Page tree
Skip to end of metadata
Go to start of metadata


To sign an iOS app using either the Admin Portal or signing package, you need:

  • An Apple Developer account from the Apple Developer Program.
  • distribution certificate (also referred to as a production certificate) that is paired with a private key and approved by Apple. The distribution certificate authenticates that the app comes from an Apple-trusted source (this is the signature). A distribution certificate is not specific to a particular app; you can use the same certificate to sign all your iOS apps.
  • distribution provisioning profile, which authorizes devices to use the app. The provisioning profile is the file actually used to sign the app. It includes a name, a distribution certificate, and an app ID. The provisioning profile should use an unique app ID associated with a particular application. 

The following diagram illustrates the main task flow for creating these components and signing iOS apps.

To sign iOS apps with the signing package, you must have a computer running at least Mac OS X 10.7 or Linux.

Apple Developer Programs

To create signing credentials for iOS apps, you need an Apple Developer account, which you get by enrolling in an Apple Developer Program. 

For more information, see Apple Developer Program and Apple Developer Program Enrollment.

There are two types of developer programs. 

  • Standard iOS Developer Program: This program is for individuals or companies who intend to develop free and fee-based iOS apps for distribution on the Apple App Store. A member of the standard iOS Developer Program can create a distribution provisioning profile (.mobileprovision filetype), but any app signed with that profile can be distributed to a maximum of 100 specific iOS devices only. The devices must be registered through the iOS Dev Center using their Apple Unique Device Identifier (UDID) as reference. This type of distribution is call Ad Hoc.
  • iOS Developer Enterprise Program: This program is for companies and organizations creating proprietary, in-house iOS applications for internal deployment. A member of the iOS Developer Enterprise Program can create a distribution provisioning profile which can be used to distribute an app to an infinite number of devices.

Which One Should I Choose?

Apperian recommends that your organization enrolls in the iOS Developer Enterprise Program in order to distribute your apps to an unlimited number of users.


To use push notifications with an iOS App Catalog, you also need a production push SSL certificate. This is not required for signing, but it is part of the Apple Developer Program. For more information, see Manage SSL Certificates for Push Notifications.

Back to Top

Requirements for Signing with the Admin Portal

To sign an app using the Portal, you need the following items:

  • A distribution certificate (paired with a private key) exported to a .p12 file. This is a distribution certificate that has been exported, along with its associated private key, from a Login keychain to PKCS (Personal Information Exchange File) #12 format. If a password was defined during the export, you will need to provide that password either when storing signing credentials or when providing one-time credentials.
  • A distribution provisioning profile stored as a file with a .mobileprovision extension.

Back to Top

Requirements for Using the Signing Package

To sign an app using the signing package, you need the following items:

  • An Apple Worldwide Developer Relations Certificate (paired with a private key) installed in your Login Keychain. This is an intermediate signing certificate provided by Apple. If you do not have this certificate and its associated private key, you can download it from Apple PKI. Once it's on your computer, double-click it in your Downloads folder to install it in your Login Keychain under the Certificates Category.
  • A Team Agent or Team Admin role for the Apple Developer account. If you were the person who enrolled in the iOS Developer program, than you are the Team Agent. If someone else enrolled, that person may have invited you to the team as either a Team Admin or a Team Member. For information on team membership, see the iOS Developer Library. To access the iOS Developer Library, you must sign in using the Apple ID and password for your Apple Developer account.
  • A distribution certificate (paired with a private key) installed in your Login Keychain. Unlike with EASE signing, you do not need to export the distribution certificate to a .p12 file to use it with the signing script.

  • A distribution provisioning profile stored as a file with a .mobileprovision extension.

Back to Top