Skip to main content
Version: Early Access

iOS Signing Requirements

To sign an iOS app using either the Admin Portal or signing package, you need:

  • An Apple Developer account from the Apple Developer Program.
  • distribution certificate (also referred to as a production certificate) that is paired with a private key and approved by Apple. The distribution certificate authenticates that the app comes from an Apple-trusted source (this is the signature). A distribution certificate is not specific to a particular app; you can use the same certificate to sign all your iOS apps.
  • distribution provisioning profile, which authorizes devices to use the app. The provisioning profile is the file actually used to sign the app. It includes a name, a distribution certificate, and an app ID. The provisioning profile should use an unique app ID associated with a particular application.

The following diagram illustrates the main task flow for creating these components and signing iOS apps.

image

note

To sign iOS apps with the signing package, you must have a computer running at least macOS 10.7 or Linux.

info

Apple has announced a more secure code signature format for iOS apps starting in iOS 14.2 beta 2. If you have any apps built prior to macOS 10.14, we recommend that you rebuild them using Xcode running on macOS 10.14 or later. See this Apple Support article for more details. If you are unable to rebuild your apps, you can alternatively use the signing package on macOS 10.14 or later to re-sign the apps.

Apple Developer Programs

To create signing credentials for iOS apps, you need an Apple Developer account, which you get by enrolling in an Apple Developer Program.

For more information, see Apple Developer Program and Apple Developer Program Enrollment.

There are two types of developer programs.

  • Standard iOS Developer Program: This program is for individuals or companies who intend to develop free and fee-based iOS apps for distribution on the Apple App Store. A member of the standard iOS Developer Program can create a distribution provisioning profile (.mobileprovision filetype), but any app signed with that profile can be distributed to a maximum of 100 specific iOS devices only. The devices must be registered through the iOS Dev Center using their Apple Unique Device Identifier (UDID) as reference. This type of distribution is call Ad Hoc.
  • iOS Developer Enterprise Program: This program is for companies and organizations creating proprietary, in-house iOS applications for internal deployment. A member of the iOS Developer Enterprise Program can create a distribution provisioning profile which can be used to distribute an app to an infinite number of devices.
tip

Which One Should I Choose?

Digital.ai recommends that your organization enrolls in the iOS Developer Enterprise Program in order to distribute your apps to an unlimited number of users.

info

To use push notifications with an iOS App Catalog, you also need a production push SSL certificate. This is not required for signing, but it is part of the Apple Developer Program. For more information, see Manage SSL Certificates for Push Notifications.

Back to Top

Requirements for Signing with the Admin Portal

To sign an app using the Portal, you need the following items:

  • A distribution certificate (paired with a private key) exported to a .p12 file. This is a distribution certificate that has been exported, along with its associated private key, from a Login keychain to PKCS (Personal Information Exchange File) #12 format. If a password was defined during the export, you will need to provide that password either when storing signing credentials or when providing one-time credentials.

  • A distribution provisioning profile stored as a file with a .mobileprovision extension.

    • For instructions on creating a distrib(Manage-Distribution-Provisioning-Profiles_10403643607.md#ManageDistribution provisioning profile, see [Create a Distribution Provisioning Profile]utionProvisioningProfiles-CreateaDistributionProvisioningProfile).

    • If a profile is expired or about to expire, see Renew a Distribution Provisioning Profile.

    • If you already created the profile but need to download it, see Download a Distribution Provisioning Profile.

    • If you are signing an app that includes extensions, you may need multiple distribution provisioning profiles. For more information, see App Extensions and Entitlements.

Back to Top

Requirements for Using the Signing Package

To sign an app using the signing package, you need the following items:

  • An Apple Worldwide Developer Relations Certificate (paired with a private key) installed in your Login Keychain. This is an intermediate signing certificate provided by Apple. If you do not have this certificate and its associated private key, you can download it from Apple PKI. Once it's on your computer, double-click it in your Downloads folder to install it in your Login Keychain under the Certificates Category.* *

  • A Team Agent or Team Admin role for the Apple Developer account. If you were the person who enrolled in the iOS Developer program, than you are the Team Agent. If someone else enrolled, that person may have invited you to the team as either a Team Admin or a Team Member. For information on team membership, see the iOS Developer Library. To access the iOS Developer Library, you must sign in using the Apple ID and password for your Apple Developer account.

  • A distribution certificate (paired with a private key) installed in your Login Keychain. Unlike with Digital.ai App Management signing, you do not need to export the distribution certificate to a .p12 file to use it with the signing script.

  • A distribution provisioning profile stored as a file with a .mobileprovision extension.

Back to Top

Last updated on