A Couple of Questions Regarding Certificates and Siging

Apple has changed the certificates over the years, the current ones are "Developer ID Application" and "Developer ID Installer" - you shouldn't need "Installer" unless you must run an installer specifically. (Sorry I don't recognize the "ipa" acronym, if that has relevance, or if it's just a typo from "app").

To answer your second question: yes, more than one person can have the Developer ID certificate on their machine to have multiple "build machines."

The initial generation/download of the certificate must come from (I believe) the Team Agent (not an Admin), and there are special "private keys" that you need to make sure you receive as well.

It's been a while since we've done that, but the process is something like Team Agent at developer.apple.com creates the certificate and downloads/installs it, then "exports" it from Keychain Access, and the next developer imports it to their Keychain Access app.

I don't recognize the "ipa" acronym

An .ipa file is the app packaging format used by iOS apps [1] [2], suggesting that RobF17 is targeting iOS, not macOS.

I'm assuming that we would need to use the Developer ID Application certificate?

Probably not. Developer ID is only relevant on macOS.

So, just to be 100% clear, what platform is this app for?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] And for all our other platforms, which are essentially ‘children’ of iOS.

[2] It’s basically a zip archive with a different extension.

Thank you for both your responsese, greatly appreciated.

@DTS Engineer, the app we're developing is for the iPadOS, running on iPad Pros.

Thanks for confirming that.

So, yeah, Developer ID isn’t relevant on iOS and its children.

The rough equivalent for iOS is Enterprise distribution. It sounds like that’s not an option for you but, even if it were, I’m not sure it’d make sense. Enterprise distribution is intended to be used by an organisation to distribute apps to its own users, not as a mechanism for organisation A to distribute apps to organisation B.

Is your client member of the Enterprise programme? If so, you could ship them an Xcode archive (.xcarchive) which they’d then sign and upload to their internal site.

If not, it’s easiest to just go through the App Store. You wrote:

It's not going to be a public facing app.

That’s fine. App Store has a mechanism whereby you can denote an app as only being available to certain users. Now what is that called…

Oh, here we go…

Distributing Custom Apps

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

@DTS Engineer,

Thank you for the confirmation and link, does this mean that both us and our client would need to be members of the Apple Business Manager?

@DTS Engineer

One other question, we are assuming that if we went through the app store process, even though it's not a public facing app, we would still need to go through the app store verification stage?