A Couple of Questions Regarding Certificates and Siging

Hello All,

I am trying to do my research, but wanted to ask for confirmation and clarification on a couple of points.

We are currently developing and app for a client, we would like to distribute the ipa to them via our own site, rather than running through the app store upload. It's not going to be a public facing app.

We used to have access to the Enterprise side of things, but this was removed when Apple added the minmum employees restriction.

  • I'm assuming that we would need to use the Developer ID Application certificate?

  • But I was also wondering if more than one person can have this certificate on their machines to create builds?

I appreciate that these may be obvious to some, but I'm fairly new to signing apps etc.

Thanks for your help.

Apple has changed the certificates over the years, the current ones are "Developer ID Application" and "Developer ID Installer" - you shouldn't need "Installer" unless you must run an installer specifically. (Sorry I don't recognize the "ipa" acronym, if that has relevance, or if it's just a typo from "app").

To answer your second question: yes, more than one person can have the Developer ID certificate on their machine to have multiple "build machines."

The initial generation/download of the certificate must come from (I believe) the Team Agent (not an Admin), and there are special "private keys" that you need to make sure you receive as well.

It's been a while since we've done that, but the process is something like Team Agent at developer.apple.com creates the certificate and downloads/installs it, then "exports" it from Keychain Access, and the next developer imports it to their Keychain Access app.

I don't recognize the "ipa" acronym

An .ipa file is the app packaging format used by iOS apps [1] [2], suggesting that RobF17 is targeting iOS, not macOS.

I'm assuming that we would need to use the Developer ID Application certificate?

Probably not. Developer ID is only relevant on macOS.

So, just to be 100% clear, what platform is this app for?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] And for all our other platforms, which are essentially ‘children’ of iOS.

[2] It’s basically a zip archive with a different extension.

Thank you for both your responsese, greatly appreciated.

@DTS Engineer, the app we're developing is for the iPadOS, running on iPad Pros.

Thanks for confirming that.

So, yeah, Developer ID isn’t relevant on iOS and its children.

The rough equivalent for iOS is Enterprise distribution. It sounds like that’s not an option for you but, even if it were, I’m not sure it’d make sense. Enterprise distribution is intended to be used by an organisation to distribute apps to its own users, not as a mechanism for organisation A to distribute apps to organisation B.

Is your client member of the Enterprise programme? If so, you could ship them an Xcode archive (.xcarchive) which they’d then sign and upload to their internal site.

If not, it’s easiest to just go through the App Store. You wrote:

It's not going to be a public facing app.

That’s fine. App Store has a mechanism whereby you can denote an app as only being available to certain users. Now what is that called…

Oh, here we go…

Distributing Custom Apps

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

@DTS Engineer,

Thank you for the confirmation and link, does this mean that both us and our client would need to be members of the Apple Business Manager?

@DTS Engineer

One other question, we are assuming that if we went through the app store process, even though it's not a public facing app, we would still need to go through the app store verification stage?

A Couple of Questions Regarding Certificates and Siging
 
 
Q