- The different steps
- Step 1: Signing certificate
- Step 2: Application identifier
- Step 3: Provisioning profile
- Step 4: Web server configuration
- Step 5: Generating the application
- Step 6: Compiling in Xcode
- Step 7: Installing the application
- Step 8: Emulating Xcode (optional)
Apple's In-House deployment allows you to overcome most of the constraints of the other two modes (App Store deployment and Ad Hoc deployment) and to widely distribute an application without the need to reference client devices in advance.
- Large-scale deployment (no limit on the number of clients).
- Distributed applications not checked by Apple.
- requires an HTTPS server to distribute the application.
- requires a more expensive Apple Developer Account membership.
Note: In-House deployment was formerly known as "Enterprise". The term "Enterprise" can still be found in some documentation.
Step 1: Signing certificate
This step must be completed only once.
The signing certificate can be used for all applications of the company.
The signing certificate identifies the organization that distributes an application. It is composed of a public key and a private key:
- the private key is kept by the developer and is used to sign application installation packages.
- the public key is distributed with the application and must be signed by Apple.
Remark: Distribution certificates are valid for three years. An expired certificate cannot be renewed. Upon expiration, a new certificate must be generated.
Signing certificates are created via an Apple Developer Account, at "https://developer.apple.com/".
This operation has two stages:
- Creation of the private and public key on the Mac.
- Sending the public key to be signed by Apple, as a Certificate Signing Request (CSR).
Remark: it is recommended to perform this operation on the Mac used for the compilation. All the generated files will be installed on the computer, and ready to be used by Xcode during compilation operations.
Creating keys on the Mac
To create the private key and the CSR, use "Keychain Access", available in "Applications", "Utilities".
In the main menu of the application, select "Certificate Assistant .. Request a Certificate from a Certificate Authority".
Then follow the steps of the certificate assistant.
Signing the CSR via the site
On the "Apple Developer" site:
- Click "Certificates, Identifiers & Profiles" in the sidebar.
- Then click "+" to create a new certificate (in the "Software" section, choose "In-House and Ad Hoc").
- Once the CSR is generated, it must be sent to Apple.
- Click "Choose file" and select the CSR file generated by the assistant.
Apple will then sign the CSR and return a signing certificate which must be:
- downloaded via the "Download" button,
- installed on the Mac (double-click the downloaded file).
Caution: It is important to note that In-House deployment is not intended to commercialize applications, but only for internal, large-scale deployment in an organization.
Step 2: Application identifier
This step must be completed only once for each application to distribute, unless the distribution conditions described in the App ID vary.
An application identifier (App ID) is used to uniquely identify an application. Different versions of the same application will all have the same App ID.
An application identifier can also be created from the Apple Developer site:
- In "Certificates, Identifiers & Profiles", select the second option from the sidebar: "Identifiers",
- Click "+" to create a new App ID,
- In "Register a New Identifier", select "App ID" and click "Continue".
- Describe the application to create the App ID.
- Platform: select iOS, tvOS, watchOS for a WINDEV Mobile application.
- Description: this field allows you to enter a description of the application.
- Bundle ID: select "Explicit" and enter a bundle identifier. There are no rules for entering this identifier. It must be specified in the WINDEV Mobile generation wizard (see step 5). By convention, this identifier often corresponds to a syntax called "reverse domain name". For example, for an application called "WMShopping" distributed by the company "precilia.com", the recommended Bundle ID would be: "com.precilia.wmshopping".
Note: Wildcard Bundle IDs (i.e., with an asterisk instead of an application name like "com.precilia.*") allow having a single App ID for several applications, which can be useful to distribute a large number of applications. However, Push notifications or In-App purchases cannot be used in an application identified by a Wildcard Bundle ID.
- In "Capabilities", specify the functionalities used by the application (e.g., push notifications).
- Click "Continue".
- On the next page, specify how the application will be deployed (so that the generated App ID is compatible with In-House deployment).
- Select "Yes. I have details on this app and plans for distribution".
- Indicate the approximate number of client devices.
- Then select the application deployment method:
- via a secure website (our case),
- via an MDM solution (Mobile Device Management, i.e. an infrastructure for managing a fleet of mobile devices).
WINDEV Mobile allows you to implement this type of solution. For more details, see MDM: A private store.
- Next, specify how the access to the application will be secured:
- via a login/password mechanism,
- by forcing the user to connect to an Intranet or a specific VPN.
- Finally, indicate the intended users of the application:
- employees of the company,
- Don't forget to check the box confirming that all the information provided is correct (at the bottom of the page).
- Click "Continue" to create the App ID.
Step 3: Provisioning profile
This step must be completed only once for each application to distribute.
A provisioning profile is a description that links an application (represented by its App ID) to a distributor (represented by a Signing Certificate). It is used to compile the package that will be installed on iOS devices.
Provisioning profiles are created in the "Apple Developper" site:
- In "Certificates, Identifiers & Profiles", click "Profiles" and "+" to create a new profile,
- Select "In-House" in "Distribution" and click "Continue",
- In the drop-down list, select the App ID created for the application and click "Continue".
- Choose the signing certificate to use. At compilation time, the application must be signed with the private key of this certificate (see step 5). Click "Continue".
Note: The application users will have to accept the public key before starting the application on their iPhone/iPad (see step 7).
- Enter a name for the provisioning profile and click "Generate".
- Click "Download" to download the profile and double-click on it to install it in Xcode
Step 4: Web server configuration
To allow the installation of In-House applications, a simple solution is to create a web page with a link pointing to the "manifest.plist" file (which will be generated by Xcode, in step 6).
The syntax of this link is as follows:
https://wmshopping.precilia.com/manifest.plist" id="text">Download iOS application</a>
The address of the web server can be adapted according to your configuration, and you are free to define the text in the tag.
Web servers don't always know how to handle ".plist" and ".ipa" files. If these extensions are unknown to the server, the download will not work.
To declare these extensions in IIS, use the "Internet Information Services (IIS) Manager":
- Select the server and click "MIME Types" in the right view ("IIS" section).
- If the ".ipa" and ".plist" extensions are not declared on your server, add them by clicking "Add..." (in the menu on the right of the window):
- the ".ipa" extension is associated with the MIME type "application/octet-stream",
- the ".plist" extension is associated with the MIME type "application/x-plist".
Step 5: Generating the application
In WINDEV Mobile, start the iOS application generation wizard: on the "Project" pane, in the "Project" group, click "Generate".
- In the first step of the wizard, enter the Bundle ID of the application.
Caution: You must use the same Bundle ID specified when the App ID was created (step 2).
- In "Signature", you can ask WINDEV Mobile to automatically generate the necessary elements to sign the application. To do so, simply enter your Team ID. This identifier is displayed in the top right corner on all pages of the Apple Developer site when you are logged in.
- Finish the wizard to generate the Xcode project and copy the result to your compilation Mac.
Step 6: Compiling in Xcode
To compile your WINDEV Mobile project in Xcode:
- Load the project in Xcode.
- Select the "Generic iOS Device" target in the toolbar.
- In the "Product" menu, select "Archive".
- When the creation of the software archive is complete, click "Distribute App".
- For In-House deployment, select the "Enterprise" distribution method and validate by clicking "Next".
Tip: In the distribution options, it is possible to reduce the size of the package if all client devices are the same model. To do this, choose the model from the "App Thinning" drop-down list.
Caution: do not select "All compatible device variants". For an application compatible with all device variants, select "None" (default option)
- Be sure to check "Include manifest for over-the-air installation".
- Click "Next".
- Specify the details in the deployment manifest before validating ("Next"):
- Nom: specify the name of the application
- App URL: Specify the address at which the installation package will be available. This package is an .ipa extension file, and an HTTPS access is mandatory.
- Display Image URL: specify the address of a 57x57 pixel image that will be used as the installation icon for the application. The protocol must be HTTPS.
- Full Size Image URL: specify the address of a 512x512 pixel image that will be used as the large icon for the application. The protocol must be HTTPS.
- For In-House distribution, the installation package must be signed again after the generation.
In this step, you can let Xcode manage the signature automatically (based on the information specified in the provisioning profile).
If you manage singing manually, an additional step requires you to confirm the signing certificate to use (crated in step 1) and the provisioning profile (created in step 3).
- After validating ("Next"), Xcode builds the installation archive of the application, then signs this archive with the private key of the signing certificate.
Remark: this operation may take some time (several minutes).
- Once the distribution archive has been created, Xcode proposes to export the result of the generation. Xcode then generates several files in this directory. Two of them are necessary to distribute the application:
Caution: if there are multiple .ipa files in the export, it means that one of the previous options has not been correctly selected: restart the archive generation, and make sure "None" is selected in "App Thinning".
- the .ipa file (name chosen in the archive creation wizard).
- Copy these two files to the Web server (configured in step 4) at the URL specified during generation.
Step 7: Installing the application
To install the application on an iPhone/iPad:
- Open the page on Safari and click the installation link.
- Safari will then display a confirmation box indicating that the website wants to install an application: click "Install".
The first time the application is launched, an error message may appear indicating that the company that signed this application is not trusted by the user.
To trust a certificate on a device:
- Go to "Settings", "General",
- Tap "Profiles & Device Management",
- Tap the name of the signing certificate in "Enterprise App" (this is the certificate that was created in the first step),
- Tap "Trust ..." and validate.
It will then be possible to install and run all In-House applications signed by this developer (i.e. with the same Signing Certificate) on this device.
Step 8: Emulating Xcode (optional)
You can emulate Xcode via command lines to trigger the generation by programming (for example in SSH from an action plan in the Software Factory).
The main useful command lines in this case are:
- Clean compilation cache:
xcodebuild -scheme <my_scheme>-sdk iphoneos-archivePath <archive_path> archive
The parameters are as follows:
- <my_scheme>: value of a project scheme (see the schemes of your application in Xcode).
- <archive_path>: destination path.
- IPA build:
xcodebuild -exportArchive-archivePath <my_scheme>.xarchive
-exportOptionsPlist exportOptions.plist-exportPath <export_path>
The parameters are as follows:
- <my_scheme>: value of a project scheme.
- <export_path>: destination path.
For more details on xcode build and the command line, please refer to the Apple documentation: "https://developer.apple.com/library/archive/technotes/tn2339/_index.html