Sign in Subscribe
2 min read Newsletter

Re-signing an Enterprise iOS app

If you have an in-house app that you’ve distributed across your organisation as part of the iOS Enterprise program, you may find that the app stops working or installing.

This is likely because your provisioning profile and/or certificate has expired.

If you look at the console (in Xcode, Devices), you’ll see something like:

Apr 26 15:05:58 iPad amfid[3086] <Error>:  SecTrustEvaluate  [leaf IssuerCommonName SubjectCommonName]
Apr 26 15:05:58 iPad amfid[3086] <Error>: /private/var/mobile/Containers/Bundle/Application/256F1EAD-8F72-49CA-AC96-A50CD52F788A/MyApp.app/MyApp not valid: 0xe8008015: A valid provisioning profile for this executable was not found.
Apr 26 15:05:58 iPad com.apple.xpc.launchd[1] (UIKitApplication:nz.arun.MyApp[0xba97][3105]) <Notice>: Service exited due to signal: Killed: 9

The error message tells the truth: the provisioning profile is not valid. You will need a new one.

Go to the iOS portal, and renew your provisioning profile. You might have lost your certificate, too. You can request a new one (a separate process). If you’ve changed certificates, then don’t renew the profile. “Edit” it, and choose the new certificate. You’ll then have a new provisioning profile that works with your new certificate.

Now to re-sign the application. You can do this without the original source. Just grab the previously published .ipa file.

Before you start, you’ll need to create a new Entitlements.plist file. This used to be required in the old days. I think Xcode takes care of it for you now. But for this manual re-sign process, you’ll have to do it yourself. It should look something like this (using the App ID that’s in your provisioning profile):

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>application-identifier</key>
<string>ABCDE12345.nz.arun.MyApp</string>
<key>get-task-allow</key>
<false/>
</dict>
</plist>

Then you need to unzip the .ipa, delete the old signature, copy over the new provisioning profile, sign the app again, and re-zip it:

unzip MyApp.ipa
rm -rf Payload/MyApp.app/_CodeSignature/
cp ~/Downloads/MyApp.mobileprovision Payload/MyApp.app/embedded.mobileprovision 
codesign -f -s "iPhone Distribution: My Enterprise Ltd" --entitlements entitlements.plist Payload/MyApp.app 
zip -qr MyAppResigned.ipa Payload/

Then you can put that .ipa where the old one was, and you’re good to go again.

Published by:

Arun Stephens

You might also like...

Mar
25
Credit where credit's due - but what about the developers?

Credit where credit's due - but what about the developers?

My team, along with a couple of other teams, recently released a new feature at work. This is a cause
2 min read
Jan
26
Viral times at Hang Five

Viral times at Hang Five

It's been a busy week at Hang Five. I've written about this a little in the
3 min read
Nov
14
Some stats about Hang Five

Some stats about Hang Five

I thought I'd quickly share some stats about Hang Five. We are now at game #100. It'
1 min read
Aug
28
Introducing Hang Five, your new favourite word game

Introducing Hang Five, your new favourite word game

My wife Amy and I recently went to Indonesia on a trip around Bali, Flores and Lombok. Amy bought a
1 min read
Jul
05
Will Meta's Threads be successful?

Will Meta's Threads be successful?

📅They seem to have brought the launch forward. It's now saying Thursday 11am NZT! On Friday at 2am
2 min read

Member discussion