Securing an app (integrating security policies) and signing an app (certifying the app was created by you) are two separate tasks. However, to secure an app with security policies, you need to specify signing options.
To code-sign apps with the platform, specify the method for code signing and use a signing profile to specify app-signing parameters.
Unlike an app security profile, which is a collection of settings that can be applied with a policy to inject an app with security, a signing profile is a collection of code signing parameters. Because code signing is platform-specific, each signing profile is unique to Android or iOS.
There are two paths to create app security profiles in the platform:
- On the Policies page, select Signing Profiles, then add or edit a signing profile.
- From the Integrate dialog, after choosing an app security profile, you can create a new signing profile from the Signing Options screen.
Using signing profiles
To sign an app, specify the signing type and a signing profile.
In the platform, click Mobile Apps.
Click Integrate on the app card and choose an app security profile.
On the menu of signing options, choose the signing method to sign your app:
- Sign on console: Let the platform sign the app with the selected signing profile. See Signing apps with the Blue Cedar Platform.
- Sign externally. The platform bundles everything you need to sign externally. Download the app with the signing settings. See Signing apps externally.
Both Sign on console and Sign externally bundle signing parameters with the app via a signing profile, and also validate specific entitlements to be used for signing.
- Skip code signing: Use this option to manage signing yourself instead of having the platform validate signing parameters and sign the app.
Select a signing profile from the menu.
Click Integrate & Sign app to use these settings.
Configuring signing profiles
Use a signing profile to set these options for code signing.
Click Policies, then Signing Profiles. The signing profile list appears.
To create a new profile, click the Create New Signing Profile button. In the Create New Signing Profile dialog, give the profile a name and choose iOS or Android.
The Policies > Signing Profiles page appears again, with a new entry for your new profile. Click on the profile name to configure its options:
|Keystore file||The keystore file for your signing identity.|
|Keystore alias||The name of the specific key/certificate for app signing.|
|Keystore password||The password for the desired key.|
A provisioning profile, that is, a .mobileprovision file downloaded from the Apple Developer portal. If a provisioning profile has already been uploaded for this signing profile, its name and the associated AppIDName appear here, for example:
distribution.mobileprovision(DistributionSigning) already uploaded
|Signing certificate identifier|
The name of the iOS Distribution signing identity for your organization. This name is typically "iPhone Developer".
When you are done configuring the profile, click Save Changes. This profile is now available to use with any app for the defined mobile platform.