On my Mac, I have installed the required certificates and keys to develop and distribute my own personally developed iOS Apps via my own iOS Developers' License. However, my client would like me to use his License to distribute (Ad-Hoc) betas and eventually distribute the app to the app store.
Please can you tell me how I can install his developer license on my Mac without affecting my personal developer certificates and keys already installed on my Mac?
Furthermore, is this even possible?
Edit---
Sorry, I didn't mention; I don't want to have to revoke my client's pre-existing certificates on his developer account.
Contrary to one of the comments, you can't download the keys from Apple - they only exist on his computer. It is only the provisioning profiles that you can download from Apple. So if you don't want to have to revoke his existing distribution keys, he will need to export them from his computer.
He can do this by going into the Keychain Access -> My Certificates and looking for the entry called "iPhone Distribution: My Company Name". Then right-click on it and choose "Export ...".
He can then send you that file, which you can double-click to import into your own Keychain.
And it is fine to have multiple keys on your computer - it shouldn't affect your personal account.
Related
Might be a simple question but I'm struggling to get the IPA file for iOS devices. I've read that I need an account at Apple Developer Program. I don't want to publish the app to the App store. I've also read that I need to use Ad-Hoc to build the IPA file that I don't need to publish. Can someone maybe just clarify for me I'm a bit lost.
The apk builds and runs without a problem
I'm using Microsoft Visual Studio Enterprise 2019 Version 16.9.2
MacOS Big Sur Version 11.2.3 virtual Machine.
xCode Version 12.4
Thanks in advance
Certification
Certification of computer development
qualifications, each developer account has a set, divided into two
types:
Developer Certification
installed on the computer to provide permissions: the developer was able to test the app
on a real machine. A copy can be generated for
installation on multiple computers;
Distribution Certification
Distribution Certification is installed on the computer to provide the
permission to publish iOS programs: developers can make test versions
and release versions of programs. Copy is not allowed, only the
computer equipped with the certificate can be used; (the copy is
introduced in the Keychain below)
Provisioning Profile
Authorization file is the authorization for devices such as iPod
Touch, iPad, iPhone. What is recorded is the UDID of the device and the
App Id of the program. Only the authorized device can install or
debug the program corresponding to the Bundle identifier(App Id) and the App
Id recorded in the authorization file. Developer account will select
App Id when creating authorization file, (add in App Id under
developer account, single choice) and UDID (add up to 100 in Devices
under developer account, multiple choice).
There are two types of authorization files, corresponding to the corresponding certificates:
Developer Provisioning Profile (development authorization file)
Is used on a computer with a development certificate or a copy, and
the developer selects the authorization file to install the program to
the authorization file record through the computer In the device, then you
can test on the real machine. Note: Ensure that the computer has
permission to debug on the real machine, that is, install the
development certificate or copy; the Bundle identifier of the program
in the development tool must be the same as the App Id of the selected
authorization file; the UDID of the device connected and debugged is
in the selected authorization file There are records.
The Distribution Provisioning Profile (release authorization file)
Is used to make the test version and the release version of the
program on the computer with the distribution certificate (that is,
the computer with the configuration certificate, there is only one).
The release version is the program file published on the App Store.
When the developer account creates the authorization file, select the
store option and select the App Id without selecting the UDID; the
beta version is the program file that can be synced to the device by
the tester before the release. When the developer account creates the
authorization file, select AdHoc, select App Id and UDID; only the
device corresponding to the selected UDID can install the program made
by the authorization file.
The Keychain (development key)
Will generate a Keychain under the certificate when the certificate is
successfully installed. The certificate copy mentioned above is to
export the Keychain (that is, the .p12 file) through the computer that
configures the certificate and install it on other computers so that
other computers can get it. Permission corresponding to the
certificate. Developer Certification can make a copy of Keychain and
distribute it to other computers for installation so that it can be
tested on the real machine. Note: Distribution Certification can only
be used by the computer with the certificate. Therefore, even if the
exported Keychain is installed on other computers, other computers may
not have the authority of the certificate.
You need to have an Apple developer account for that.
We have a series of iOS Enterprise applications that were built with Telerik Cordova (discontinued in May 2018). Those apps are in the process of being converted to a new platform, but in the mean time they must continue to service client needs.
The distribution certificate the apps were built with is valid for another 14 months or so, but the provisioning profiles expire in a few days. Since these are Enterprise apps they will expire with the profiles.
Unfortunately, Telerik can no longer rebuild the apps using an updated profile for us. We have re-signed the apps using new provisioning profiles (using both iReSign and Terminal). When we try to side-load the resulting IPAs through the XCode Devices panel, we get an error stating that the entitlements do not match and the apps are not installed.
The question was raised as to whether or not we not need to re-sign the apps since the certificates are still valid. Perhaps it would be possible to just replace the .mobileprovision file on the device somehow? I gave it a try using iTunes Sync but I cannot confirm whether the file actually went to the device or not.
Question: Is it possible to just update the *.mobileprovision on the device without re-signing the app? If so, could someone please give me the steps or direct me to a link to perform the steps?
Alternate Question: Otherwise, any thoughts on how to resolve my Entitlements issue? The app only needs Push Notifications, but Game Center and In-App Purchases are also enabled. These are reflected in the App ID and provisioning profile, and the distribution certificate is of type Apple Push Services.
I should point out that I am not an admin on the Apple Developer portal for the project as I am an outside consultant, so my portal access is strictly read-only.
Thanks in advance for any direction provided!
If the applications were distributed to the devices by an MDM, then you can push a new provisioning profile to them using the MDM.
If the applications were installed over the air from a web server or directly using iTunes or Apple Configurator, then you need to replace the entire application package on the device. This requires the app to be re-signed, since the changed .mobileprovision file will change the package signature.
If you don't have the original, app ID with matching entitlements in the developer portal, then you will need to delete the existing application from the device before installing the new, re-signed application. You won't be able to do an in-place upgrade.
I have an app (adhoc dist.) and uploaded it to Diawi.
Now, I should add new UDIDs. After add them, do I need to recreate or rebuild the IPA and re-upload to Diawi?
Thanks in advance
An Ad-hoc IPA will only install on the devices listed in the embedded provisioning profile. If you want the app to be able to be installed on additional devices then yes, you need to provide an updated IPA with the updated profile.
Better yet, use TestFlight and avoid all of this hassle.
The answer to your query may be in two types of accounts
1) If you have an Enterprise Apple Account: No need to add tester UUDI to the account as the app can be released using Universal distribution binary which any device can install using OTA installation method.
2) If you have the developer account: your existing app will have no impact but yes for the new devices to install you have to regenerate the profile as the existing as on store account portal will get Invalid and needs to be updated for New IPA compilation. The old one will not work.
I would always recommend having an Enterprise account for a testing/building app company as Appstore Developer account is better for Distribution on Appstore or small scale company who rarely adds device ID for debugging and testing unless its standalone developer like scenario.
I have an iOS Enterprise Account, and I currently use HockeyApp for OTA app distribution. When I want to send an app to HockeyApp that utilizes this license, I make an in-house distribution profile for the app, archive it, and upload the file to HockeyApp, and it works fine. I am the agent of my team on the developer portal.
I want for other members of my team (including a Jenkins instance) to be able to sign applications with the same type of distribution profile that they can make. However, when someone tries to archive an app with the same distribution profile, they are unable to do so. Further, they are unable to apply for a distribution certificate unless they send me the .certSigningRequest file and I apply for it myself, then send it to them (I know this is incorrect but this seems like the only way to get them a certificate).
Basically, what do I need to do to enable another team member to archive an app for enterprise distribution?
Then you'll have to export your certificate and private key from Keychain Access and have others (including the Jenkins machine) import it into their keychain.
See: https://support.apple.com/kb/PH20122?locale=en_US
In years gone by we found that we could only have 1 distribution certificate per logged on user so we created as many accounts as was need, 3 in our case, 1 for each developer program and logged onto the mac using the required account.
So anytime an app was developed and need to be distributed in-house I would log onto the mac using the enterprise account and archive and distribute for in-house and sent the resulting .ipa file and the provisioning profile to the users.
I have now discovered I can have multiple distribution certificates on the mac and am trying to see if I can distribute via in-house logged on to the mac as me and use my own profile or the team profile that link to the enterprise developer program.
The app build ok and generates the ipa file and I can install using iTunes but I get a faded icon on the iphone and when tapped it says installing but never does?
So, my two part question is:
a) is it possible to distribute in-house using my enterprise linked account logged on as me and using my profile or team profile
b) I read you do not need to give the user the profile, but I have always done this as was the requirement when I first learned to do this?
Thanks
a) Yes. I have 10 or so certificates (dev & dist) on my computer for various clients. I keep them in separate keychains for peace of mind. When it comes to time distribute your in-house binary, you archive in Xcode then hit the Distribute… button in the Xcode organizer, choosing the correct Enterprise profile.
b) This is no longer necessary as the Distribute… step mentioned above embeds the profile in the app. Things are much easier than they used to be.
NB: I avoid wildcard provisioning profiles as they can cause heartache, even in simpler situations than yours (e.g. if Xcode chooses a wildcard Ad Hoc profile during Archive, then your entitlements may be wrong once you Distribute), so for this reason I recommend you always use explicit profiles.