1) Download the distribution certificate from iOS Developer Enterprise Program account. Include it in keychain by double clicking on downloaded .cer file.
2) Download the provisioning profile for the app that needs to be resigned from iOS Developer Enterprise Program Account.
3) Have the .ipa file of the app that needs to be resigned.
How to Re-sign -
Lets say Application.ipa is the one we are re-signing.
Open terminal and -
1) Unzip the .ipa file.
unzip Application.ipa
2) At this stage, you will be having a directory named “Payload” in your working directory with a file with .app extension inside. In this case it will be Application.app.
3) In case you want to check the signing authority of the app -
codesign -dvv Payload/Application.app
4) Remove old code signature.
rm -r "Payload/Application.app/_CodeSignature" "Payload/Application.app/CodeResources" 2> /dev/null | true
5) In case Bundle identifier used for registering the application while creating provisioning profile through Enterprise account differs from what was used while signing the app for the first time, we need to change Bundle identifier using Plistbuddy.
/usr/libexec/PlistBuddy Payload/Apps.app/Info.plist
Use following commands -
a) Set :CFBundleIdentifier
b) Save
c) Quit
6) In case app uses OS capabilities like Shared keychain, SSO, push notifications etc. we need to add an entitlements property list while resigning in order to enable App Sandbox for the application. For example:
. A new entilements file can be created using –
/usr/bin/codesign -d --entitlements :entitlements.plist Payload/Application.app
7) Open the entitlements.plist and edit it.
a) vi entitlements.plist
b) Press i.
c) Entilements.plist looks like -
UTF-8