Menu
The company I work for has outsourced development of an iPhone app to another company. They want the binary to be signed with our certificate for distribution, but they've asked me to pass the private key (certificates.p12) used to create our certificate on to the other company. I am extremely concerned about handing the ability to sign applications as us over to another company.
How can I convince my boss this is a really bad idea? What alternative solutions can I suggest to him? I have already asked him to get the source from them so we can sign and submit it ourselves, but without the ability to conclusively state that giving them the certificate is a bad idea, I'm kinda stuck in the "just look into it for me" limbo.
975
To delete the profile and certificates, go back to the profile view and tap on "Remove Profile." Enter your passcode when prompted, tap on "Remove," and the root certificate will be removed from your device.
On your iOS device, go to: http://cert.incommon.org/InCommonRSAStandardAssuranceClientCA.crt. On the Install Profile screen, you will see the "Trusted" certificate file to install. Tap Install. A notice will inform you that installing this profile will change settings on your device; tap "Install Now".
On iOS, certificates are stored in the publisher keychain. On Android, they are stored in the system keychain.
Open Settings and under the Apple ID section, you'll see an option called Profile Downloaded. Tap this and you'll see an option to either install the certificate or remove the download from the device. Cheers.
You don't need the source. You just need the compiled binary (make sure it's ARM, not x86) to sign with codesign.
145
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
