Page tree
Skip to end of metadata
Go to start of metadata

This page answers frequently asked questions about signing native iOS, Android, and Windows Phone applications so they can be distributed to mobile device users through the EASE App Catalog. If your question is not listed here, try entering a keyword in the search box at the top right to search other pages.

What is signing?

Signing (also known as code signing) uses a digital certificate and private key to seal an app and identify its author. This process identifies an app as belonging to your organization and ensures that the app has not been modified since it was last signed. 

For more information about what signing is and why you must do it, see About Signing.  

What do I need in order to sign apps through the EASE Portal?

The requirements for signing apps are different for iOS, Android, and Windows Phone. Once you have created the appropriate credentials, you can either store them on your computer or store them in EASE for easy access during signing.

For information on required signing credentials, see Signing Prerequisites.

How do I create signing credentials for iOS apps?

To sign an iOS app using either EASE or the signing package, you need:

  • An Apple Developer account from the Apple Developer Program.
  • distribution certificate (also referred to as a production certificate) that is paired with a private key and approved by Apple. The distribution certificate authenticates that the app comes from an Apple-trusted source (this is the signature). A distribution certificate is not specific to a particular app; you can use the same certificate to sign all your iOS apps.
  • distribution provisioning profile, which authorizes devices to use the app. The provisioning profile is the file actually used to sign the app. It includes a name, a distribution certificate, and an app ID. The provisioning profile should use an unique app ID associated with a particular application. 

To learn how to create iOS signing credentials, see iOS Signing Requirements.

How do I create signing credentials for Android apps?

To sign an Android app using either EASE or the signing package, you need:

  • A private key pair stored in a Java keystore (JKS).
    • To sign an Android app with EASE, you need to provide the private key in PKCS (Personal Information Exchange File) #12 format with a .p12 extension. 

To learn how to create Android signing credentials, see Android Signing Requirements.

How do I create signing credentials for Windows Phone apps?

To sign a Windows Phone app using the signing package, you need:

  • An enterprise certificate in Personal Information Exchange (.pfx) format. Use this same certificate to sign any native Windows Phone apps that you will distribute through EASE, including the Windows Phone App Catalog.
  • A Microsoft Windows machine that meets certain system requirements.

To learn how to create Windows Phone signing credentials, see Windows Phone Signing Requirements.

How do I sign an app through the EASE Portal?

To learn how to sign an app in EASE, see Sign an App (EASE).

Can I sign an app outside of the EASE Portal?

To learn how to sign an app outside of EASE, see Sign an App (Signing Package).

Can I use EASE to sign an iOS app that includes extensions and an Apple Watch (watchOS) app?

iOS apps with watchOS components can't be signed through EASE; these apps must be signed with the signing package. iOS apps with extensions can be signed in EASE.

For more information, see App Extensions and Entitlements and Sign an App (Signing Package).

Do I need to sign every app that I add to EASE?

Every iOS, Android, and Windows Phone app must be signed before it can be added to EASE.

For more information, see About Signing.

Do I need to sign Native App Catalogs?

iOS, Android, and Windows Phone App Catalogs need to be signed like any other native applications; Windows 8 App Catalogs do not.

For more information, see About Signing.

What is the difference between the standard iOS Developer Program and the iOS Developer Enterprise Program?

To learn about the iOS developer programs and how they relate to signing apps, see Apple Developer Programs.

What is the difference between an Individual Developer License and an Enterprise Developer License?

An "Individual Developer License" is another way to refer to a developer's account for the standard iOS Developer Program. That is, an account that can create a distribution provisioning profile to distribute apps to up to 100 specific iOS devices. An "Enterprise Developer License" refers to an account for the iOS Developer Enterprise Program. Organizations with this account can create provisioning profiles to distribute apps to an infinite number of devices.

What is the difference between a development provisioning profile and a distribution provisioning profile?

development provisioning profile is associated with a development certificate that identifies a single developer on a team. It authorizes an app to use certain technologies and run on designated devices during development. In order to work, it requires Xcode, which makes it useful during the app development process only. It is not for deploying apps to users.

distribution provisioning profile is associated with a distribution certificate that identifies a team, not a team member. It authorizes an app to run on devices without the assistance of Xcode. A distribution provisioning profile is used to deploy an app to users via the App Store or other app marketplace, such as the App Catalog.

For more information, see Manage Distribution Provisioning Profiles.

What is the difference between Ad Hoc and In House distribution?

For more information, see Ad Hoc or In House Distribution.

Can I sign an iOS app with a wildcard distribution provisioning profile?

EASE does not prohibit you from signing an app with a wildcard distribution provisioning profile, but it is not recommended.

For more information, see App Extensions and Distribution Provisioning Profiles.

What does it mean when an app "expires," and how do I fix it?

When an app "expires," it means that the credentials used to sign the app have expired. This could mean something different depending on the type of app.

For more information, see Sign an app with a certificate that is about to expire.

How can I check the expiration date of iOS signing credentials?

You can check the expiration date of an application in the Expiration Date column on the Applications page. The Expiration Date column is hidden by default; use the Show/hide columns menu to display it. In additional, status tags on the Applications page identify apps that are due to expire soon or have already expired.

You can also check the expiration date of an iOS app's credentials on the Signing page for the app.  

If you have an iOS Developer Program account, you can also log in to the iOS Dev Center to check expiration status, create new distribution certificates, and perform other tasks to create and manage signing credentials for iOS apps.

Apperian helps track expiration dates of signing credentials by notifying EASE Administrators about iOS apps due to expire. Notification emails are sent 60 days before an app expires, 45 days before, 30 days before, and then every day until the app either expires or is re-signed with a current distribution certificate and provisioning profile.

You can also check the expiration date of any signing credentials you have stored in EASE. To do this, go to Signing Credentials on the Settings page.

For more information about expired iOS apps and what to do when an app is about to expire, see iOS App Expiration.

How can I check the expiration date of a Windows Phone certificate?

If you have access to a Windows computer with the Windows Phone certificate installed, you can check the expiration date from the Internet Properties dialog. If you have the PFX file but do not have access to a computer where it is installed, you can check the expiration date at the command line.    

For more information, see Check the Expiration Date of a Windows Phone Certificate.

When do I need to re-sign an app after it is in EASE?

After an app has been added to EASE, there are times when you will want or need to re-sign the app. 

For more information, see Re-sign an App.

Do I need to re-sign an app with the same credentials it was signed with previously?

With iOS and Android apps that have been installed on any of your users' devices, it is important that you re-sign the apps with the same credentials they were signed with previously. If you sign an app with different credentials, users will not be able to install an update of the app.

With Windows Phone apps, you need to be sure to sign the app with the same enterprise certificate used to sign the App Catalog. Therefore, if you upload a new version of the app, you need to sign it with the same credentials as the previous version, unless the App Catalog has been re-signed with a different certificate, in which case you would need to re-sign the app with that certificate. 

Other Resources

About App Distribution (iOS Developer Library)

Glossary (iOS Developer Library)

Signing Your Applications (Android Developer's Guide)