Re-signing an app before wrapping it
Before you wrap an app developed by a third-party developer, re-sign it with your own enterprise's signing identity using the sign_wrapped_app.sh script. Then wrap the app, and sign it again as described in Using the AppConnect Wrapping Portal or Using the AppConnect App Wrapper (wrapping tool)
For in-house apps, re-signing the app before wrapping it is typically not necessary because it is already signed with your enterprise's signing identity.
Before you begin
| 1. | Login to help.mobileiron.com. |
| 2. | Click the Software tab. |
| 3. | Download the sign_wrapped_app.sh script. |
| 4. | Make sure the signing certificate that you created for the app is in the MacOS computer’s login keychain. |
| 5. | Put the IPA file of the unwrapped app and the sign_wrapped_app.sh script in the same directory for convenient access. |
The signing script is supported only with the versions MacOS and Xcode listed in Product versions required.
| IMPORTANT: | You must download the signing script sign_wrapped_app.sh for each new release of AppConnect for iOS. Previous versions of the script will not work. |
Procedure
| 1. | Open the Terminal application on the MacOS computer. |
| 2. | Change to the directory containing the IPA file of the unwrapped app and the sign_wrapped_app.sh script. |
| 3. | Make sure that the sign_wrapped_app.sh script is executable. For example: |
$chmod 755 sign_wrapped_app.sh
| 4. | Run the script, specifying two parameters: the app’s signing certificate and the IPA file of the unwrapped app. For example: |
$./sign_wrapped_app.sh -i "iPhone Distribution: myCompanyName" myApp.ipa
Specify the name of the signing certificate in double quotes. The name has the format "iPhone Distribution: <certificate name>" where <certificate name> is typically the name of your company.
| 5. | When prompted, enter the password to unlock your keychain. |
The script continues to run, displaying the following output when successful:
/var/folders/6g/z1_193_x0lj6jkzmysxl5wz80000gq/T//resign-QJ4wZrPR/Payload/myApp.app/MISandbox.framework/Versions/A: replacing existing signature
/var/folders/6g/z1_193_x0lj6jkzmysxl5wz80000gq/T//resign-QJ4wZrPR/Payload/myApp.app: replacing invalid existing signature
$
The script replaces the IPA file with a signed IPA file. The signed IPA file is the file you will wrap.
Optionally, you can specify a different output file for the signed IPA file. Use the -o option as follows:
$./sign_wrapped_app.sh -i "iPhone Distribution: myCompanyName" -o mySignedApp.ipa myApp.ipa