Resigning Resco Mobile CRM for Enterprise Deployment
This document explains the process required for distribution of Resco Mobile CRM application on iOS devices – within the enterprise, without using Apple App Store. This is essential, if you are going to:
Use an MDM solution to distribute the app
Wrap the app for an MDM solution (and then distribute it as above)
Distribute a custom build branded application
This document doesn’t explain the distribution process itself, but rather the steps required before the actual distribution and deployment takes place.
Due to limitations imposed by Apple, it is not possible to distribute and install just any app onto the mobile device. Typically, the app is installed via App Store, where Apple approves it beforehand. If you want to distribute the app within your enterprise without App Store and without Apple’s approval, the process gets a bit more complex.
Generally the app will need to be signed with a special certificate – Enterprise Deployment certificate, which allows the app to run without installation through the App Store. Since Resco has built the application for distribution through the store, you will need to resign the app with the Enterprise certificate in order to distribute it. The details are described on the following pages.
In order to be able to deploy the Mobile CRM application within your enterprise environment, you will need:
Resco Mobile CRM .ipa file (provided by Resco)
Mac (Apple doesn’t allow this process to happen on other than their hardware)
During the testing stage, you can use the Developer Account without enterprise enrollment. Such an account can be used with up to 100 devices that have to be specified before the application is resigned.
Creating the provisioning profile – App ID
First of all, you have to register new App ID in your iOS Developer portal. iOS Developer portal is used for generating all the profiles and certificates, registering your app and more. It can be found here – https://developer.apple.com/
Go to Member Center, select Certificates, Identifiers & Profiles
Select Identifiers, then App IDs
Click on ‘+’ to add a new App ID
Choose the „Explicit App ID“ and type the unique bundle ID (let’s say com.yourcompany.mobilecrm) – see Fig. 1.
Fig.1 – Registering an App ID
Since there can be only one unique App ID in the universe and ‘net.resco.mobilecrm’ is already taken, we strongly suggest using ‘com.yourcompany.mobilecrm’ as the App ID. This will be used later in the process to identify your app. It will be used for granting the installation rights to the app with this bundle ID only.
Creating the provisioning profile – Provisioning Profile
After that you can create the provisioning profile. (iOS uses Provisioning Profile to verify that the app being installed is from the right developer
and its content is unchanged.)
On the same page (Certificates, Identifiers & Profile)
Select Distribution under Provisioning Profiles on the left
Click ‘+’ to add new
Choose „In-House“ distribution and specify the App ID you just created and your company certificate. The in-house distribution option will not be available if you haven’t enrolled in Apple Developer Enterprise program (see prerequisites).
Fig. 2 – Creating the Provisioning Profile
Finally, download the newly created provisioning profile (.mobileprovision file).
During the testing stage (or if you don’t have the enterprise enrollment), you can use „Ad-Hoc“ provisioning profile. In this case, you will have to specify the list of devices on which the application will be entitled to work. Each time you will update this list, you will need to re-download the provisioning profile and resign the application once more to apply the changes.
Since the standard Resco application – the one Resco provides to you – is signed for distribution via App Store, you will need to re-sign the app. This will remove the information which allows the app to install and run only from the store and will add the info that you have enrolled in the Enterprise program and the app can be distributed this way.
Unpack it and run iReSign.app included in the ZIP package (see Fig. 3)
Browse the MobileCRM.ipa file as the app package
Browse provisioning profile file that you have previously created and downloaded
You can leave entitlements section blank
Check the box „Change ID“ and type the bundle ID which you have specified during the App ID creation
Choose your company distribution certificate (if you don’t have it see Common Problems) and press „ReSign!“ button.
Resulting IPA should be suitable for your company deployment. The file can be then distributed using the tool of your choice.
Fig. 3 – iReSign
I am missing the distribution certificate in iReSign app.
To obtain it, follow these steps.
Open the „Keychain Access“ application
Choose „login“ keychain and „My Certificates“ category
The „iPhone Distribution: Your Company“ certificate item should be listed under this category
Make sure that it has the private key included (it should be possible to expand the certificate, and the private key item should be included as its child)
If you are missing the certificate, please open the Xcode/Preferences/Accounts and log in with your company admin/agent credentials. Make sure that you have the iOS Distribution channel created.
If you have the certificate in the Keychain and it misses the private key, go to the Xcode/Preferences/Accounts, open the Details of your account and press the „Reset“ button next to the iOS Distribution item. This action will create the new private key for your distribution channel, and any previous keys will be discarded (!!!). This might result in invalidity of other apps signed with this certificate.
I am missing the private key for distribution certificate, but I have it on another Mac.
In this case, you have to export whole Xcode account from Xcode/Preferences/Accounts and import it on another Mac.
Alternatively, you can export the distribution certificate from „Keychain Access“ (export it as .p12 file, otherwise the private key is not included) and import it on another Mac (just click on it and pass the Keychain wizard).
Changing the bundle ID blocks several features of the MobileCRM application:
CamCard support does not work on v8.2.x and earlier builds.
If Everything Fails
The subject is too complex to cover here each and every problem you may encounter. However, the chances are good that somebody has the answer you seek and published the solution on the web. Consider searching Google, asking on http://www.stackoverflow.com or at the Apple Developer Forum – just to mention obvious choices.