Apple Provisioning and Signing

Discussion in 'iOS Programming' started by patent10021, Jul 30, 2018.

  1. patent10021, Jul 30, 2018
    Last edited: Jul 30, 2018

    patent10021 macrumors 68030

    patent10021

    Joined:
    Apr 23, 2004
    #1
    It's my first time contributing code to an app that has two platforms iSO/watchOS in the project using APNs.

    I am developing a watchOS app with APNs and will be adding it to the iOS project that also has APNs. I have forked and cloned the iOS project but need to fix the project provisioning areas before I continue.
    https://i.stack.imgur.com/X6O4v.png

    Also these are in the iOS project. A development cert and an APNs cert but the APNs cert seems to be missing. Either way I cannot use these anyway right?
    https://i.imgur.com/DMd5mvT.png

    They shared their .p12 file so I can create the appropriate certificates and add them to my project when I'm ready.

    Is this correct? On my machine:
    iOS
    I need an iOS App Development certificate because I am developing with an iOS project.
    I don't need a Production APNs sandbox certificate for iOS because it's already live?? It looks like they had an APNs cert but now it's red and isn't found by the project.

    watchOS
    I need both of the Development and Product APNs SSL sandbox certificates plus I also need the WatchKit Services Certificate right?

    Apple Certs
    https://i.imgur.com/JEhOHi4.png
     
  2. PhoneyDeveloper macrumors 68040

    PhoneyDeveloper

    Joined:
    Sep 2, 2008
    #2
    In general these days you just need to set code signing to automatic. You need to login to the dev portal through Xcode and then it will make all the signing certs that you need. If you can't login to the dev portal then you need to use manual signing, which might be how your project is setup.

    The push certs are separate. You make them manually in the dev portal and then they get uploaded to your server. Entitlements aren't the certs. They just state what properties your app supports, like push. The red in Xcode says they're missing for some reason.

    Dunno about watch apps.
     
  3. patent10021, Jul 30, 2018
    Last edited: Jul 30, 2018

    patent10021 thread starter macrumors 68030

    patent10021

    Joined:
    Apr 23, 2004
    #3
    Exactly, but this project isn't mine and there are two options a company will give you. They will give you their Apple ID login for Xcode or send you their p12. The latter is how we're doing it. I have the p12. I'm assuming it's best for security. You don't want everyone having your login. Or is it normal for companies to hand out logins to contracted remote devs?

    Should I ask them for it? If I get their Apple ID I just add it to Xcode Accounts and then everything would be automatic??

    If you take a look at this screenshot there are 3 provisioning profiles. https://i.stack.imgur.com/X6O4v.png
    If I have their login this will be automatic?


    ----
    Anyway, I have the p12. In the likely case I have to do this manually I want to know which certificates I will need. I already know I will need probably 3 watchOS certificates.

    watchOS
    Development APNs SSL sandbox
    Product APNs SSL sandbox
    WatchKit Services

    For iOS should I go ahead and just create and add:
    iOS App Development - needed for my machine/Xcode
    Development APNs SSL sandbox
    Production APNs SSL sandbox
    - I'm assuming me creating this will not interfere with theirs since I am using their p12?

    Lastly, this is 6 certificates. What do I do with them afterwards? lol. All I'm trying to do is get Xcode to recognize my provisioning profile.

    EDIT: Good news. I received their AppleID.

    So does this mean EVERYTHING will be automatic? I don't have to do a single thing? But I would still like to know what I would need to do manually.
     
  4. PhoneyDeveloper macrumors 68040

    PhoneyDeveloper

    Joined:
    Sep 2, 2008
    #4
    Your screenshot looked like it was setup manually. If it's an individual account then you just get their login and you use that. For a business account you would be added as a team member with your appleId and login that way. As I said, automatic takes care of the signing certs. It will create them and download them for you. The APNS certs are not in the project. Just the entitlement files are in the project and they're text or plist files (I forget) that are added to the project.

    For manual signing you need to add the certs to your keychain. Double click the p12 file and it will be added. Then select the provisioning profile in your project and Xcode should do the rest.
     
  5. patent10021, Jul 30, 2018
    Last edited: Jul 31, 2018

    patent10021 thread starter macrumors 68030

    patent10021

    Joined:
    Apr 23, 2004
    #5
    I think because this merchant has been a round for years it was using old Xcode singing options so it was essentially manual. But now that there is a button for automatic signing I clicked it and selected their team and everything updated accordingly. Thanks for the help. p.s. All those red entitlements also self-updated and appear in the project as they should.

    Next question.

    I will need these 3 watchOS certs.
    Development APNs SSL sandbox
    Product APNs SSL sandbox
    WatchKit Services


    I will simply go to the Developer Portal using their teamID and start the certificate creation process.

    They shared their p12 but I cannot use that p12 because there is not a watchOS app ID associated with it right? I have to add the watch target first using their teamID, give that target an app ID then generate a new p12 yea? When I generate the certificates it doesn't matter that I will be using my own Keychain Access app? I guess the app is just a tool. It's using the info from whatever I've downloaded form Apple.
     
  6. PhoneyDeveloper macrumors 68040

    PhoneyDeveloper

    Joined:
    Sep 2, 2008
    #6
    Happy days.

    I haven't done a watch app so I'm not sure about the certs. In an iOS app the certs go on the server, not in the app. I assume your certs will have to match the bundleId. I use a mac app called NWPusher (get it on GitHub) that sends push notifications to your chosen target with a button click. Was very helpful during my development.
     
  7. patent10021 thread starter macrumors 68030

    patent10021

    Joined:
    Apr 23, 2004
    #7
    We have our own server of course so I guess after I generate the certs I have to send them to the team so they can put them on the server? Should they be creating these 3 certs or is that my responsibility if I'm the one adding the new watch target?

    I've used the Pusher app but not NWPusher.

    Important questions:
    Since the watch app is just in development BUT I need to actually run the app on two devices to test watchOS message notifications and chat messages etc do I need to be creating APNs certs? Or do you recommend just using Pusher app /NWPusher?

    Also since I need two devices for sending chat messages I will install the iOS/watchOS apps on my second phone and second watch. All I have to do is connect my second devices to Xcode and install?

    I'm am confused about one aspect. The real app installed via App store and the app installed via Xcode will actually be two different apps with the same name? So what happens to all the millions of users that exist in the real app?
     
  8. PhoneyDeveloper macrumors 68040

    PhoneyDeveloper

    Joined:
    Sep 2, 2008
    #8
    Who puts the certs on your server is a team question. In my case I'm an admin on the App Store account so I build the certs and hand them to the server guys who install them.

    NWPusher required the cert and a device token to send the push notification so you need to build the certs for push to do anything. FWIW we don't bother with the sandbox certs. We just use the production certs. We have dev/prod servers so my dev app talks to the dev server but the dev server uses the prod APNS cert to send notifications.

    Not sure about your last question. The app is the same whether from the app store or from a developer. However, as I mentioned it's common to have a test server. Probably your test app will connect to the test server and there will be test users, test data, etc.
     
  9. patent10021, Aug 1, 2018
    Last edited: Aug 1, 2018

    patent10021 thread starter macrumors 68030

    patent10021

    Joined:
    Apr 23, 2004
    #9
    You said you don't use sandbox certs but it seems that's the default anyway no? How would I even select a non sandbox cert? There's no vanilla Production cert listed. https://imgur.com/JEhOHi4

    You mean don't bother with the watchOS Developer APNs SSL cert? Just use the watchOS Production APNS SSL cert?

    You mean a test app that is being tested via something like TestFlight? How do you create a "test" only app?
     
  10. PhoneyDeveloper macrumors 68040

    PhoneyDeveloper

    Joined:
    Sep 2, 2008
    #10
    In your screenshot the top is Development and below it is production. " Just use the watchOS Production APNS SSL cert?" Yes, that's what I mean. But it's up to you and your team. There just seemed to be fewer moving parts and fewer variables using the Production APNS cert only. The guys that have permissions to update the server don't know much about the certs so it's also simpler for them if they only have one cert.

    By test app I mean an app that connects to your test/dev server. It will have the same code as your release app just somewhere it has a different server name that it's connecting to. I distribute apps like this with TestFlight.
     

Share This Page