For now, Apple allows you to distribute your add in 4 ways:
Ad Hoc deployment
Enterprise deployment (aka In-House distribution)
We will explain them shortly.
Build your application as an IPA
An .ipa file is the iOS App File that will run on an iOS device. In TotalCross, to generate a .ipa you must call tc.Deploy and pass the -iphone (or -all) argument, together with the path to the the certificate + key store.
You will be prompted with some questions, which you need to supply the answers. You may want to configure the openssl req with predefined data. To do so, create a config file like the template below:
[ req ]distinguished_name = req_distinguished_nameprompt = no[ req_distinguished_name ]emailAddress = firstname.lastname@example.orgName = John DoecountryName = BRstateOrProvinceName = Rio de JaneirolocalityName = Rio de JaneiroorganizationName = John’s Company
Then pass it to the openssl req command like the follow:
Never, EVER, share your private key request.key in a non-secure media. If you must transfer it from your trusted computer to another, do it safely. Some suggestions are:
use scp to copy this file over ssh encryption to your other trusted computer;
zip it with a password, forward the file with a pen-drive or in a email, and tell the destinatary the password through another media;
upload it with https to a trusted server of your own.
If somehow you have shared your private key request.key in a unsecure way, please, BURN IT WITH FIRE BEFORE IT LAYS EGGS OF SECURITY BREACHNESS. You are warned. You should take your security seriously. Pretty pretty seriously.
Your public key is meant to be shared with the wind. There is no worry about this as long as P \neq NP.
As I need a production certificate for an Enterprise account, I choosed the In-House and Ad-Hoc. There it goes through an intermediary screen:
And then finally to the screen where I now shall upload the generated .csrfile (it is the public key, so therefore no worry):
Add printscreen after uploaded public certificate
Now you can download the certificate at any time. This file is commonly named as ios_distribution.cer.
iOS App ID
To generate the provisioning profile, one must have before-hand to Register iOS App IDs:
If you jump this step directly to the provisioning profile, there will be prompted a screen to create this iOS App ID
Add printscreen of the App ID with sample stuff
In the sample above, I have choosen to go with the Wildcard App ID. There are a few drawbacks in this option, like you cannot enable Push Notifications service. In the end, I have created an App ID with Explicit App ID.
Now we must generate the provisioning profile:
As I want an enterprise distribution, I must choose the In-House provisioning profile:
Now the system will ask you about the App ID, then the certificate, and finally you are prompted with a Profile Name. It can be arbitrary:
Add printscreen of the Profile Name being prompted
You end this step downloading a .mobileprovision file.
You have created in your own machine this files:
config, so that it will be easy to create your public/private keys
request.key, your private key
request.csr, your public key
ios_distribution.cer, your Apple certificate
.mobileprovision, one of the most important files so that you can indeed embed this in your app to distribute
Finishing the basis to compile to iOS with TotalCross
So far, so good. Now we need to create a Publc-Key Cryptography Standard 12 .p12 file. To create it, we need the intermediary container for public key .pem file.
This question in ServerFault gives you more details about the files format. Also it was where I got that information above.
To create the .pem file, just give this command:
openssl x509 -in ios_distribution.cer -inform DER -out ios_distribution.pem -outform PEM
is the cryptography standard
indicates that the input certificate file is named ios_distribution.cer
indicates that the format of the input file is DER, so that OpenSSL can do its conversion
AKA translate from DER
indicates that the output file name is named ios_distribution.pem
indicates that the output format is PEM
AKA translate to PEM
With the .pem file created, we just need to create the .p12 file:
which file is the private key? It is request.key
which file is the container for your certificate? ios_distribution.pem
which file I want to save as my PKCS 12 file? ios_distribution.p12
Artifacts needed for this step:
the TotalCross generated .ipa (with the proper provisioning profile)
your provisioning profile
your Production certificate
a Mac OS X computer
To send your application to the App Store, you first need to generate your .ipa using the key/provisioning profile of a Store distribution. Then, it is needed to resign your .ipa using the iReSign (download iReSign from GitHub, or access the iReSign project on GitHub).
Once you open iReSign, you will be met with this window:
Just drag and drop your .ipa in the first field, select your Production certificate in the last field. After this, it will generate a new .ipa file. If you send HelloWorld.ipa, it will generate HelloWorld-resigned.ipa in the same directory of HelloWorld.ipa.
With your *-resigned.ipa in hands, you can send it to the App Store using the iTunesConnect program.