Signing services for iOS apps (on-premises)

You can set up the packaging and signing service to automatically sign and package iOS apps when they are uploaded to UFTM. The packaging service can also be used for signing the Agents. This section is relevant only for on-premises deployments of UFT Mobile.

Before you start

The following are required for the automatic packaging and signing services:

  • Apple Developer certificate and development provisioning profile that includes a wildcard App ID.
    For more details on how to generate Apple assets, see iOS assets for signing apps, or see Apple Developer. For details on when iOS apps need to be signed, see iOS app signing.
  • A dedicated Mac machine, with a connection to the UFT Mobile server. Make sure that your Mac machine meets the required system requirements. For details, see the Support matrix.

You can also use the packaging service to manually sign the Agents or to sign and package an app. For details, see Package an iOS app manually with the packager service.

Back to top

Install the packager service

When setting up automatic packaging, you need to first install the packager.

To install the packager service:

  1. Download the iOS packager to a Mac machine. You can download the Packager Service by selecting your version of UFT Mobile on ADM Marketplace
  2. Double-click the iOSPackager.pkg file to start the installer (Admin permissions are required).
  3. Configure the Packager Service as follows:
    1. If the connection to the packaging service should be over SSL only, select Enable SSL.
    2. Provide the IP address of the Mac machine or the fully qualified domain name (FQDN).
    3. Give the service a meaningful name.
    4. Select the iOS developer certificate to be used for signing apps. The certificate must be installed on the Mac machine that you are using and can be seen in the Keychain Access program.
    5. Select the provisioning profile.

      Note: The development provisioning profile must belong to the same Apple Developer as the certificate selected above.

    6. Specify a port for the packager service.
  4. After the sofware has been successfully installed, the packager service starts automatically and the UI opens in your browser.
  5.  
  1. Prevent your Mac from sleeping. For details, see the Apple documentation.
  2. Define the packager settings in Administration > SETTINGS. For details, see Administration settings.

To view version information, details of packaging services, or to download logs, click the about icon in top right of the packager UI. The packager UI can be accessed at:http/s://<packager server IP address>:port/instrumentation/

Tip: Use the packaging service to manually sign the Agents, or to manually sign and package an app. For details, see Package an iOS app manually with the packager service.

Back to top

SSL connection

If you selected the Enable SSL option when installing the packaging service, you need to establish trust between UFT Mobile and the packaging service.

To enable a secure connection to the packager:

  1. Navigate to /opt/uftm/packager/Security/keystore and copy the .p12 file to the UFT Mobile server.
  2. On the UFT Mobile server machine, run the following command to import the certificate:

    Windows
    Copy code
    <Path to your server installation folder>\server\jre\bin\keytool -importkeystore -srckeystore <name of file>.p12 -srcstoretype pkcs12 -srcstorepass password -srcalias hpmc -destkeystore <Path to your  server installationfolder>\server\Security\keystore\trustStoreHpmc
    Linux:
    Copy code
    <Path to your server installation folder>/server/jre/bin/keytool keytool -importkeystore -srckeystore <name of file>.p12 -srcstoretype pkcs12 -srcstorepass password -srcalias hpmc -destkeystore <Path to your server installation folder>/server/Security/keystore/trustStoreHpmc
  3. Make sure to use https as the packager protocol in iOS packager settings. For details, see Administration settings. For multiple shared space environments, see Global settings.
  4. Back to top

Add an additional service

When working with many devices and workspaces, you may need to use different signing services for your devices. For example, in iOS environments you can only sign up to 100 devices of each device type with a single certificate. In addition, you may want to provide a signing service for one group without having to rely on the certificate from another group.

The administrator can define multiple packaging services, in addition to the primary packaging service, and then assign them to different workspaces. For details, see Multiple packaging services.

To add an additional service to the packager service:

  1. Navigate to the installation folder /opt/uftm/packager/ and run the add new service script.
  2. Provide a name for the new service, and the service port. You are prompted for the name of the Apple Developer certificate, and the path to the provisioning profile.

    The service is added as a new tab to the packager UI.
  3. Add the additional service to the iOS packaging service settings. For details, see Administration settings. For multiple shared space environments, see Global settings.

To remove a service, navigate to the installation folder /opt/uftm/packager/ and run the remove service script.

Back to top

Restart or uninstall the packager service

When you install the packager service, the service starts automatically and continues to run. If for some reason the service is not running and the UI is not available at http/s://<packager server IP address>:port/instrumentation/, restart the service by running the restart script in the installation folder /opt/uftm/packager/.

To uninstall the service, navigate to /opt/uftm/packager/ and run the uninstall script.

Back to top

Update the packaging service

If your Keychain password changes, or if you want to use a different certificate or provisioning profile, you need to update the packaging service.

To update the service with a new Keychain password:

1. Navigate to the singing service properties file /opt/UFTMobile/packager/conf/<service name>/conf/packager.properties and note the certificate, provisioning profile, and port that the service uses.

2. In the packager installation folder /opt/UFTMobile/packager/ remove the signing service by running the remove_service.command.

3. Add the signing service again by running add_new_service.sh in the scripts folder /opt/UFTMobile/packager/scripts/.

To change the provisioning profile:

If the new provisioning profile is located in the same folder as the previous one and has the same name, no change is required.

If not, navigate to the signing service properties file /opt/UFTMobile/packager/conf/<service name>/conf/packager.properties and update the IOS_PROVISION_PATH parameter.

To change the certificate and the provisioning profile:

1. Remove the old certificate from the Mac Keychain and install the new one.

2. Navigate to the signing service properties file /opt/UFTMobile/packager/conf/<service name>/conf/packager.properties and update the IOS_CERTIFICATE and the IOS_PROVISION_PATH parameters.

Note: If the new provisioning profile is located in the same folder as the previous one and has the same name, no change is required to the IOS_PROVISION_PATH parameter.

Back to top

Automatically sign the Agents

To simplify the Agent app re-signing process, after the packaging service is set up, you can sign and distribute the Agents from the UFT Mobile console.

If you need to automatically sign the Agent apps with more than one Apple account, use the API for iOS agents signing. For details, see APIs for signing iOS Agents. You can also package and sign the Agent apps manually and then upload them to UFT Mobile. For details see, Package an iOS app manually with the packager service.

To sign the Agents:

You can sign the Agents in the following ways:

Automatically sign an Agent app from the app card
  1. Navigate to APPS tab in the UFT Mobile Lab console and select Agent apps in the left panel.

  2. Select the Agent app that you want to sign, and click the icon.

  3. Select an upload and click the icon to sign the app.

Sign the Agent apps with a different provisioning profile than that defined in the primary packaging service

If new devices were added to the provisioning profile, you need to use a different provisioning profile than the profile defined in the packaging service.

  1. In the APPS tab, select Agent apps in the left panel.

  2. Click and select the file to upload. The Agent apps will automatically be signed with the selected provisioning profile.

Back to top

To distribute the Agents

  1. Navigate to DEVICE LAB > CONNECTORS.

  2. Select the required connectors in the grid, and click Distribute Agents.

  3. When the distribution is complete, select the required connectors in the grid and click Reconnect Devices.

Note: The latest upload is always used for distribution to connectors, even if an earlier upload of an Agent app is selected in the app card. For more information, see View and manage connectors and Multiple packaging services.

Back to top

See also: