To generate the provisioning file for our app, go back where you created your certificate in Apple's panel, but this time select the App IDs option instead of certificates. Choose the Add App ID option and you will be asked to enter the name of the app. You will also be asked for the 'Explicit App ID' or bundle ID. AutoSave is a different feature which automatically saves your file as you work - just like if you save the file manually - so that you don't have to worry about saving on the go. On the Mac, AutoSave is available in Excel, Word, and PowerPoint for Microsoft 365 for Mac subscribers. When AutoSave is turned on AutoRecover files are rarely needed. Projects that are built for the Mac App Store will only use the gamepad API, id the connected controller is an official Apple 'Steel' series controller, so make sure your projects for the App Store can work with keyboard/mouse only as well as controller. Now you need to build the archive file by clicking the Create Executable button in the IDE. You will be prompted to choose a save location on your PC or Mac for the.
Download Your Free Copy ofThe Missing Manual
for Swift Development
The Guide I Wish I Had When I Started Out
Join 20,000+ Developers Learning About Swift Development
Download Your Free CopyEvery developer new to Cocoa and Swift development needs to become familiar with Apple's lingo and processes. In today's tutorial, I'd like to talk about App IDs and bundle identifiers. What is an App ID? What is a bundle ID? And what's the link between App IDs and bundle IDs?
Bundle Identifier
A bundle ID or bundle identifier uniquely identifies an application in Apple's ecosystem. This means that no two applications can have the same bundle identifier. To avoid conflicts, Apple encourages developers to use reverse domain name notation for choosing an application's bundle identifier.
Let's take Cocoacasts as an example. Every application I build for Cocoacasts has a bundle identifier that starts with com.cocoacasts, that is, the reverse of the Cocoacasts website. For my company, Code Foundry, I use bundle identifiers that start with be.codefoundry.
You don't need to own the domain you use for your application's bundle identifier. The domain is only used to ensure the bundle identifier is unique. For example, I could also use blog.cocoacasts for the applications I build for Cocoacasts even though I don't own cocoacasts.blog.
To create a unique bundle identifier, you append the name of the application to the reversed domain, for example, com.cocoacasts.scribbles. Remember that you choose the bundle identifier. Reverse domain name notation is what Apple recommends and it's a pattern most developers use.
The only requirement is that the bundle identifier is unique. Xcode warns you if you choose a bundle identifier that's already in use by another application. I strongly recommended that you use a bundle identifier that makes sense and that's why most developers stick to reverse domain name notation.
If you're building a suite of applications, then you can use the same approach. Take a look at the following example. The first bundle ID is used for the iOS client of Scribbles whereas the second bundle ID is used for the macOS client of Scribbles.
App ID
Developers often confuse App IDs with bundle IDs or, even worse, they think they're the same thing. An App ID represents one or more applications in Apple's system. It consists of two components, a Team ID and a bundle ID search string.
In this example, ABCDE12345 is the Team ID and com.cocoacasts.scribbles is the bundle ID search string. The Team ID and the bundle ID search string are separated by a period.
The Team ID is the component you don't need to worry about is. It's generated by Apple and prepended to the bundle ID search string.
What is a bundle ID search string? This question takes us back to bundle identifiers. It's possible to use one App ID for several applications. That's where explicit and wildcard App IDs come into play.
The bundle ID search string of an App ID can match a single application or, by including a wildcard, it can match multiple applications of the same development team. Let me show you an example of each App ID type.
Explicit App ID
As the name implies, an explicit App ID doesn't contain a wildcard. The bundle ID search string matches the bundle identifier of one application.
The Team ID, ABCDE12345, is generated by Apple for your development team. This isn't something you can or should change. The bundle ID search string, com.cocoacasts.scribbles, doesn't contain an asterisk. In other words, the bundle ID search string matches the bundle identifier of one application, the application with a bundle identifier of com.cocoacasts.scribbles. An explicit App ID can only be used for one application.
Wildcard App ID
A wildcard App ID is a bit different in that it can be used for one or more applications. The App ID can be used for every application with a bundle identifier that matches the App ID's bundle ID search string.
The above App ID can be used for several bundle identifiers. The asterisk or wildcard indicates that anything following com.cocoacasts. can be variable.
What Are App IDs For
You already know that a bundle identifier uniquely identifies an application in Apple's ecosystem. What is the purpose of an App ID? An App ID links one or more applications from a development team in Apple's system. Why is this important?
Whenever you want to enable a capability or application service for your application, you enable that capability for the App ID your application is linked to. This used to be tedious, requiring a visit to Apple's developer website. Xcode has evolved quite a bit over the years and it takes care of the details most of the time. Let me show you how this works.
App IDs and Capabilities
Setting Up the Project
Fire up Xcode and create a new project based on the Single View App template.
Name the project and set the Organization Identifier using reverse domain name notation. The organization identifier is used to create the first component of the application's bundle identifier. Project's name is appended to the organization identifier to create the bundle identifier. Don't worry. You can change this after setting up the project. For example, I prefer to keep the bundle identifier lowercased.
Once you've created the project, you can see the details of your application in the General tab of the target.
Keep in mind that you can't modify the bundle ID whenever you feel like. Once your application is pushed to Apple's App Store, it's no longer possible to change your application's bundle ID. Choose your bundle ID carefully.
Xcode also shows us the Team ID I mentioned earlier. Notice that you're unable to modify the Team ID. You shouldn't need to worry about this.
Enabling Capabilities
Let's say we want to enable iCloud for our application. For that to work, we need to inform Apple that our application needs the iCloud capability.
Years ago, this meant a visit to Apple's developer website, creating an App ID, and flipping a switch. This is no longer necessary. Open the Capabilities tab in Xcode and flip the switch of the iCloud section.
Xcode jumps into action, talks to Apple's developer portal on your behalf, and takes care of the necessary steps.
Xcode shows us what tasks it performed on your behalf. Take a look at the bottom of the iCloud section in the Capabilities tab.
Visiting Apple's Developer Website
Let's make sure everything is set up correctly on Apple's servers. Open a browser and visit Apple's developer website. Click Account and sign in with the Apple ID that's linked to your developer account.
On the left, select Certificates, IDs & Profiles.
From the menu on the left, choose App IDs and look for the App ID Xcode created for us. App IDs generated by Xcode start with the letters XC to indicate that Xcode created those on your behalf.
Click the App ID and inspect its configuration. It gives you an overview of the capabilities and applications services of the App ID in the development and production environments.
Notice that iCloud is enabled because we enabled this capability from within Xcode. Some capabilities and application services are enabled by default, such as Game Center and In-App Purchase.
Manual Configuration
You can manually configure an App ID through Apple's developer website, and that may be necessary from time to time. For example, you can only link SSL certificates to an App ID for push notifications through the developer website. This isn't possible from within Xcode at the time of writing.
Choose Wisely
It's important that you take a few moments when you choose the bundle ID of your application. Once your application is in the hands of users, you're unable to make changes to the bundle ID. While this isn't something users pay attention to, you don't want to have a bundle ID that makes no sense. Stick with Apple's guidelines and you should be fine.
Most companies include the company's name in the bundle identifier and that makes sense. But remember that the bundle identifier cannot be modified even if the application changes hands, for example, in the event of an acquisition.
If you're a freelance developer or you run an agency, make sure you don't include your name or that of your company in the bundle identifier. Discuss this with the client and make sure you choose a bundle identifier that makes sense for the project and the owner.
Download Your Free Copy ofThe Missing Manual
for Swift Development
The Guide I Wish I Had When I Started Out
Join 20,000+ Developers Learning About Swift Development
Download Your Free CopyEDIT:Please make sure at first that you are using an enterprise account and not a normal account before following any guidelines!
Provisioning an iOS app for in-house distributione is damn complicated. As my efforts to do so were eventually successful, I decided to prepare this comprehensive tutorial documenting my best practice approach for future reference.
You found the right tutorial if you want to be able installing an app on an arbitrary iOS device from Safari, without putting it on the App Store, without installing it via iTunes and without using the MDM approach (although for the MDM approach you should be able using the IPA and the manifest that are created in this tutorial). After performing the steps of this tutorial, you will just enter an URL in Safari on the iOS device, click a link on the site and an app automagically installs on your device.
Before you get started with enterprise provisioning, you need the following:
- You have to be (at least an admin) team member of the iOS Developer Enterprise Program. Which costs 299$ a year. The normal iOS Developer Program is NOT enough for this. Oh, and you have to apply for the enterprise program because Apple wants to be extra sure that customers can trust you and your company. And – AFAIK – the CEO has to sign the contract with Apple.
- You need a valid SSL certificate for the domain where you want to put the app. Otherwise your iOS device will not install the app from the site. Such a SSL certificate can also be fairly pricey.
The following presents the approach that worked with my setup. I used Xcode 5.1 and devices with iOS 7.1. I was also an admin member in an iOS Developer Program team. I found a lot of the settings performing the good old try and error approach. If you find something in the post that is wrong or you come up with a better solution, please post it in the comments!
To apply this post’s information, you need to have the following as a starting point:
- Your project in Xcode that you want to provision for enterprise distribution.
- An App ID for this project that you created in the iOS Developer Enterprise Program team. You will use that ID in the provisioning later on. If you have not already done so, create an appropriate App ID here. I will not go into detail on how to create the App ID.
In this post, we will create the following:
What Is App_id In Files Macbook Pro
- A distribution certificate. (Jump link to the explanation how to create the certificate.)
- A provisioning profile. (Jump link to the explanation how to create the profile.)
- An IPA file and a manifest plist file that we can deploy directly from the web on an iOS device. (Jump link to the explanation how to create the IPA and manifest files.)
Create the distribution certificate
For the enterprise provisioning, you need a distribution certificate (the distribution certificate is different from the development certificate!) with which you can sign your code. This certificate is only useful for creating an app for distribution. You cannot use it for development purposes in Xcode. With this certificate active, I started the app from Xcode on my iPad, the app started but the debugger could connect to the app.
How to get the distribution certificate: Navigate to the Certificates section of the iOS Dev Center. You need to be logged in to the Enterprise Dev Center! And you need to have at least an admin role. (More on roles in the dev center.) After clicking on ‘Production‘, you will see this (sensitive parts blackened):
In the image above all existing certificates are listed. If you have already created a distribution certificate here, you can reuse that. However, it is important that you have created the certificate with YOUR certificate signing request file. Otherwise you will not have the private key for this certificate in your Keychain and cannot use the certificate to sign your code. If you do not know if you created the certificate, you can download the certficate in question, double-click it and watch it in the Keychain Access application. If it has got a little arrow on the left side, then you have stored the private key on your Mac and can use the certificate for the provisioning. You expand the certificate by clicking on the arrow. It should look like this:
If the arrow is missing. You do not own the private key. Either you have stored the key on another Mac. Then you should be able to transfer it to the current Mac. Or you do not have the private key. In this case you cannot use this certificate for the provisioning. Instead, you can either try it with another certificate from the developer site or you create a new one with a certificate signing request file from your Mac.
Therefore, if you have not already done so, create your distribution certificate by clicking the plus button in the upper right. You will see (something hopefully slightly different from) this:
Push the radio button for ‘In-House and Ad Hoc’. I do not know why, but when creating the screenshots for this post, I could not click this button. Maybe the button was disabled because I have had already created such a distribution certificate. Anyway, you should be able to click this button.
In the next screen you see this:
This screen basically tells you how to create a CSR file that you need for the creation of the certificate. If you do not know whether you already have created such a file, I recommend entering ‘certSigningRequest’ in the Spotlight search on your Mac. If such a file turns up, you can most probably use it for the creation of the distribution certificate. If not, create one according to the manual.
After you have created the CSR file, head to the next site:
Choose your CSR file and click ‘Generate’.
Now your certificate has been created:
Download it and double-click it to install it in the Keychain.
What Is App_id In Files Mac Catalina
Create the provisioning profile
To create the distribution provisioning profile, head over to the ‘Distribution’ section of the ‘Provisioning Profiles’. Tap the big plus button on the upper right. Now you see this:
Choose ‘In House’ and click ‘Continue’. Choose the App ID that you have created for your app:
Click ‘Continue’. Now select the correct distribution certificate:
Click ‘Continue’. Finally, name your provisioning profile and click ‘Generate’.
Download the generated profile and doubleclick it to install it:
Create the IPA file and the manifest
Switch to Xcode to create the IPA file. Click the project name in the upper left. Select the project name in the targets in the center area. Select ‘General’ on the top. In ‘Team’, choose the name of the team of the iOS Developer Enterprise Program. (For this article’s purposes I have selected the team from my private account. Use the enterprise team instead!):
Click on the project name under ‘Project’ in the center area. Click ‘Build Settings’ on the top. In ‘Code Signing’ select your distribution certificate in all fields:
Back to the targets in the center area. Click on the project name under ‘Targets’. Click ‘Build Settings’ on the top. Choose the distribution certificate in Debug, Any iOS SDK, Release and Any iOS SDK. Under provisioning, choose the provisioning file that you have created:
Keep in mind that with these settings you cannot run the app from Xcode on you device anymore. These settings are for distribution only. (You can still click on ▶ and Xcode builds the project and tries to start the app on the device or the simulator. However, you will see an error message shortly afterwards.) Now, click on ‘Product’ -> ‘Archive’ in the menu bar. If ‘Archive’ is disabled, you have to choose a real iOS device in your run scheme in order to enable the ‘Archive’ menu entry. Run scheme means this:
Choosing ‘Archive’ will create an archive of the app. In order to be able to create an archive, you need to have the appropriate provisioning profile installed as explained above. After the archiving has been performed, Xcode shows the archive in the Organizer:
Click on ‘Distribute…’, and choose ‘Save for Enterprise or Ad Hoc Deployment’:
Choose the provisioning file that you have created in the drop-down menu in the next step:
In the next screen, tick ‘Save for Enterprise Distribution’. Some text fields will appear that allow you to enter information that will be included into an app manifest that will be created in parallel to the actual IPA file. This manifest is a plist file that you can edit with a text editor. So do not worry, you can change the information that you enter into the text fields later on. I filled the fields with the following information:
URL is the address of the IPA file where it will be accessible on the Internet. Beware: Although in the following of the process everything takes place under HTTPS, somehow the IPA URL had to use plain HTTP.
Now you have got two files, the IPA file and the plist manifest. Upload them to your server (most probably using FTP) to the folder that you specified in the manifest (in this example to ‘mydomain.com/apps’). Now create an html file into which you include the following html tag:
The link to the manifest HAS TO USE HTTPS! Put the html file next to the IPA and manifest file on your server.
Back to HTTPS/SSL: In order to be able to install the IPA file over the Internet, navigate to the html file using HTTPS. This is mandatory since iOS 7.1. As mentioned above, the manifest file has to be loaded via HTTPS also. Contrary to that and as mentioned above as well, in my experience, the IPA file has to be loaded using plain HTTP. Strange thing…
In order to allow the IPA installation, the HTTPS connection needs to be certified by an SSL certificate that is registered for your domain and signed by a trust center. As introduced, such certificates can be pricey. But if you coughed up the 299$ for the iOS Enterprise Developer Program, this will possibly be not an issue for you.
To install the IPA, enter the URL (starting with HTTPS) of the html file in Safari on your iOS device, tap the link and answer the installation dialogs appropriately.
If an error message comes up, the message will most certainly tell you next to nothing. To figure out what is wrong, hook up your iOS device to Xcode and go to the device in the Organizer and analyze the log messages:
In the example above, I tried to install an app from my domain johannesluderschmidt.de via HTTPS using a self-signed certificate. But after tapping the link, all I saw was an error message stating »Cannot connect to johannesluderschmidt.de«. After connecting my iPad to my Mac, I saw this message in the iPad’s console in Xcode: »NSErrorFailingURLStringKey=https://johannesluderschmidt.de/app/appName.plist, NSUnderlyingError=0x165c7f30 “The certificate for this server is invalid. You might be connecting to a server that is pretending to be “johannesluderschmidt.de” which could put your confidential information at risk.”« You see, while the message in Safari was quite meaningless, the information in the console was quite useful.
So that’s it. Fairly easy, isn’t it? It took me only one day and approx. a million stackoverflow articles to figure all this out 😉
So, I wish you good luck! Questions and remarks are welcome in the comments section below.