Preparing Apps for Distribution
Enterprise apps must be signed with your distribution certificate, and must have a provisioning profile that authorizes devices to use the app. The designated Team Agent for your program membership creates the distribution certificate and provisioning profiles at the online Provisioning Portal.
Generating the distribution certificate involves using the Certificate Assistant (which is part of the Keychain Access application on your Mac OS X development system) to generate a Certificate Signing Request (CSR). You upload the CSR to the iOS Provisioning Portal and receive a distribution certificate in response. When you install this certificate in Keychain, Xcode uses the certificate to sign your app. For detailed instructions, see the iOS Provisioning Portal.
Next, you need to create an enterprise distribution provisioning profile so your users can use your app on their device. You create an enterprise distribution provisioning profile for a specific app or multiple apps.
The designated Team Agent for your enterprise can create enterprise distribution provisioning profiles at the iOS Provisioning Portal at http://developer.apple.com/iphone. See the website for instructions.
Deploying Apps
There are three ways to install apps:
- Distribute the app to your users for installation using iTunes.
- Have an IT administrator install the app on devices using iPhone Configuration Utility.
- Post the app on a secure web server; users access and perform the installation wirelessly.
Installing Apps Using iTunes
Your users use iTunes to install apps on their devices. Securely distribute the app to your users and then have them follow these steps:
- In iTunes, choose File > Add to Library and select the file (.app, .ipa, or .mobileprovision). You can also drag the file to the iTunes application icon.
- Connect a device to the computer, and then select it in the Devices list in iTunes.
- Click the Apps tab, and then select the app in the list.
- Click Apply.
If your user’s computers are managed, instead of asking them to add the files to iTunes, you can deploy the files to their computers and ask them to sync their device. iTunes automatically installs the files found in iTune’s Mobile Applications and Provisioning Profiles directories.
Installing Apps Using iPhone Configuration Utility
You can use iPhone Configuration Utility to install apps and profiles on connected devices.
Installing Distribution Provisioning Profiles:
- In iPhone Configuration Utility, choose File > Add to Library, and then select the distribution provisioning profile that you want to install.The profile is added to iPhone Configuration Utility and can be viewed by selecting the Provisioning Profiles category in the Library.
- Select a device in the Connected Devices list.
- Click the Provisioning Profiles tab.
- Select the provisioning profile in the list, and then click its Install button.
Installing Apps Using iPhone Configuration Utility
You can use iPhone Configuration Utility to install apps on connected devices.
- In iPhone Configuration Utility, choose File > Add to Library, and then select the app that you want to install.The app is added to iPhone Configuration Utility and can be viewed by selecting the Applications category in the Library.
- Select a device in the Connected Devices list.
- Click the Applications tab.
- Select the app in the list, and then click its Install button.
Installing Apps Wirelessly
iOS 4 supports over-the-air installation of enterprise applications, letting you distribute in-house software to your users without using iTunes or iPhone Configuration Utility.
Requirements
- A secure web server accessible by authenticated users
- An in-house iOS app in .ipa file format
- An XML manifest file, described in this document
- A network configuration that allows the device to access an iTunes server at Apple
Installing the app is simple. Users download the manifest file from your website to their iOS 4 device, which instructs the device to download and install the apps referenced in the manifest.
You can distribute the URL for downloading the manifest file via SMS or email, or by embedding it in another enterprise app you’ve created.
It’s up to you to design and host the website used to distribute apps. You need to make sure that users are authenticated, perhaps using basic auth or directory-based authentication, and that the website is accessible via your intranet or the Internet. The app and manifest can be placed in a hidden directory, or in any other location that’s readable using HTTP or HTTPS.
Preparing an Enterprise App for Wireless Distribution
To prepare your enterprise app for wireless distribution, you build an archived version in the form of a .ipa file, and a manifest file that enables wireless distribution and installation of the app.
In Xcode, you create an app archive using the “Build > Build and Archive” command. Then, in the Archived Applications source in Xcode’s Organizer, select the app and click the “Share Application…” button. Then click the “Distribute for Enterprise…” button. You’ll be asked to provide information for the manifest file that Xcode creates. For information about the manifest file, see below. For more information about building and provisioning apps, visit the iOS Dev Center.
About the Wireless Manifest File
The manifest file is a file in XML plist format. It’s used by an iOS 4 device to find, download, and install apps from your web server. The manifest file is created by Xcode, using information you provide when you share an archived app for enterprise distribution. See “Preparing an Enterprise App for Wireless Distribution.”
A sample manifest file is included at the end of this document. The following fields are required:
Item | Description |
---|---|
URL | The fully qualified HTTP or HTTPS URL of the app (.ipa) file. |
display-image | A 57 x 57-pixel PNG image that is displayed during download and installation. Specify the image’s fully qualified URL. |
full-size-image | A 512 x 512-pixel PNG image that represents the app in iTunes. |
bundle-identifier | Your app’s bundle identifier, as specified in your Xcode project. |
bundle-version | Your app’s bundle version, as specified in your Xcode project. |
title | The name of the app, which is displayed during download and installation. |
Optional Keys
Optional keys you can use are described in the sample manifest file. For example, you can use the MD5 keys if your app file is large and you want to ensure download integrity beyond the error checking normally done during TCP communications.
Constructing your Website
Upload these items to an area of your website that your authenticated users can access:
- The app (.ipa) file
- The manifest (.plist) file
Your website design is up to you. It can be as simple as a single page that links to the manifest file. When users tap the web link, the manifest file is downloaded, which triggers the downloading and installation of the apps it describes.
Here’s an example link:
Don’t add a web link to the archived app (.ipa). It’s downloaded by the device when the manifest file is loaded. Although the protocol portion of the URL is itms-services, the iTunes Store is not involved in this process.
Setting Server MIME Types
It may be necessary to configure your webserver so that the manifest file and app file are transmitted correctly.
For Mac OS X Server use Server Admin to add the following MIME types to the MIME Types settings:
application/octet-stream ipa |
text/xml plist |
For IIS, use IIS Manager to add the MIME type in the Properties page of the server:
.ipa application/octet-stream |
.plist text/xml |
Troubleshooting Wireless App Distribution
If wireless app distribution fails with an “unable to download” message, check the following:
- Make sure the app is signed correctly. Test it by installing it on a device using iPhone Configuration Utility.
- Make sure the URL to the app (.ipa) file (in the manifest file) is correct and the app file is accessible to web users.
- Make sure the link to the manifest file is correct and that the manifest file is accessible to web users.
Still you are getting the message "unable to download" with Done and Retry button.. Please note that
#. Dont try to manually edit the .plist file. Always give the right values when saving the file as enterprise distribution. If you have mistaked the application url when create enterprise distribution, Again create the application with correct url value instead of editing the manifest file.
Network Configuration Requirements
If the devices are connected to a closed internal network, you should allow iOS devices access to these sites.
URL | Reason |
---|---|
ax.init.itunes.apple.com | The device obtains the current file-size limit for downloading apps over the cellular network. If this site it not reachable, installation may fail. |
ocsp.apple.com | The device contacts this site to check the status of the distribution certificate used to sign the provisioning profile. See“Certificate Validation.” |
Providing Updated Apps
Apps that you distribute yourself aren’t automatically updated. When you have a new version for users to install, notify them of the update and instruct them to install the app. Consider having the app check for updates and notify the user when it opens. If you’re using wireless app distribution, the notification can provide a link to manifest file of the updated app. You will need to update all of your enterprise apps at least once a year. See “Certificate Validation.”
If you want users to retain data stored on their device, make sure the new version uses the same bundle-identifier key as the one it’s replacing and tell users not to delete their old version before installing the new one. The new version will replace the old one and retain data stored on the device, provided that the bundle-identifiers match.
Certificate Validation
The first time an application is opened on a device, the distribution certificate is validated by contacting Apple’s OCSP server. Unless the certificate has been revoked, the app is allowed to run. Inability to contact or get a response from the OCSP server is not interpreted as a revocation. To verify the status, the device must be able to reach ocsp.apple.com. See “Network Configuration Requirements.”
The OCSP response is cached on the device for the period of time specified by the OCSP server—currently between 3 and 7 days. The validity of the certificate will not be checked again until the device has restarted and the cached response has expired. If a revocation is received at that time, the app will be prevented from running. Revoking a distribution certificate will invalidate all of the applications you have distributed.
An app will not run if the distribution certificate has expired. Currently, distribution certificates are valid for one year. A few weeks before your certificate expires, request a new distribution certificate from the iOS Dev Center, use it create create new distribution provisioning profiles, and then recompile and distribute the updated apps to your users. See “Providing Updated Apps.”
Sample Manifest File
|