In House Distribution issue with distribution certificate - ios

My first question here, and I have tried everything and googled like hell and couldn't find an answer to this issue.
So I have a client for whom I have to make an iOS distribution via in House distribution system (they don't want their app on the store but will use it in corporate use with over 20 devices, so the AdHoc UDID system is out of the question).
Now, the client has given me Admin roles on their Enterprise account and I have done the following:
Downloaded the production certificate
Installed the .p12 file from the client on my keychain
Created the app id
Created the provisioning profile and downloaded it too
Now, I do manage to archive the app and install it on my device, but then the app crashes like right after the splash screen. It is to my understanding that there is an issue with the production certificate, and I am clueless. Any help or advice would be greatly appreciated.

An enterprise-signed app won't allow a debug connection. if you want install app in device, you should create archive .ipa and install.
for debug app in device you need to signed app using AdHoc provisional profile of individual developer account.

After some time I have managed to solve this little issue. The main problem was not the .p12 but the bundle ID itself. Since most of the times I was getting an error that the bundle ID was not matched with the provided provisioning profile. So what I did is:
Edited the app id on the Apple Dev Site from an old name, i.e. com.potato.PotatoApp into com.lemon.PotatoApp (the main reason I had to do this is cuz' my default ID is my company's ID, and in this scenario I had to use the client's Apple Dev Account, and thus the ID itself.
Edited the provisioning profile by selecting the newly edited app id, and then changing the name from "PotatoApp" to "PotatoApp inHouse"
Downloaded the newly edited profile.
On the Debug settings, this was the corresponding list:
-Provisioning profile (debug & release): "PotatoApp inHouse"
-Code signing identity (debug & release): "iPhone distribution: Lemon Company Ltd."
Also on the team list changed from "Potato Company Ltd." to "Lemon Company Ltd.", after that a simple Archive and the build was created without any issues.

Related

Appcenter iOS install error "this app cannot be installed because its integrity could not be verified"

I see that this question has been asked many times but I see no solution that works for me so I'm hoping that providing more info might shed some light.
We use appcenter.ms to test iOS apps. Until our iOS certificate expired this method worked fine. We generated a new enterprise certificate and ad hoc provisioning profile for new releases of the iOS app. Which led to the first curiosity.
I see how to upload a certificate on appcenter.ms but not a provisioning profile. I thought there was an option to do this in the past but perhaps I am mistaken. However, the app is signed with a provisioning profile before upload, so perhaps this is not needed now.
Once the app is uploaded, it can't be installed. It remains grey and when you tap it, you get the "this app cannot be installed because its integrity could not be verified" error. Again, that the .ipa is created with an ad hoc certificate and profile in Xamarin (VS for Mac).
Also, I can't install the provisioning profile on a device from appcenter.ms. You basically get stuck in a loop where you seem to successfully install the profile but have to keep doing it because it never actually installs.
I hope this is enough info for some insight and thanks in advance for any feedback.
We were able to solve this by redoing and downloading development certs and via
And also downloading and double clicking the apple development certificate here
After that our keychain showed both as trusted and we could build to the iPhone again.
The issue can be the your device is simply not registered on the developer portal and/or that ad-hoc provisioning profiles have not been regenerated.
You need to register your device, regenerate a provisioning profile with this device in it and rebuild your app using this profile.
This can also happen because of
Developer ID Notary Service - Outage
which can be checked on https://developer.apple.com/system-status/
Notarization is well explained here:
Notarization gives users more confidence that the Developer ID-signed
software you distribute has been checked by Apple for malicious
components. Notarization is not App Review. The Apple notary service
is an automated system that scans your software for malicious content,
checks for code-signing issues, and returns the results to you
quickly. If there are no issues, the notary service generates a ticket
for you to staple to your software.
Work around fix:
Select your app.
Navigate to TextFlight tab
Create External Testing group
Add one tester
Add build which you want to download using TestFlight
Open TestFlight and download an app.
In my case this was caused by trying to include an entitlement for aps-environment "development" when using an Ad-Hoc provisioning profile. The value for this environment in Entitlements.plist must match what is hard coded into the provisioning profile file - if you open an Ad-Hoc profile in a text editor you will see it expects the "production" environment.
The possible solutions depending on your requirements are to either use the Development profile/certificate, or change the aps-environment to "production" to continue using an Ad-Hoc provisioning profile.
It can also happen if you have other incorrect entitlements - worth checking what entitlements are enabled under the Identifier in Apple Developer portal and removing unnecessary ones.
I had this issue because when building the app on xCode for distribution (Product->Archive then Distribute App), I chose automatic signing. After manually signing the app and choosing my own generated certificate and profile, everything worked again fine.
I removed the Entitlements file from the Addition Resources in iOS Bundle Signing and it worked.
I think the MSAL configuration was set to debug in entitlements.plist
I have also face this issue before but for me the reason was little different
First the build was enterprise one and the build was made on the earlier Xcode version on which the iOS version you are using on the device was not supported by the Xcode.
All I did was to update my Xcode and make a new build and shared the build. After that we were able to install that build over device Hope it works for you as well
This is how I solved for myself.
In you iPhone Settings > General > VPN & Device Management you should see your company name (if an app from it is installed), and if you click on it, you will see a button like "Verify" above the list of apps installed provided by the company. Just click on "Verify".

App Store Connect Operation Error: Invalid provisioning profile... Please use provisioning profile associated with team ID "XX..XX"

I developed an app for a friend of mine. We published it to the App store from his laptop and his account. We also published the first update through his account as well.
Currently, we need to push a third update, but I am physically away from him and I have to do it from my account and laptop. He made me an "admin" on his developer account team.
Using my developer account, I created new certificates and new provisioning profiles (as his certificates and provisioning profiles expired). The app deploys normally when I test it on my iPhone device.
When I try to upload the app to the App Store, I receive the following error:
My team ID is (59..DU). My friend's team ID where we published the app and pushed the first update is (JB..22) (The one the error is showing).
I've been trying for almost two days. I tried everything I could, my problem is mainly the team associated with the provisioning profile. The code signing works fine (no errors) whether it's manual or automatic. I also signed out then signed in for my developer account on xcode. I also verified the bundle ID. Nothing seemed to work.
How can I upload the app using my friend's team ID (JB..22) from my developer account? Keeping in mind that I cannot use his credentials and I'm physically away from him to do this from his laptop.
I would appreciate any help in this matter.
Please verify if it's App Store Distribution profile or not.
If Yes, then try to login to Xcode with your Apple Id which has access to iTunes Connect or App Store Connect.
While validating the archive file please choose the same App Store Distribution profile.

Signing iOS App: App ID Cannot be Registered to Your Development Team

I need to replace a deployed iOS native app with a new Ionic3 / Cordova hybrid app. The new hybrid app builds successfully (on macOS Sierra 10.12.6) but I can't sign the app (so that it can be uploaded to the app store).
As a first step, I'm focused on getting the new app on the app store (as alpha to test with TestFlight). I've removed all "development" certificates/profiles from developer.apple.com.
There's a lot of information/questions/answers on the web about signing apps. I've spent a couple of days on this issue and cannot get it to work no matter what I read or what I try.
The current iOS app code (deployed)
In Info.plist, $(PRODUCT_BUNDLE_IDENTIFIER)
In /bbh.xcodeproj/project.pbxproj, PRODUCT_BUNDLE_IDENTIFIER = "NSP.BBH-Mobile";
Re-create development provision
Open Keychain. Delete all developer/iPhone certificates. Delete all keys.
On developer.apple.com, delete development certificate and development provisioning profiles.
Confirm my iPhone device is registered with the correct UDID.
In Keychain, generate a certificate signing request file.
In developer.apple.com, create a development certificate, upload the certificate signing request generated in the previous step, download the certificate .cer file.
Double click on the .cer file. Keychain opens. Choose to add to "log in".
In Keychain > certificates, choose export, specify the strong password. Certificates.p12 file will be generated.
In developer.apple.com, create a development provisioning profile. Choose "iOS App Development". Choose an App ID ... but which one?
App IDs in developer.apple.com
BBH Mobile = com.bbh.*
BBH Mobile = NSP.BBH-Mobile
Xcode iOS Wildcard App ID = *
Notice on-screen reads:
"If you plan to use services such as Game Center, In-App Purchase, and Push Notifications, or want a Bundle ID unique to a single app, use an explicit App ID.
If you want to create one provisioning profile for multiple apps or don't need a specific Bundle ID, select a wildcard App ID. Wildcard App IDs use an asterisk (*) as the last digit in the Bundle ID field.
Please note that iOS App IDs and Mac App IDs cannot be used interchangeably."
We need push notifications so choose an explicit App ID = AYW4J8P7X3.NSP.BBH-Mobile
app id = team id (generated by apple) + bundle id (supplied by the user)
It makes sense to choose this App ID which includes the bundle id of the iOS currently deployed.
https://www.screencast.com/t/C0QdPdxwh09t
Choose a development certificate (just created), choose all devices.
Download the development profile and double click to install (in Xcode).
Double-clicking doesn't seem to do anything? How do I know it's installed in Xcode correctly?
Do I need the .mobileprovision file on my iPhone? The mac server is in the cloud so I don't have my iPhone connected via USB to the mac.
Open Xcode. Confirm my apple account added in Xcode > Preferences > Accounts. In the project, targets, signing, click "Automatically manage to sign".
Choose my personal team. The following errors are displayed:
Error 1: The app ID "NSP.BBH-Mobile" cannot be registered to your development team. Change your bundle identifier to a unique string to try again.
Why does it prompt to change bundle id? Isn't it standard to have one app id and to generate both a debug/development and release?
Error 2: No profiles for 'NSP.BBH-Mobile' were found Xcode couldn't find any iOS App Development provisioning profiles matching 'NSP.BBH-Mobile'.
But we just created a new development provision and selected App ID = NSP.BBH-Mobile. Why doesn't Xcode recognize this?
you may try unselect Automatically manage signing and import provisioning profile manually.
These are the steps I took to finally resolve this issue. It may not be optimal but it at least worked.
1. In Xcode, turn off automatically manage signing.
2. For signing (debug), select my development provision profile.
3. For signing (release), create a production provision profile, then select the new production profile.
Notes/Observations:
Even though I only wanted to create a signed debug for testing it seems I still had to provide valid signed release provision too.
Even after deleting all keys/certificates etc. and starting from scratch it seems Xcode has created a certificate too. Annoying - it's difficult to tell who created what now.
There was no need to change the bundle ID from the original iOS native app being replaced.
Creating a new production provision did not affect the existing production provision (which I could not use because I don't have the key).

Wildcard App IDs can not be used to create In House provisioning profiles. Please use an Explicit App ID

I'm invited to a team to build an in house app. I'm granted as a team admin in Apple Developer Portal. The problem is that when I want to export the achieved app to a .ipa, it shows the message "Wildcard App IDs can not be used to create In House provisioning profiles. Please use an Explicit App ID." as the following screenshot. At the beginning, I login to Xcode/Preference/Account and download all provisioning profiles. Then I tried to login another account (who is able to export the .ipa) on Xcode/Preference/Account. Both trial lead to a same error message. Then I reset all my certificates and provisioning profiles on developer portal but in vain.
The interesting thing is that there's always a wildcard app id "*" on the developer portal, I tried to remove it manually but it comes back every time when I try to export the in house app.
I also tried the answers
Xcode 7.2: Failed to Locate or generated signing assets, Wild Card App IDs can not be used to create In House Provisioning Profiles
and this one
XCode export app, wildcard error
, nothing happened.
Any idea? Thanks for reading my question. I've already spend two days on this issue.....
Screenshot1
Xcode unable to create distribution builds for App Store submissions or Enterprise apps.
This issue occurs when the expired WWDR Intermediate certificate is present in both the System keychain and Login keychain within the Keychain Access application.
To resolve the issue, first download and install the renewed certificate.
Next, in the Keychain Access application, select the System keychain.
Select 'Show Expired Certificates' in the View menu and then delete the expired version of the Apple Worldwide Developer Relations Certificate Authority Intermediate certificate.
Your certificates should now appear as valid in Keychain Access and be available to Xcode. This issue is resolved in OS X El Capitan v10.11.4 beta.
from developer.apple.com

App Distribution Provisioning Profile and Signing Issues

I've been trying to publish my app (on ios for the first time) for a few days now. Every time I try to submit, I usually get an error in the application loader telling me that the provisioning profile doesn't line up with the signing identity. I can't figure this out! Here is what I've done:
created an iOS Distibution signing identity via Xcode account management
created an App ID (wildcard) via apple dev portal
created an app store (distribution) provisioning profile (associated with said App ID and iOS signing ID) and installed it on my mac
Using RoboVM tools, I generate an IPA with said signing identity and distribution provisioning profile. (Because this is a LibGdx game)
created an App in itunes connect (bundle ID being that of the one used for my app ID)
When I try to send to itunes connect via application loader, I get an error reading "The executable must be signed with the certificate that is contained in the provisioning profile." This is driving me insane so I thought I would see if I could find help here. Thanks in advance!
EDIT: Turns out my mac was mixing up delicately named signing identities. I deleted them all and redid the process. works now!
Check the following things:
Do you select the right certificate in the profile?
Do you select the right profile in the Xcode?
Certificate and profile are valid.

Resources