Code sign for iOS

In this article, you'll learn about how to code sign for iOS. You need to sign your app for iOS if you selected iOS as one of the platforms while creating and building your wrap project.

Important

Using Xcode to digitally sign your wrapped mobile apps for iOS is not supported. Follow the instructions below to sign your wrapped mobile app packages for iOS correctly.

Prerequisites

You need the following information to get started:

  • App ID
  • Device UDIDs (only for testing and development purpose)

You also need a macOS device to code sign for iOS.

Prepare your Mac

Set up your Mac with the following configuration.

  1. Install Xcode. More information: Xcode
  2. Install PowerShell for macOS. More information: Installing PowerShell on macOS
  3. Enroll in Apple Developer Program
  4. To distribute your apps within the organization, you need to sign up for Apple Enterprise Developer Program.

Create App ID

  1. Sign in to your developer account by going to https://developer.apple.com and selecting the Account tab.

    Account tab.

  2. Go to Certificates, IDs & Profiles > Identifiers.

  3. Select + to create a new identifier.

    Create new identifier.

  4. Select App IDs, and then select Continue.

    Register a new identifier.

  5. Select the type as App, and then select Continue.

  6. Register an App ID:

    Register an App ID.

    1. Description - Name of your app.
    2. Bundle ID - select Explicit Bundle ID.
    3. Enter the bundle ID that you used while creating the wrap project. More information: Bundle ID
    4. Enable the following capabilities:
      • Associated Domains
      • iCloud
      • NFC Tag Reading
      • Push Notifications
    5. Select Continue.
  7. Review, and register the App ID.

Create a distribution certificate

To create a distribution certificate, create a new certificate signing request first.

Create Certificate Signing Request (CSR)

  1. On your Mac, go to the Applications folder > Utilities > open Keychain Access.

  2. Select Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority.

    Request a certificate from a CA.

  3. Fill out the Certificate Information as explained below, and then select Continue.

    1. In the User Email Address field, enter your Apple ID email address to identify with this certificate.
    2. In the Common Name field, enter your name.
    3. In the Request group, select Saved to disk.
    4. Save the file to your Mac.

Create the distribution certificate

  1. Sign in to your developer account at https://developer.apple.com by selecting the Account tab.

  2. Go to Certificates, IDs & Profiles > Certificates.

    1. Select + to create a new certificate.

    2. Select App Store and Ad Hoc > Continue.

      Certificates, Identifiers & Profiles

      Note

      If you have an Enterprise Developer Account then you'll have the option to create an Enterprise Distribution certificate.

  3. Upload the Certificate Signing Request (CSR) file that was generated in the previous steps.

    Upload the certificate.

  4. Select Continue, and download the certificate to your Mac.

  5. Double-click the downloaded .cer file to install to Keychain Access.

  6. Take a note of the Name of the certificate (usually like iPhone Distribution: Name (Team ID)). This value is the code signing identity that needs to be provided for signing.

Add all the devices where the IPA needs to be installed

Note

This step is only necessary if you're distributing to app to external users. It's not required if the app is only for internal users.

  1. Sign in to your developer account at https://developer.apple.com by selecting the Account tab.

  2. Go to Certificates, IDs & Profiles > Devices.

  3. Select + to register one or more devices.

  4. Enter the Device Name and Device ID (UDID).

    Register a device.

  5. Select Save.

    Tip

    You can also register multiple devices together by uploading a list of UDID's.

Create an iOS Provisioning Profile

  1. Sign in to your developer account by going to https://developer.apple.com and selecting the Account tab.

  2. Go to Certificates, IDs & Profiles > Profiles.

  3. Select + to create a new profile.

  4. Select Ad Hoc > Continue.

    Ad Hoc.

    Note

    For production testing and development purpose, use App Store distribution method.

  5. Select App ID that you created earlier, and then select Continue.

    App ID.

  6. Select the certificate that you created earlier, and then select Continue.

    Select certificate.

  7. Select all the test devices where you want to install your app, and then select Continue.

    Add devices.

  8. Review and name the provisioning profile. Note down the name of the provisioning profile.

  9. Generate and download the profile to your Mac.

  10. Double-click to open the downloaded file (*.mobileprovision) to register it with Xcode.

Sign the iOS Archive

  1. Download and unzip the iOS-Archive.zip file from App Center. This creates a folder named after the Bundle ID. In the example below, the Bundle ID is com.single.wrap.

  2. If signing with enterprise certificate, open the file Distribution-exportOptions.plist with Xcode and change the value for the method field inside the file to enterprise.

Note

Enterprise signing is not supported with Key Vault signing.

  1. Open terminal, and change directory to the unzipped folder.

  2. Enter pwsh to start PowerShell in the terminal.

  3. Run ./SignAndGenerateIPA.ps1 with the values for the "CodeSigningIdentity" and "ProvisioningProfilePath" parameters.

    Note

    'CodeSigningIdentity' is the name of the certificate that was created at the Apple developer website. To look up the vaule for 'CodeSigningIdentity', right-click on the .mobileprovision file (this is the provisioning profile), then select More Info. Scroll down and select Preview. Your 'CodeSigningIdentity' value is stored in the Name field under Certificates in the .mobileprovision file.

    Tip

    'ProvisioningProfilePath' is the path to the provisioning profile file that you have downloaded from the Apple developer website in the previous step Create an iOS Provisioning Profile. For example, it could be located at /Users/username/Downloads/MyProvisioningProfile.mobileprovision on your computer.

    Run PowerShell script.

  4. When the script finishes, a .ipa file is created such as com.single.wrap.ipa.

    • If the command ./SignAndGenerateIPA.ps1 fails, then delete the unzipped folder and files because they might be corrupted. Unzip iOS-Archive.zip again before you try to sign again.

    IPA package.

  5. Install the .ipa file in the registered devices using the Finder app. You can also host it on a distribution service such as App Center. To distribute using Microsoft Intune, see Add an iOS/iPadOS line-of-business app to Microsoft Intune. To learn about giving an app access to the Intune app protection service, see Give your app access to the Intune app protection service.

See also