if external developer is developing the app for one client that is going to distribute the app in house, how should the developer export the app, so that the client can than distribute it in house.
Does developer need private key of In House Distribution certificate of the client? Are there other solutions to export the app for the client without getting the private key of In House Dist. certificate?
Solution
I came out with following solution:
get admin rights for iOS Enterprise program
create new certificate (or get the private key from team agent) (thanks to Z.pyyyy)
configure XCode to allow "don't sign code" like described here
in project and targets build settings use "don't sign code" for signing and automatic for provisioning profiles (it will take the provisioning profile for your team)
select right team
archive your project
use export for enterprise distribution (this creates ipa file)
distribute the ipa file
Actually, as an external developer, you don't need any of those certificate or signing identity stuff.
You can generate an unsigned ipa iOS application, send the unsigned ipa file to your client so that they can resign the application as they like.
You can refer to the following links:
Generating an unsigned IPA iOS application
and
How to Re-sign an iOS App from External Developers
Related
I am working on a tvOS app. I need to create an ipa file. The client has provided a distribution certificate and a provisional profile for the app. But, the client has not provided any Apple Developer account details. Is it possible to create a valid ipa file for App Store?
You will not be able to be able to create a valid ipa without being part of their team on the Members Centre.
However, it should be relatively straightforward for them to re-sign the IPA, instructions can be found here:
How to Re-Sign an iOS App from an External Developer
This means you can just sign the ipa with your regular developers profile.
It may be worth noting that they can add you to their team on the Developer Centre without adding you to their team on iTunes connect as they are two separate services. This means you can provide them with a valid, signed build which they could then upload to iTunes Connect themselves.
I have an iOS Enterprise Account, and I currently use HockeyApp for OTA app distribution. When I want to send an app to HockeyApp that utilizes this license, I make an in-house distribution profile for the app, archive it, and upload the file to HockeyApp, and it works fine. I am the agent of my team on the developer portal.
I want for other members of my team (including a Jenkins instance) to be able to sign applications with the same type of distribution profile that they can make. However, when someone tries to archive an app with the same distribution profile, they are unable to do so. Further, they are unable to apply for a distribution certificate unless they send me the .certSigningRequest file and I apply for it myself, then send it to them (I know this is incorrect but this seems like the only way to get them a certificate).
Basically, what do I need to do to enable another team member to archive an app for enterprise distribution?
Then you'll have to export your certificate and private key from Keychain Access and have others (including the Jenkins machine) import it into their keychain.
See: https://support.apple.com/kb/PH20122?locale=en_US
I work for a company developing their iPad app. None in the company is a technological geek to handle Xcode app deployment themselves. So for now, we do this:
I develop the app.
Create an ad hoc testing version and share the .ipa file with them.
They test and then I make a distribution version for further release.
What I want to establish as a permanent solution is
I develop and share the Xcode archive
They make all different versions for testing and release.
However I have been largely unsuccessful in doing so: for creating the archive, I have to sign/certify with my development profile. They could deploy it further from Xcode archive to an .ipa file, using their distribution certificate. However, they can not install it on their devices. I believe mainly because the development version requires my certificate/profile to be enabled on their devices :(.
Is there a way out? I need to provide them an archive which they could further sign and do whatever they want to do (either test on whatever devices they want to or release).
Thanks,
Nikhil
If you don't want to manage the device identifiers where you are deploying the device, you could use:
1) TestFlightApp.com (although I don't know what the current status of their offerings are -- since they've been acquired by Apple -- but they still have a "Sign Up" link on the top of their home page).
or
2) Apple's Enterprise Developer Program, which allows you to "Distribute In-house Apps".
You can sign application using their distribution certificate.
To do so c'est have to send you a p12 export of the certificate, the p12 contains the private key of the one creating the certificate and the certificate.
To export a certificate :
Go to the keychain access
Right click on the certificate
click export
I developed an iOS app that my client is going to use internally. They sent me their enterprise distribution provisioning profile. When I add it to XCode it says "Valid signing identity not found". How do I build the app so that my client can run it on their devices?
Your computer is unable to sign with the distribution profile, since you don't have the private key for this certificate.
Alternative 1
Apple intends that building a project for distribution will only take place on a single machine - the machine that the certificate was originally created on. So, in their eyes, you should ask your clients to build the project internally (for distribution only - for development you should have no problems building yourself).
Alternative 2
There is a way to override it.. and it involves exporting the private key from that special distribution machine and emailing it to you.
These are the steps (also outlined here):
Access the computer where the certificate was created, open the "Keychain Access" program on the computer
In "Category" panel, select "Certificates"
Find the correct distribution certificate and expand it
Highlight both the iPhone distribution certificate line and the private key line under it.
Right click and select "Export 2 items"
Save the .p12 file, choose a password that can share, you will need it to import this file later
Email the saved file to you
Once you import this and type in the password from step 6, you will have the private key on your computer too and all will be good.
Alternative 3
There's a chance that when you ask your clients to export the private key, they will have no idea what you're talking about and no idea where the machine that created it is (this is what actually happened to me). This is usually the case if they are not regularly building for distribution on their own.
In this case, you can simply delete the certificate and create a new one (for the distribution profile). If you create the certificate on your machine, then you will have the private key. You should also export it to them just in case (using the same steps of alternative 2).. so they have the ability to build without you if need be.
Each provisioning profile is paired with a certificate. If you subscribe to the Apple developer service, you should have access to create and download a development cert (tied to the apple ID) and a distribution cert (tied to the organization). The enterprise distribution provisioning profile needs to be paired with the distribution cert. So in order to use their provisioning profile, you will have to get the distribution certificate from them. This will also involve you getting their private key, which they might not be so fond of. Alternatively, they can set you up as a developer on their portal, then you can distribute through the machine that already has the distribution cert installed on it.
We have developed an iOS app that has been delivered to the customer as an IPA with an ad-hoc distribution profile that allowed a set of their employees to install it on their devices. The customer now wishes to distribute that app internally to all their employees using their iOS Enterprise Developer program credentials.
I had hoped that the customer could simply re-codesign the ad-hoc IPA with their own enterprise identity. However, they say they can't do that. They say they "need an IPA file with the removal of the limitation to only certain devices".
So, what do I do?
Do I need to somehow create an "unsigned" IPA for them? (And if so, how do I do that?)
Do I need them to generate an Enterprise distribution provisioning profile for me so I can build the app with that profile?
Do I need to just send them the source or build output and let them build the package?
I have looked at the following documents, but they have not enlightened me:
TN2250: iOS code Signing Setup, Process, and Troubleshooting
Distributing Enterprise Apps for iOS Devices
It's completely possible to take any IPA and resign it with your own details, modifying the Info.plist, bundle ID, etc. in the process. I do this all the time with IPAs that have been signed by other developers using their own provisioning profiles and signing identities.
If they aren't familiar with the codesign command line tool and all the details of replacing embedded.mobileprovision files and entitlements, the easiest way for them to do this is for you to "Archive" the app via Xcode, and send them the generated archive file (*.xcarchive).
They can import that into Xcode so it is visible in the Organizer, and from there they can choose "Distribute" and sign it with their enterprise identity.
To import the .xcarchive file into Xcode, they just need to copy the file into the ~/Library/Developer/Xcode/Archives directory and it should appear in the Xcode organizer. Then they click "Distribute" and follow the instructions: