Do the distribution profiles come from distribution certificate? - ios

The client has given me the distribution profiles, how can i add the profiles in xcode 5?
As far as i know distribution certificates are responsible for distribution profiles. Importing distribution certificate enables and add all the distribution profiles in xcode. Without certificate distribution profiles can't be used.
Please correct me if i am wrong and suggest the work around for importing profiles in xcode 5.
Deployment phase is new for me.
Thanks

Importing the profiles is just double clicking on them. You can't use the profile without the private key for the certificate that was used to generate the profiles. This need to be exported from the keychain (usually as a p12 file) and imported onto your development machine.
It is possible that the client exported a package containing all of this info using Xcode, then double clicking should install everything required.
Importing distribution certificate enables and add all the distribution profiles in xcode
No, importing one doesn't automatically import the other.
There are no workarounds, you need to be supplied with both the certificate (private key) and the profiles.

A distribution profile is basically a way to make a trust relationship between a particular distribution certificate (which identifies your organisation as a registered Apple development organisation), a particular app or group of apps (identified by an AppID like com.foo.bar.myawesomegame), a set of valid devices where the app can be installed (in the case of ad-hoc distribution; in the case of App Store distribution this is not required), and a set of enabled services, like In-App Purchases.
In your particular situation, if the client wants to test your app, and you are provided with a valid distribution provisioning profile (a file with .mobileprovisioning extension), you also need to install a valid distribution certificate on your computer. The client can download this certificate from http://developer.apple.com (Member Center) and send it to you so you can import it on your machine with a double click on the .cer file.
To enable external users test an app, there's a simpler process, providing that your organisation is a registered Apple development organisation: First, you generate a distribution certificate from http://developer.apple.com. Then, you create a distribution (ad-hoc) provisioning profile and add the distribution certificate and the UUIDs of the iPhones the client wants to use for testing. The client can get the UUIDs from the iTunes app, for example. Then, you can download both the certificate and the distribution profile to your computer, double click to import them into Xcode, and finally sign the app (.ipa file) so that the client can test it on their own devices. You can do that by choosing Product, Archive in Xcode and selecting your distribution certificate and provisioning profile.

Related

Apple certificates CER file to CSR

I am a little lost in apple certificates and what I need. I created development certificate, some profiles and so (for my use). Now I am adding some features to existing app which creates someone else but it's my job now and for next I was asked for giving UDID and creating CSR file. UDID is clear but how can I create CSR file? I should give it and then I get provisioning profile from other person. I hope it's clear. So how can I get CSR for my development profile?
From what I understood you already have provisioning profile. Provisioning profile is something that connects certificate (developer) with UDID's (allowed devices) and bundle identifier (app identifier).
If you have valid provisioning profile (contains your device, correct app identifier etc.) you only need to set it to be used in xcode under build configuration.
If you really need CSR (certificate signing request), something that is used to generate new certificate - you use keychain for that (Keychain access -> Certificate assistant ...). You can find detailed information on CSR generation in memeber center of iOS developer program (Certificates, Identifiers & Profiles -> Certificates -> + ). From some time handling of provisioning profiles is almost automatically handled by Xcode when you try to build app for your device.

How to build iOS app using 3rd party distribution provisioning profile

I developed an iOS app that my client is going to use internally. They sent me their enterprise distribution provisioning profile. When I add it to XCode it says "Valid signing identity not found". How do I build the app so that my client can run it on their devices?
Your computer is unable to sign with the distribution profile, since you don't have the private key for this certificate.
Alternative 1
Apple intends that building a project for distribution will only take place on a single machine - the machine that the certificate was originally created on. So, in their eyes, you should ask your clients to build the project internally (for distribution only - for development you should have no problems building yourself).
Alternative 2
There is a way to override it.. and it involves exporting the private key from that special distribution machine and emailing it to you.
These are the steps (also outlined here):
Access the computer where the certificate was created, open the "Keychain Access" program on the computer
In "Category" panel, select "Certificates"
Find the correct distribution certificate and expand it
Highlight both the iPhone distribution certificate line and the private key line under it.
Right click and select "Export 2 items"
Save the .p12 file, choose a password that can share, you will need it to import this file later
Email the saved file to you
Once you import this and type in the password from step 6, you will have the private key on your computer too and all will be good.
Alternative 3
There's a chance that when you ask your clients to export the private key, they will have no idea what you're talking about and no idea where the machine that created it is (this is what actually happened to me). This is usually the case if they are not regularly building for distribution on their own.
In this case, you can simply delete the certificate and create a new one (for the distribution profile). If you create the certificate on your machine, then you will have the private key. You should also export it to them just in case (using the same steps of alternative 2).. so they have the ability to build without you if need be.
Each provisioning profile is paired with a certificate. If you subscribe to the Apple developer service, you should have access to create and download a development cert (tied to the apple ID) and a distribution cert (tied to the organization). The enterprise distribution provisioning profile needs to be paired with the distribution cert. So in order to use their provisioning profile, you will have to get the distribution certificate from them. This will also involve you getting their private key, which they might not be so fond of. Alternatively, they can set you up as a developer on their portal, then you can distribute through the machine that already has the distribution cert installed on it.

Apple Enterprise Developer Distribution Certificate appears in keychain, not in Xcode Organizer

I'm a contract developer, and have an app to be distributed via the client's Enterprise account.
I've worked with other clients on Enterprise accounts, but for some reason, the "iPhone Distribution" certificate that I've added to my keychain for this client does not appear in Xcode Organizer.
When I import a mobileprovision for the app, Xcode complains there's no valid key pair.
The client has added me to their account; can only the developer who created the Enterprise Distribution certificate import it to a keychain? If I create a new distribution cert (not profile), does that invalidate the existing cert (used by other apps I have not worked on?)
You will need the person who created the certificate to export it from their keychain. The certificate you download from the provisioning portal is a public key and does not contain the private key.
From Apple Tech Note about Code Signing
Note: In the case of missing Private Keys for your certificates,
Automatic Device Provisioning can restore your certificate to the
keychain, but not the missing private keys.
Transferring Your Identities Once you have a healthy working code
signing configuration set up it is recommended that you follow the
steps in section Transfer Your Developer Profile to Another Computer
of the Xcode 4 User Guide to create a backup of them. The backup can
be used to restore your working code signing configuration from
hardware failure, or to enable code signing on additional Macs,
partitions, or OS X user accounts of your choice. The backup
(.developerprofile file) once created contains all of the following
items:
all iPhone Developer certificates in your keychain all iPhone
Distribution certificates in your keychain all Provisioning Profiles
in the Xcode Organizer > Devices tab > Provisioning Profiles section
under "Library" Note: While creating the backup of your identities you
will be asked to enter a brand new password. Be sure to remember as
you'll be asked to enter that password later to use the backup for its
intended purposes.
Tech Note TN2250

Problems validating iOS App build

I'm working with a developer to create an iOS App for a client. I created my certificates, provisioning profiles, etc, and then sent it to the developer to build the App. They have then sent me back the build as an .xarchive file, which I have loaded up into Xcode.
On the Archives tab, I then go to validate it, but the developer certificate I created in iTunes connect is invalid.
I created both my developer and distribution signature inside the same iTunes Connect account, and they're both loaded up in Keychain along with my WWDR certificate.
Make sure you downloaded and dragged your provisioning files to XCode as well.
When producing a build using a Distribution Certificate you need to make sure that you have a properly generated Distribution Certificate in the iOS Provisioning Portal. Select the Certificates -> Distribution tab and make sure you have a distribution certificate listed. If there is one and you do not have the original private key on your machine, you will need to obtain the private/public key pair from the original machine, or revoke and recreate the certificate.
Also, make sure you have created a Distribution provisioning profile and that it is being used in conjunction with this Distribution Certificate.
Also, check to be sure you have a distribution provisioning profile for your app for app store.
Other problems include the App ID differing from the Bundle Identifier and it has trouble associating it with the provisioning profile. Most commonly when the Bundle Identifier is derived from the ProductName and the case of the characters doesn't match the case of the characters in the App ID on the provisioning portal.
You can get around this by typing in the bundle identifier into the AppName-info.plist file.
I finally worked it out! I had the right certificates, but had only created a development provisioning profile. I created this in iTunes Connect and then it worked perfectly. Hope this helps someone else who has a similar problem.
Easiest way to ensure you have everything I needed is to remember that you need separate certificates and provisioning profiles for development and distribution. They can all be created in iTunes Connect, and you just need to download them and run the file to ensure Xcode finds them.

iPhone: Can a dev other than team agent build an app for distribution

I have a company iphone dev account.
According to the doc, only the team-agent is allowed to submit a distribution cert and download the distribution provisioning profile.
Can a team only have 1 Team Agent?
Also, if that is the case, is there a way around this to allow multiple devs the option to build a distributed version of the app?
I have another developer who I would like to build and submit the app to itunes. I tried giving him the distribution cert and distribution profile. When he dragged and dropped them into xcode, and checked out windows->organize, it complains
"assigning identity matching this profile cannot be found in your keychain"
So this leads me to believe I need to get my key chain credentials on his machine. I tried exporting a private key and giving it to him, but he was unable to install it.
Is there anything else I can do?
I honestly thing its really silly if apple expects one developer to be responsible for building all apps for a company. Hopefully I'm wrong and there is a way to get multiple developers access to building a distribution of an app.
Thank you
NOTE: This process is heavily simplified in XCode 4 (although not personally tested by me) with importing and exporting of developer profiles through the Organizer window (Developer Profile section).
This is how I got it working.
1) Login to the iOS Provisioning Portal as the Agent.
2) Run through the process of making the Distribution Certificate Signing Request / Provisioning Profile: http://developer.apple.com/iphone/manage/distribution/index.action. These instructions a re super long, but pretty clear and necessary.
3) Pay extra attention to the section "Obtaining your iOS Distribution Certificate" > "Saving your Private Key and Transferring to Other Systems" on that page. It describes how to generate and save the Agent's .p12 file.
4) Now invite other developer(s) to be part of the team in the Member Center: https://developer.apple.com/membercenter/index.action#invitations
5) Back in the iOS Provisioning Portal, download the app's Distribution Certificate (Certificates > Distribution (tab)). Should be named "distribution_identity.cer"
6) Now download the Distribution Provisioning Profile (Provisioning > Distribution (tab)). Should be named "whatever_you_named_it.mobileprovision"
7) Email those two files along with the Agent's .p12 file to your other developer machine.
8) On the developer's machine, double-click the distribution_identity.cer file and it should load up in Keychain Access
9) Drag the .p12 file to Keychain and it should automatically put the identity under the certificate
10) Drag the whatever_you_named_it.mobileprovision file into XCode.
11) In each of the Project and Build's Info windows, set the Code Signing Identity to the "iPhone Distribution - Your Company" identity which should now be available.
Hope that helps. Rob
Just another tutorial step by step, but slightly different, the certificates have been already installed in the team's agent keychain, so it explains how to export the .p12 files from the keychain:
how-to-share-an-ios-distribution-certificate
You definitely should be able to build your app with a distribution certificate and profile on your coworker's machine.
Are you sure that the distribution certificate and provisioning profile are installed correctly? If you can build apps with the development certificate but not the deployment one, check to make sure that everything's properly installed in the keychain and that the correct provisioning profile is selected in the settings for the active target.
You can copy the private key in this way, but it's really UNSAFE:
Give him your login.keychain file (located in ~/Library/Keychains/), and let him open it with Keychain.app, and ask him to drag your private key to his login.keychain.
Apple also said you should keep your private key secured, if you need to reinstall your system, make sure you backup the login.keychain file.

Resources