Remote signing service for iOS apps (on-premises)
To enable users to re-sign apps when uploading them to UFT Mobile, the administrator needs to setup the iOS signing service. You can choose to use the embedded service, or a remote service. This topic describes how to set up the remote signing service. This section is relevant only for on-premises deployments of UFT Mobile. For more details on the iOS signing service, see iOS signing service.
The following are required for the remote signing service:
- Apple Developer certificate and development provisioning profile that includes a wildcard App ID.
For more details on how to generate Apple assets, see iOS assets for signing apps, or see Apple Developer. For details on when iOS apps need to be signed, see iOS app signing.
- A dedicated Mac machine, with a connection to the UFT Mobile server. Make sure that your Mac machine meets the required system requirements. For details, see the Support matrix.
You can also use the packaging service to manually sign the Agents or to sign and package an app. For details, see Package an iOS app manually with the packager service.
When setting up automatic signing, you need to first install the service.
To install the service:
- Download the iOS packager to a Mac machine. You can download the Packager Service by selecting your version of UFT Mobile on ADM Marketplace
- Double-click the iOSPackager.pkg file to start the installer (Admin permissions are required).
- Configure the Packager Service as follows:
- If the connection to the packaging service should be over SSL only, select Enable SSL.
- Provide the IP address of the Mac machine or the fully qualified domain name (FQDN).
- Give the service a meaningful name.
- Select the iOS developer certificate to be used for signing apps. The certificate must be installed on the Mac machine that you are using and can be seen in the Keychain Access program.
- Select the provisioning profile.
Note: The development provisioning profile must belong to the same Apple Developer as the certificate selected above.
- Specify a port for the packager service.
- After the software has been successfully installed, the packager service starts automatically and the UI opens in your browser.
- Navigate to
- Locate the start.ini file. At the bottom of the file, make the following change:
Change from Change to --module=gzipjetty.port=<the packager service port> jetty.port=<the packager service port>
- Restart the service
An error is displayed that the installation failed.
- Prevent your Mac from sleeping. For details, see the Apple documentation.
- Define the iOS signing service settings in Administration > Settings. For details, see iOS signing service.
To view version information, details of packaging services, or to download logs, click the about icon in top right of the packager UI. The packager UI can be accessed at:
http/s://<packager server IP address>:port/instrumentation/
Tip: Use the packaging service to manually sign the Agents, or to manually sign and package an app. For details, see Package an iOS app manually with the packager service.
If you selected the Enable SSL option when installing the packaging service, you need to establish trust between UFT Mobile and the packaging service.
To enable a secure connection to the packager:
- Navigate to /opt/uftm/packager/Security/keystore and copy the .p12 file to the UFT Mobile server.
- On the UFT Mobile server machine, run the following command to import the certificate:
<Path to your server installation folder>\server\jre\bin\keytool -importkeystore -srckeystore <name of file>.p12 -srcstoretype pkcs12 -srcstorepass password -srcalias hpmc -destkeystore <Path to your server installationfolder>\server\Security\keystore\trustStoreHpmcCopy code
<Path to your server installation folder>/server/jre/bin/keytool keytool -importkeystore -srckeystore <name of file>.p12 -srcstoretype pkcs12 -srcstorepass password -srcalias hpmc -destkeystore <Path to your server installation folder>/server/Security/keystore/trustStoreHpmc
- Make sure to use https as the packager protocol in iOS packager settings. For details, see Administration settings. For multiple shared space environments, see Global settings.
When working with many devices and workspaces, you may need to use different signing services for your devices. For example, in iOS environments you can only sign up to 100 devices of each device type with a single certificate. In addition, you may want to provide a signing service for one group without having to rely on the certificate from another group.
The administrator can define multiple packaging services, in addition to the primary packaging service, and then assign them to different workspaces. For details, see Multiple signing services.
To add an additional service to the packager service:
- Navigate to the installation folder /opt/uftm/packager/ and run the add new service script.
- Provide a name for the new service, and the service port. You are prompted for the name of the Apple Developer certificate, and the path to the provisioning profile.
The service is added as a new tab to the packager UI.
To remove a service, navigate to the installation folder /opt/uftm/packager/ and run the remove service script.
When you install the packager service, the service starts automatically and continues to run. If for some reason the service is not running and the UI is not available at
http/s://<packager server IP address>:port/instrumentation/, restart the service by running the restart script in the installation folder /opt/uftm/packager/.
To uninstall the service, navigate to /opt/uftm/packager/ and run the uninstall script.
If your Keychain password changes, or if you want to use a different certificate or provisioning profile, you need to update the packaging service.
To update the service with a new Keychain password:
1. Navigate to the signing service properties file /opt/UFTMobile/packager/conf/<service name>/conf/packager.properties and note the certificate, provisioning profile, and port that the service uses.
2. In the packager installation folder /opt/UFTMobile/packager/ remove the signing service by running the remove_service.command.
3. Add the signing service again by running add_new_service.sh in the scripts folder /opt/UFTMobile/packager/scripts/.
To change the provisioning profile:
If the new provisioning profile is located in the same folder as the previous one and has the same name, no change is required.
If not, navigate to the signing service properties file /opt/UFTMobile/packager/conf/<service name>/conf/packager.properties and update the IOS_PROVISION_PATH parameter.
To change the certificate and the provisioning profile:
1. Remove the old certificate from the Mac Keychain and install the new one.
2. Navigate to the signing service properties file /opt/UFTMobile/packager/conf/<service name>/conf/packager.properties and update the IOS_CERTIFICATE and the IOS_PROVISION_PATH parameters.
Note: If the new provisioning profile is located in the same folder as the previous one and has the same name, no change is required to the IOS_PROVISION_PATH parameter.
To simplify the Agent app re-signing process, after the packaging service is set up, you can sign and distribute the Agents from the UFT Mobile console.
If you need to automatically sign the Agent apps with more than one Apple account, use the API for iOS agents signing. For details, see APIs for signing iOS Agents. You can also package and sign the Agent apps manually and then upload them to UFT Mobile. For details see, Package an iOS app manually with the packager service.
To sign the Agents:
You can sign the Agents in the following ways:
|Automatically sign an Agent app from the app card|
|Sign the Agent apps with a different provisioning profile than that defined in the primary packaging service||
If new devices were added to the provisioning profile, you need to use a different provisioning profile than the profile defined in the packaging service.
In Apps > Agent apps tab, click and select the file to upload. The Agent apps will automatically be signed with the selected provisioning profile.
To distribute the Agents
Navigate to Device Lab > Connectors.
Select the required connectors in the grid, and click Distribute Agents.
When the distribution is complete, select the required connectors in the grid and click Reconnect Devices.
Note: The latest upload is always used for distribution to connectors, even if an earlier upload of an Agent app is selected in the app card. For more information, see View and manage connectors and Multiple signing services.