NB: I avoid wildcard provisioning profiles as they can cause heartache, even in simpler situations than yours (e.g. if Xcode chooses a wildcard Ad Hoc profile during Archive, then your entitlements may be wrong once you Distribute), so for this reason I recommend you always use explicit profiles.
I developed an iOS app that my client is going to use internally. They sent me their enterprise distribution provisioning profile. When I add it to XCode it says "Valid signing identity not found". How do I build the app so that my client can run it on their devices?
Your computer is unable to sign with the distribution profile, since you don't have the private key for this certificate.
Alternative 1
Apple intends that building a project for distribution will only take place on a single machine - the machine that the certificate was originally created on. So, in their eyes, you should ask your clients to build the project internally (for distribution only - for development you should have no problems building yourself).
Alternative 2
There is a way to override it.. and it involves exporting the private key from that special distribution machine and emailing it to you.
These are the steps (also outlined here):
Access the computer where the certificate was created, open the "Keychain Access" program on the computer
In "Category" panel, select "Certificates"
Find the correct distribution certificate and expand it
Highlight both the iPhone distribution certificate line and the private key line under it.
Right click and select "Export 2 items"
Save the .p12 file, choose a password that can share, you will need it to import this file later
Email the saved file to you
Once you import this and type in the password from step 6, you will have the private key on your computer too and all will be good.
Alternative 3
There's a chance that when you ask your clients to export the private key, they will have no idea what you're talking about and no idea where the machine that created it is (this is what actually happened to me). This is usually the case if they are not regularly building for distribution on their own.
In this case, you can simply delete the certificate and create a new one (for the distribution profile). If you create the certificate on your machine, then you will have the private key. You should also export it to them just in case (using the same steps of alternative 2).. so they have the ability to build without you if need be.
Each provisioning profile is paired with a certificate. If you subscribe to the Apple developer service, you should have access to create and download a development cert (tied to the apple ID) and a distribution cert (tied to the organization). The enterprise distribution provisioning profile needs to be paired with the distribution cert. So in order to use their provisioning profile, you will have to get the distribution certificate from them. This will also involve you getting their private key, which they might not be so fond of. Alternatively, they can set you up as a developer on their portal, then you can distribute through the machine that already has the distribution cert installed on it.