Sign or Re-sign the iOS MTP Mobile App

To use MTP Mobile App on iOS after you have downloaded it from MTP Manager, first sign it using these steps.

To re-sign an app, skip to Re-sign the iOS MTP Mobile App.

Important: If you are deploying the app using an EMM connection directly to the App Store, you do not have to sign the app. These steps are only for apps downloaded from MTP Manager.

Prior to Signing

Before you sign the app, make sure you have:

  • An Apple Developer Enterprise Account.
  • An Apple Mac computer with OS 10, including the Xcode command-line tools. If you do not have proper command-line tools, MacOS will prompt you to download during the re-sign step.
  • For direct install (Non-EMM) and MobileIron Deployments: Contact your CSM for your plist authentication file.

If you are updating to a new version of the Appthority iOS Mobile Agent, skip to Step 7 under Register App ID.

Sign the App

The following sections step you through signing the MTP Mobile App for iOS:

Then:

To register the App ID

  1. Sign in to your organization's Apple iOS Developer Enterprise Program account and go to Certificates, IDs & Profiles.
  2. Ensure that the drop-down has iOS, tvOS, watchOS selected, and click through to Identifiers > App IDs.
  3. Click Add (the + icon) in the upper right to create a new iOS App ID.
  4. Under the App ID Description section, name your Appthority app, for example "MTP Mobile App".
  5. Check the Explicit App ID button, and name the Bundle ID as follows:
    com.appthority.Appthority.Enterprise.[your company name]
  6. Record the AppID for use in upcoming steps.
  7. Under App Services, check the box next to Push Notifications to enable this service.
  8. Scroll down and click Continue.
  9. Confirm the information and click Register.

To create the Developer Certificate

  1. Within Certificates, IDs & Profiles > Certificates, click Add (the + icon) in top right corner to create a new certificate.
  2. Under Development, select iOS App Development, and click Continue.
  3. Follow the on-screen steps to create a CSR file for the developer certificate.

    Tip: A best practice in the Common Name field is to name the Private Key "MTP Mobile App Developer Key".

  4. Download and save the Certificate file to your Mac, and click Continue.
  5. Go to the local certificate file you just saved, and double-click it to install it to Keychain Access.
  6. Click Done.

To get the iOS In-house Provisioning Profile

  1. In Certificates, IDs & Profiles > Provisioning Profiles > Distribution, click Add (the + icon).
  2. In the Distribution section, select In-House, then click Continue.
  3. From the App ID dropdown, select the App ID created previously and click Continue.
  4. Select your organization’s iOS distribution certificate and click Continue.
  5. Enter a name for the new Provisioning Profile, for example "MTP_Mobile_App_Distribution", and click Continue.
  6. Download the new Provisioning Profile to your Mac.

To create the VoIP Certificate

  1. In Apple Developer Enterprise Program > Overview > Certificates, Identifiers & Profiles > iOS Apps > Certificates, click Add (the + icon).
  2. In the Production section, select VoIP Services Certificate and click Continue.
  3. From the App ID dropdown, select the App ID previously created and click Continue.
  4. Follow the on-screen steps to create a CSR file for the VoIP Certificate.
    Tip: A best practice in the Common Name field is to name the VoIP Certificate "MTP Mobile App VoIP Cert".
  5. Download and save the Certificate file to your Mac, and click Continue.
  6. Go to the saved certificate file in Finder, and drag it into the login section of Keychain Access.
  7. From Keychain Access, click login in the left navigation, select the generated certificate, and click Export (File > Export).
  8. Optionally, enter a password to protect the certificate and click OK.
  9. Save the Appthority VoIP Certificate to your Mac.

To upload the VoIP Certificate and get deployment files

  1. In MTP Manager, click Admin > Mobile App.
  2. Select the appropriate Mobile Agent Deployment Type for your deployment method.
    • When using an EMM, select it.
    • For direct (Non-EMM) deployment, select Appthority.
  3. Click the appropriate Upload button type for the certificates you created in the VoIP sections, and choose you Appthority Certificates.
    Once uploaded successfully, MTP Manager shows Certificate uploaded with a green status banner at the top.

Re-sign the iOS MTP Mobile App

Prior to re-signing, make sure that you have the App Signer Script, Appthority IPA file, and iOS Mobile Provisioning Profile.

To re-sign the iOS MTP Mobile App

  1. In Mobile Agent Deployment, click iOS Download to download the MTP Mobile App IPA file to your Mac.
  2. Click the Download signer script link to download the script file to your Mac.
  3. On your Mac, unzip the App Signer Script.
  4. Open Terminal on your Mac, and navigate to the folder where the App Signer Script is saved.
    • For EMM deployment, type:
      bash atresign.sh [path to the mobile agent binary]
      [path to mobile provisioning file]
    • For direct (Non-EMM) deployment, type:
      bash atresign.sh [path to the mobile agent binary]
      [path to mobile provisioning file] [path to .plist]
      The re-signed version of the MTP Mobile App will be created on your Mac with “-resigned” appended to the file name (e.g. Appthority-Enterprise+1.0-resigned.ipa).

Troubleshoot Re-sign Error Messages

Error Solution
The provisioning profile is not allowed to use the production environment for push notifications Ensure that you created an iOS Distribution Provisioning Profile, not an iOS Development Provisioning Profile.
The required codesign identity is not in your keychain! The Private Key necessary to re-sign the application is not in your Keychain Access. The Certificate that includes the matching Private Key previously selected.
Other errors Contact your CSM and provide the specific error message and context.

Copyright ©Appthority, Inc. 2017-2018 All Rights Reserved. Contact Support