How about Apple’s enterprise distribution iOS apps - ios

I have a iOS app use the account A.
My client gave me an enterprise account B for In-House distribution.
I'm not allowed to revoke their existing certificates and they do not provide .p12 and .developerprofile.
I called the apple center and they told me NO .P12 key can also publish procedures but did not told me how to do.
My E-mail have joined the team,
I create a new app id and a provisioning profiles but the provisioning profiles is error in my Xcode.
error message:The private key for "XXX" is not installed on this Mac.
My question:
I just want to release .ipa for in-house type how to do?
thx!

You will need to p12 (private key) form the client or revoke the current profile. There is not other option. Do not revoke any provisioning profiles for current apps since they may used.
Also explain to the client what you are doing and the consequences that it may have, if they are not able to provide you with the necessary certificates.

You generate a Certificate Sign Request (CSR) from your Keychain, login to your developer account and choose your client's team.
You then create an enterprise certificate which will have to be approved by your client's team manager. Once that is done you will be able to download it and install it on your keychain.
After that generate a provisioning profile for the app you want to distribute, download and install it on Xcode.
Build your app with this certificate and save the IPA for enterprise distribution.

Related

About distribution certificate (with private key) in keychain

I understand that in iOS app development, for team collaboration, the leaving developer should export the distribution certificate from his keychain app because only his Macbook has the private key used as code signing identity. (Please correct me if I am wrong here.)
My questions are:
1. Am I right that the distribution provisioning profile for app store & the provisioning profile for ad-hoc distribution using the same code signing identity?
2. Am I right that if we lost the contact of leaving developer who has distributed the app to Apple Store, I can just delete the distribution certificate & corresponding distribution provisioning profile in Apple Developer account , and create a new distribution certificate & profile on my Macbook so that I have the new signing identity in my keychain, I don't need the leaving developer to export his, because the distribution certificate & profile is only used to distribute the app to Apple store or do ad-hoc distribution? Is there any harmful consequence I missed if do so?
For question 1
Yes, distribution certificate is used for uploading app to apple store. And development for running on device or sending build.
For question 2
Yes, you can simply revoke his certificate. And create new one. That way your previous developer certificate are not required. Moreover, he wont be able to use them anymore and you can create new one and keep your certificate on apple developer account clean.
Hope it clears your doubt.

Is it possible to install provison profile through shared access?

Another developer shared his app with my dev account. But in that case I do not get access to the provision profiles. But my Xcode does not want to run that app on my iPhone. Asks me provision profile.
He also sent me the provision profile(downloaded it and sent me file) but I cannot still install it.
How I can solve the problem without username/password credentials of the creator?
Yes, but you will need to have the developer send you the signing identity for the provisioning profile. This will consist of the iOS Developer Certificate (.cer) and the private key for the certificate (usually a .p12). With those things, you should be able to build and sign the app without the developer having to give you their Apple developer credentials.

iOS Certificates and Provisioning Profile

My client has a few apps in the app store that were submitted using a certain App Store profile which I have access to the account. We also have those apps installed Ad Hoc signed with the same Distribution Profile. Now I am taking care of one of this apps and I need to code sign to make a few changes and then submit it Ad Hoc for some testers. No one knows where the .developerprofile backup is. Can I revoke the existing certificate and recreate a new one without affecting the apps on the App Store. If I revoke, any other developer using this key pair will stop working, right? Any other problem I am not remembering. Can I revoke the certificate?
Thanks in advance.
Yes, you can safely revoke the developer and AdHoc distribution certificates without affecting any App Store apps. Be careful not to revoke any Push Notification certificates if your app uses push.
Generate a new certificate signing request on your machine and use that to generate the new certificates. Remember to edit the provisioning profiles after you create the new certificates, especially if you've added any additional devices to the provisioning list. Then download the new provisioning profiles and you should be good to go.
Any other developers (if they still have access) will be able to download the new profiles if they need them. If they also need to sign builds, they should generate their own keys/certificates as well for their developer certificates.

iOS ad hoc distribution with .p12 from customer

I have an app developed and working with our company's profile and distribution cert. I just recieved the .p12 from the company that we are going to be distributing to, and am trying to rebuild the app with their certificate. However, when I select 'Archive' I receive
"No unexpired provisioning profiles found that contain any of the keychains signing certificates"
I believe I'm missing something here, but google and I can't figure it out. Do I need a new profile with that certificate in it? If so how do I go about uploading the .p12?
Thankyou very much.
With the p12 you are enabling your computer to make releases for the outside company but what you need right now is the provisioning profile associated with that app (it will be specific if you have in app purchases or push notification otherwise it will be the default developer profile) and that .p12
Check out your keychain, distribution certificate has key. If not then install right certificate.

New iOS team member: no valid signing identity

This is getting frustrating. I have two identities, one old, one new, and the latter should be used to deploy iOS apps to the App Store.
I've created the new user, granted him admin access, then I created the app name and provisioning profiles. However, in the Organizer I see that the Dev provision works flawlessly, while the Deploy profile shows me the dreaded error:
Valid signing identity not found.
How can it be?
Well, I see that in the Certificates section in the iOS Provisioning Portal, there is only one distribution certificate, the one belonging to my company.
Is there a way to enable the new user to create apps without accessing the uberadmin's Xcode?
Thanks & Cheers!
You need the key that was used to create the Distribution Certificate for your company.
Remember when you created your developer certificate? Then you went to keychain -> certificate assistant -> Request a certificate from ...
When you did this, your Mac paired your certificate request to a key in your keychain. Once your developer certificate was processed and you downloaded it to your computer, it could be accessed by your computer through that key.
But if you did not create the Distribution Certificate that your company has, you don't have the key on your computer.
Take a look at your certificates in keychain:
Go to 'Certificates' and expand your developer certificate - it will have a little key with your name.
Now try to expand your distribution certificate - it will not have a key, right?
If this is the case, you have two options:
Ask the person who created the Distribution Certificate to export it from his keychain. This will create a file that includes both certificate and key.
Delete the current Distribution Certificate, and create a new Certificate Signing Request from your computer, which will connect it to a key that you have.
First method require access to "Uberadmins" computer. The second require admin access to your teams Apple account. There is usually no downside in using method 2, because creating a new certificate is necessary from time to time anyway. It will not affect already published apps, just coming releases and updates need to use a the latest certificate.
Once all this is done, you need to create a distribution provisioning profile for App Store and connect to the Distribution Certificate that you are going to use. (if you went with option 1, you might already have done this).
Download the profile to your computer, install it, and then in your app, select to build with this profile for distribution builds.
According to Apple's documentation:
A team’s distribution certificate allows a developer to build an app for distribution. If your team wants to use another Mac to create a distribution build, you need to transfer a copy of the distribution certificate as described in, “Safeguarding and Transferring Your Signing and Provisioning Assets” in Tools Workflow Guide for iOS. (from Managing a Distribution Certificate)
So, in order to have multiple users able to create & submit App Store builds, you must share a private key between them.
Create a new private key for the team, and then send that private key to everyone who needs it. Follow the instructions under Generating a Certificate Signing Request with Keychain Access.
See also: Any concern to share private key for distribution certificate among different group under a team account in itune provisioning portal

Resources