There’s been a feedback report (47975) for several years asking for the ability to use enterprise code signing certificates for building our Xojo iOS applications. So far nothing from Xojo but there is a way to create enterprise code signed iOS app for Xojo – it just takes some extra work.
Here are my steps to building an iOS enterprise app:
- Build your app in Xojo with the Build for App Store switch turned off.
- Build the built app into a folder named “Payload”
- Compress that folder. Change the name from Payload.zip to “yourappname.ipa”.
- In your favorite text editor paste the following code. Replace App_ID_Prefix and App_ID with the valid information for your app from the Apple Developer website:
<?xml version=”1.0″ encoding=”UTF-8″?>
<!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd”>
<plist version=”1.0″>
<dict>
<key>application-identifier</key>
<string>App_ID_Prefix.App_ID</string>
<key>keychain-access-groups</key>
<array>
<string>App_ID_Prefix.App_ID</string>
</array>
</dict>
</plist>
- Save this file as Entitlements.plist
- Go to the Apple developer website and download your enterprise developer provisioning profile.
- Download iReSign project from https://github.com/maciekish/iReSign (see note below)
- Run the ReSign app
- Drag unsigned .ipa file to the top box, or use the brown button.
- Drag your mobileprovision file you downloaded from Apple to the second box, or use the browse button.
- Drag your Entitlements.plist file you created earlier into the 3rd box, or use the browse button.
- Select your name from Keychain Access List. For example it might be, “iPhone Developer: Firstname Lastanme (XXXXXXX) from the dropdown.
- Click ReSign! and with. The resigned filed will be in the same folder as the original with (Resigned) in the name.
- Voila! Move that resigned file into the appropriate place and remove the Resigned so it’s back to the yourappname.ipa” name.
- Now you can deploy your enterprise code signed app to any iOS device.
Each iOS device may have to trust the certificate. Go to Settings -> General -> Device Management.
For it to work properly in MacOS Sierra (and above) I had to recompile the ReSign app in Xcode (no code changes).
It seems like a lot of steps but once you get it working it’s not hard after that. One thing we learned the hard way is that enterprise certificates expire in a year so plan renewing the certificate and getting a new version out before it expires.
Hopefully someone will find this useful.
[Update]: My iOS Build settings for Team are set to “None”