Signing iOS apps locally

Follow your company policies and ensure that you do not expose your iOS certificates and provisioning profiles in third-party platforms, by signing your iOS apps locally. For example, your company's internal audit policies might prevent your from uploading the iOS code signing certificates and provisioning profiles to Pega Platform. In such situations, generate an unsigned iOS app bundle in Pega Platform and then sign it on your local macOS computer.
Before you begin: Prepare the framework for signing your iOS app locally:
  1. Use a computer with the macOS operating system.
  2. Obtain a signing certificate and a provisioning profile. For more information, see Obtaining a signing certificate for iOS apps and Obtaining a mobile provisioning profile for iOS apps.
  3. Install the free Xcode application from the App Store, and then, in the Terminal application, install the command line tools by entering xcode-select --install
  4. Create an unsigned certificate set. For more information, see Creating an unsigned iOS certificate set.
  5. Generate an unsigned xcarchive bundle, and then download it to your computer. For more information, see Generating installation packages.
  1. Place the zipped xcarchive bundle, the .p12 file with the certificate, and the .mobileprovision file in the same folder.
    For example: The folder has the following structure:
    • MyUnsigned.xcarchive.zip
    • ios-certificate.p12
    • ios.mobileprovision
  2. Open the Terminal application, and then navigate to the folder with your files.
  3. Extract the zipped xcarchive bundle.
    For example: Enter unzip MyUnsigned.xcarchive.zip -d MyUnsigned.xcarchive
  4. If the bundle already contains a code signature folder, remove the existing code signature.
    For example: Enter rm -rf MyUnsigned.xcarchive/Products/Applications/MyUnsigned.app/_CodeSignature/
  5. Copy your provisioning profile to the extracted xcarchive folder.
    For example: Enter cp ios.mobileprovision MyUnsigned.xcarchive/Products/Applications/MyUnsigned.app/embedded.mobileprovision
  6. Provide the App ID entitlements that are required for signing the app:
    1. Create a new text file.
    2. Insert the following template in the file, and then replace the TEAM_ID and BUNDLE_ID placeholders with values that match your App ID configuration:
      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
      <plist version="1.0">
      <dict>
      	<key>application-identifier</key>
      	<string>TEAM_ID.BUNDLE_ID</string>
      	<key>aps-environment</key>
      	<string>production</string>
      	<key>com.apple.developer.team-identifier</key>
      	<string>TEAM_ID</string>
      	<key>get-task-allow</key>
      	<false/>
      </dict>
      </plist>
    3. Save the file as entitlements.plist in the folder with your other files.
      For example: The folder has the following structure:
      • MyUnsigned.xcarchive.zip
      • MyUnsigned.xcarchive
      • ios-certificate.p12
      • ios.mobileprovision
      • entitlements.plist
  7. At the command prompt, import your certificate from the .p12 file to the Keychain application.
    For example: Enter open ios-certificate.p12
  8. At the password prompt, enter your password certificate.
  9. Optional: To review the signing identity, enter the following command: security find-identity
  10. Sign the code of your app.
    For example: Enter codesign -f -s <signing identity> --entitlements entitlements.plist MyUnsigned.xcarchive/Products/Applications/MyUnsigned.app/
  11. Open the xcarchive file in Xcode.
    For example: Enter open MyUnsigned.xcarchive
  12. In Xcode, ensure that your archive is highlighted, and then click Distribute App.
    Result: Xcode launches a flow that signs your app and exports it as an .ipa file.
  13. Complete the app signing and export flow:
    1. Select the preferred method of distribution, and then click Next.
    2. Select the distribution options for your app, and then click Next.
    3. Select the certificate and provisioning profile that you want to use, and then click Next.
    4. Review the summary of the app signing flow, and then click Export.
    5. Choose the folder in which you want to save your iOS App Store Package file, and then click Export.
Result: An .ipa file with your app is now available in the chosen folder. You can launch the app and distribute it to your users.