Anyone familiar with iOS Enterprise deployment able to answer a few questions for me?

Discussion in 'iOS Programming' started by chrono1081, Feb 21, 2014.

  1. chrono1081 macrumors 604

    chrono1081

    Joined:
    Jan 26, 2008
    Location:
    Isla Nublar
    #1
    Hi guys,

    I'm trying to prepare an app for enterprise deployment and I'm running into some issues because the only documentation I'm finding either doesn't give a step by step process (Apple's docs), or the problems I'm having have no recent solutions for the newest versions of the developer portal and XCode 5.

    Here is the situation:

    I have an Enterprise account, and I have an in house app I need to deploy on an unknown number of devices through Air Watch. I cannot change this and use Testflight or any other type of solution, it has to be Air Watch.

    I also need to be able to install this app without having to register UDIDs. From my understanding I should be able to do this with an enterprise account and building the app -> clicking on Archive -> Saving for Enterprise and AdHoc distribution -> and checking "Save for Enterprise Distribution" -> and filling out the URL* and app name.

    The problem I'm facing is the provisioning profile never gets bundled with the app. When I check the .ipa file using Apple Configurator it says a valid provisioning profile cannot be found.

    In my developer portal I have both a development and distribution profile and I can see them both in keychain. I also select the development profile for debug and the distribution file for release before I archive. Is there a special way of bundling the provisioning profile with the .ipa?

    Airwatch has been useless. I sent them an email explaining their documents are out of date and the options they show no longer exist and they sent me back an older version of the same document. (Go Airwatch :rolleyes:).

    *I'm not really sure what goes in URL because Apples site says its a server where your provisioning profile is stored but we're not doing it that way, the profile has to be bundled with the .ipa for Airwatch from what I was told. I tried using the com.blahblah.Appname but that didn't help.
     
  2. xStep macrumors 68000

    Joined:
    Jan 28, 2003
    Location:
    Less lost in L.A.
    #2
    Perhaps this will give you some onsite...

    First you need an app identifier setup on the Apple portal. You do that in the Certificates, Identifiers & Profiles section. You'd give it a name and an id that would look something like com.yourcompany.AppName which you'd then setup in your Xcode target. You'd set the Bundle Identifier to that id.

    You then need to set up a distribution provisioning profile in the same area on the Apple site. It will have a name, be associated withe the id mentioned above, have a type and describe what services you'll be able to use. I haven't personally done this setup for enterprise.

    Oh, you also need a production certificate setup. That goes under Release in Code Signing in the Build Settings in your project. The one I'm seeing here has a name for the company and a type of "iOS Distribution". Again, I haven't set this up as that access is limited to others.

    Once I have those assets in my project, I do a Project --> Archive. That action seems to choose the "Release" option of the Code Signing. From the archive I choose Distribute, select "Save for Enterprise or Ad-Hoc Deployment". When the Code Signing screen appears, I choose the production certificate setup above. I do not choose "Save for Enterprise Distribution". I then pass the ipa file on to those who maintain our mobile management software. I also have been known to pass the ipa file to testers who can install on their devices via iTunes. All the certs are in place so this works fine.
     
  3. chrono1081 thread starter macrumors 604

    chrono1081

    Joined:
    Jan 26, 2008
    Location:
    Isla Nublar
    #3
    Thanks so much for the post :)

    Unfortunately I still get that stupid code sign error :/ Apple's code signing is the most frustrating thing in existence. It's not horrible anymore if Xcode can manage the profile but that doesn't seem to be an option for deploying it to Air Watch :/
     
  4. xStep macrumors 68000

    Joined:
    Jan 28, 2003
    Location:
    Less lost in L.A.
    #4
    The code sign error has nothing to do with Air Watch. It is your setup. I'm not sure I can explain it better and I can't come to Isla Nublar. ;)

    I'm wondering if you are using a non-production cert. It has to be the right one setup for your target to allow distribution the way you want.

    Perhaps this Apple document will lead the way.

    Good luck figuring it out.
     
  5. chrono1081 thread starter macrumors 604

    chrono1081

    Joined:
    Jan 26, 2008
    Location:
    Isla Nublar
    #5
    Thanks so much for the help. The cert I'm using says for Distribution (it's the only one in there).

    I read through the Apple doc but unfortunately it just isn't clear enough :/

    I'm starting to think despite what co-workers are saying that it is not possible to bundle the cert with the app for distribution without registering a UDID. (I can even see the cert in the package and it's the correct one).

    Anyway thanks again for your help :)
     
  6. DennisBlah macrumors 6502

    DennisBlah

    Joined:
    Dec 5, 2013
    Location:
    The Netherlands
    #6
    Hi chrono,

    I'm not sure if this what I know is gonna be of any help.
    But over here in Netherlands, I'm developing few apps for the company, also using an enterprise developer account.

    For distribution we use the Inhouse profile with configurator.
    Just setup an profile and include the Inhouse profile, which u can download from developer.apple.com.

    For the code signing you are proberbly already using an wildcard.
    For example. com.mycompany.*

    Your project bundle identifier must be something like
    com.mycompany.<my app name>

    you just sign the code with your own developer certificate. And just like you already do, just archive to .ipa and you must be able to put it on any device you want using the inhouse profile.

    So you are not gonna put your developer or distribution certificate inside your ipa, you must never do this!
     
  7. chrono1081 thread starter macrumors 604

    chrono1081

    Joined:
    Jan 26, 2008
    Location:
    Isla Nublar
    #7
    Thanks so much!

    I think I found what the issue is though, it appears that whoever signed up for the developer program signed up for the wrong account.

    I always thought it was Enterprise since when logging into the portal I saw "Company/Organization" (which was the first thing I checked) but apparently the Company/Organization is a separate $99 program used to let companies sell apps on the app store (which explains why I was seeing iTunes connect options).

    It's supposed to be Enterprise for in-house apps only so someone goofed somewhere.
     
  8. DennisBlah macrumors 6502

    DennisBlah

    Joined:
    Dec 5, 2013
    Location:
    The Netherlands
    #8
    Ehm basicly you have an 'developer team' on the main enterprise account. From in there you can 'invite' people to join your team. These accounts will get an own developer certificate etc. But you need to approve the requests for certificates and profiles (which xcode will do for you) from in the main account.

    We are using the enterprise distribution, because we are having thousands of devices which we are running our own test apps on.

    Its true that the normal account of 99$ can submit to the appstore, but you can only put 100 devices in developer mode each year. And without an inhouse distribution the normal account wasnt the right option for us.

    At the moment I'm looking how to assign an SSL certificate to our web, so we can distribute through the web aswell :)

    I hope it helped you a bit, cus its been an big pain in the a... for getting it to work properly, and any contact with Apple didnt helped us out directly lol :p

    cheers!
     
  9. chrono1081 thread starter macrumors 604

    chrono1081

    Joined:
    Jan 26, 2008
    Location:
    Isla Nublar
    #9
    Yea I agree the whole code signing thing is a sucky nightmare. It's horrible to get it working right. I seriously have no idea how some developers think its great.
     
  10. DennisBlah macrumors 6502

    DennisBlah

    Joined:
    Dec 5, 2013
    Location:
    The Netherlands
    #10
    It's working fine like it should be, only thing is...
    When I'm at home and sign in on xcode, I have to get my certificate to be revoked and requested again cause I'm on an other machine... Thats just plain .. stupid :-/
     
  11. firewood macrumors 604

    Joined:
    Jul 29, 2003
    Location:
    Silicon Valley
    #11
    Just copy both the certificate and its private key from one Mac to the other, then you won't have to revoke and recreate it to use both Macs.
     
  12. DennisBlah macrumors 6502

    DennisBlah

    Joined:
    Dec 5, 2013
    Location:
    The Netherlands
    #12
    Are you for real!? To be honest I havent tried this yet, manually setting up the certificates. I will try it soon! thanks!
     

Share This Page