[SOLVED] Resign .ipa with new distribution certificate for an Apple iOS Enterprise App

Here is a guide that may help you solve the issue of resigning your Apple Enterprise application. I have pieced multiple tutorials together to get this as none seemed to fully help. This may help or at least push you in the right direction. You will need a mac for this.


You should already have an .ipa file, put this into a folder.


On the Apple Account click the Certificates, Identifiers & Profiles button. On the left under the heading Certificates and click Production.
Click on your chosen one and download to the folder with the .ipa.
Go to this folder and double click the certificate.
Open Key Chain and click My Certificates in the bottom left, find the certificate called iOS Distribution and expand.
Click both of the items (the header and the private key) so both are selected, right click and 'Export 2 items', put these into the folder created earlier and double click it to save to Key Chain. (if someone could write in comments why this is necessary to help xcode that would be great), strange but i needed to do this.

Provisioning Profile

On the Apple Account click the Certificates, Identifiers & Profiles button.
On the left under the heading Provisioning Profiles click Distribution.
Click the Active one and download to the folder with the .ipa. If there isn't one there click the plus and create one for your specific requirements.


On the Apple Account click the Certificates, Identifiers & Profiles button.
On the left under the heading Identifiers, click the one you want and then open a code editor and drop this in.
Then update the two values for “PREFIX.yourappBundleID” in the following code taken from the top of the identifiers page (if it doesn't work i removed the prefix and it worked) and save it as 'entitlements.plist' in the folder we created before.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">


Open xCode and click on the xCode menu->Preferences->Accounts. Click the plus bottom left and then sign into the Apple Account. Click Manage Certificates and at the bottom its should have 'iOS Enterprise Distribution'.


Download iReSign and run it on the Mac.
Line 1 browse to the .ipa file.
Line 2 link to the mobile provision file we downloaded.
Line 3 is the plist file we created. In the dropdown select your profile from the Xcode account you added earlier.
Now click iReSign and it should save you a new IPA file. This should hopefully work.

Command Line

If we want to resign a simple iOS app the first thing we’ll need it’s an Apple certificate installed in our Keychain and a Provisioning Profile linked to it. For this process we’ll need to have Xcode in our Mac. Use the files we downloaded in the tutorial above.

We’ll start decompressing the .ipa file, for that we open a terminal in the path where we have stored the .ipa and we execute the following command.
unzip -q filename.ipa
Next we create the entitlements from the .mobileprovision file we created in the Apple developer portal.
/usr/libexec/PlistBuddy -x -c "print :Entitlements " /dev/stdin <<< $(security cms -D -i ./name.mobileprovision) > entitlements.plist
With this we’ll have everything we need to resign the app.
Before resigning we remove the data from the current signature:
rm -rf "Payload/AppName.app/_CodeSignature"
and replace the embedded mobile provision with our own one
cp ./name.mobileprovision embedded.mobileprovision

mv embedded.mobileprovision “Payload/AppName.app/"
There’s only the signing left to be done using the previously generated entitlements :
/usr/bin/codesign -fv -s “CommonNameOfCertificate" "Payload/AppName.app/AppName" --entitlements entitlements.plist
That being done we can compress the app again:
zip -qr ResignedApp.ipa Payload
And we’ll have a ready to install .ipa.

Push Notifications

Issues with push notifications on the server use Creating a Pem for Push notifications