Re-signing and rebranding BMC MyIT for iOS

The following procedures describe how to re-sign and rebrand BMC MyIT so that you can deploy it to your end users who use iOS devices.

Note

Before you begin, apply for the Apple Enterprise Program. After your membership has been approved, you can sign in to the developer portal. See the following links for more information:

  • Managing Your Team—Describes how to assign appropriate team roles. To complete the following procedures, you must assign the Team Agent role to the user who will create the certificate.
  • Accessing Member Center and iTunes Connect—See especially the "Managing Your Certificates, Identifiers, and Profiles" section.

The process involves the following procedures:

Installing the Xcode and Apple root certificate

You need to perform this procedure only once.

  1. On an Apple Macintosh computer, install the free Xcode from the App Store.
    You must complete these procedures on a MacOS computer. They cannot be done from an iOS device.
  2. Install the Apple root certificate:
    1. Go to http://www.apple.com/certificateauthority/.
    2. Download the Apple Inc. Root Certificate.
    3. Double-click the file, and install it in the Keychain (login).

Creating an enterprise distribution certificate to re-sign BMC MyIT

  1. Log on to the iOS Provisioning Portal at https://developer.apple.com/devcenter/ios/index.action with the Team Agent role.
  2. In the Certificates section, click the plus sign (+) to add the certificate.
  3. In the Production section, select In-House and Ad Hoc.
  4. Generate a certificate signing request (CSR) by using the Certificate Assistant.
     Follow the instructions that Apple provides on the CSR screen.
  5. Upload the CSR to the iOS Provisioning Portal, and download the distribution certificate.
  6. Save the certificate, and open it with the Key Chain Access application.
    Use this certificate to sign iOS applications.
  7. To export this certificate to a different build, save it in .p12 format:
    1. In Key Chain Access, go to the My Certificates section.
    2. Right-click the downloaded certificate, and click Export.
    3. Save the certificate in .p12 format, and provide a secure password when required.

Creating an application ID for your version of BMC MyIT

  1. Log on to the iOS Provisioning Portal with the Team Agent role.
  2. In the Identifiers section, click the App IDs tab.
  3. Click the plus sign (+) to add a new identifier.
  4. In the Description field, type a name that will easily identify your application to you within the portal (for example, Calbro MyIT).
  5. Make a note of the App ID Prefix (Team ID), which you will use in the re-signing process.
  6. Select Explicit App ID, and enter a unique identifier in the Bundle ID field (for example, com.customername.MyIT).
  7. Make a note of the Bundle ID for the re-signing process.
  8. In the App Services section, leave the defaults as they are, but ensure that Push Notifications is selected.
  9. Click Continue.
  10. Click Done to return to Identifiers list.

Creating your in-house distribution provisioning profile

  1. Log on to the iOS Provisioning Portal with the Team Agent role.
  2. In the Provisioning section, click the Distribution tab.
  3. Click the plus sign (+) to add a new profile.
  4. On the Create iOS Provisioning Profile page, complete the following steps:
    1. For Distribution Method, select In House.
    2. Select the distribution certificate that you created.
    3. Select the App ID that you created.
  5. Download the provisioning profile.
    You can use this profile to build the application for in-house deployment.

Creating your Apple Push Notification Service (APNS) certificate

  1. Log on to the iOS Provisioning Portal with the Team Agent role.
  2. In the Certificates section, click the Production tab.
  3. Click the plus sign (+) in the top-right corner.
  4. Select Apple Push Notification Service SSL (Production).
  5. Select the App Prefix ID (Team ID) that you created.
  6. Generate a certificate signing request (CSR) by using the Certificate Assistant.
    Follow instructions that Apple provides on the CSR screen.
  7. Double-click the certificate to download it and import it into your Keychain.

Re-signing the BMC MyIT.ipa with your enterprise credentials

  1. Unzip the ipa file.
    In the terminal application, enter the following commands:

    mkdir /path/MyIT-ResignDir (e.g. /User/bill/MyIT-working/MyIT-ResignDir)
    cd /path/MyIT-ResignDir
    unzip –oq /path/MyIT.ipa
  2. In Xcode, create a MyIT.entitlements file in the /path/MyIT-resign-ipa directory, and add the following lines.
    You can download a copy of MyIT.entitlements to use as a starting point. This file contains the following text:

    MyIT.Entitlements
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
    	<key>application-identifier</key>
    	<string>ABCDE-ID.com.bmc.bsmapps.MyIT</string>
    	<key>aps-environment</key>
    	<string>production</string>
    	<key>get-task-allow</key>
    	<false/>
    	<key>keychain-access-groups</key>
    	<array>
    		<string>ABCDE-ID.com.bmc.bsmapps.MyIT</string>
    	</array>
    </dict>
    </plist>


    In the sample file:

    • Replace the value for the application-identifier key with your team prefix and App ID.
      For example, where it says ABCDE-ID.com.bmc.bsmapps.MyIT, replace it with your TEAMBUNDLEID.com.companyName.MyIT.
    • Replace the value for the keychain-access-groupskey with your team prefix and App ID.
      For example, where it says ABCDE-ID.com.bmc.bsmapps.MyIT, replace it with your TEAMBUNDLEID.com.companyName.MyIT.
  3. Modify the .png files to rebrand the icon and splash screen.
    Do not adjust the size or format of the files. Doing so might cause the icons and splash screens to display incorrectly on the iOS devices.

    /path/MyIT-ResignDir/Payload/MyIT.app/AppIcon76x76~ipad.png (dimensions 76 x76)
    /path/MyIT-ResignDir/Payload/MyIT.app/AppIcon60x60@2x.png (dimensions 120 x 120)
    /path/MyIT-ResignDir/Payload/MyIT.app/AppIcon76x76@2x~ipad.png (dimensions 152 x 152)
    /path/MyIT-ResignDir/Payload/MyIT.app/Default-568h@2x.png (dimensions 640 x 1136)
    /path/MyIT-ResignDir/Payload/MyIT.app/Default-Landscape~ipad.png (dimensions 1024 x 748)
    /path/MyIT-ResignDir/Payload/MyIT.app/Default-Portrait~ipad.png (dimensions 768 x 1004)
    /path/MyIT-ResignDir/Payload/MyIT.app/Default@2x.png (dimensions 640 x 960)
    /path/MyIT-ResignDir/Payload/MyIT.app/Default-Landscape@2x~ipad.png (dimensions 2048 x 1496)
    /path/MyIT-ResignDir/Payload/MyIT.app/Default-Portrait@2x~ipad.png (dimensions 1536 x 2008)
    /path/MyIT-ResignDir/Payload/MyIT.app/LaunchImage-700-568h@2x.png (dimensions 640 x 1136)

  4. Add the theme color setting.

    cd /path/MyIT-ResignDir
    /usr/libexec/PlistBuddy -c "Set theme-dark $themecolor" ./Payload/MyIT.app/Info.plist
  5. Place the provisioning profile that you created into the /path/MyIT-ResignDir folder, and rename the file to MyIT.mobileprovision.
    See Creating your in-house distribution provisioning profile for details about creating your own provisioning profile.
  6. Set the bundle ID (see the Apple Developer Site for more information), where CompanyDomain is your domain in reverse-DNS format (for example, com.acme) and MYIT-APPNAME is the unique internal application name for MyIT (for example, MyIT-Acme):

    cd /path/MyIT-ResignDir
    /usr/libexec/PlistBuddy -c "Set CFBundleIdentifier CompanyDomain.MYIT-APPNAME” ./Payload/MyIT.app/Info.plist
  7. Set the application name displayed on the iOS devices, where ApplicationName is the name of your MyIT application (for example, MyIT or AcmeMyIT):

    cd /path/MyIT-ResignDir
    /usr/libexec/PlistBuddy -c "Set CFBundleDisplayName ApplicationName" ./Payload/MyIT.app/Info.plist
  8. Set the default BMC MyIT server to your BMC MyIT server, where SERVER is your BMC MyIT server name (for example, MyIT.acme.com):

    cd /path/MyIT-ResignDir
    /usr/libexec/PlistBuddy -c "Set myit-server SERVER" ./Payload/MyIT.app/Info.plist
  9. Set the default port for your BMC MyIT server, where PORT is the TCP port for clients to access the server (for example, 80 or 443):

    cd /path/MyIT-ResignDir
    /usr/libexec/PlistBuddy -c "Set myit-port PORT" ./Payload/MyIT.app/Info.plist
  10. Replace the mobile provision file:

    cd /path/MyIT-ResignDir
    cp "MyIT.mobileprovision" "./Payload/MyIT.app/embedded.mobileprovision"
  11. Remove the the BMC code signature. 

    cd /path/MyIT-ResignDir
    rm -r "./Payload/MyIT.app/_CodeSignature" "./Payload/MyIT.app/CodeResources"
  12. Re-sign the IPA. Replace BMC Software, Inc. below with the name of your organization.

    cd /path/MyIT-ResignDir
    /usr/bin/codesign -f -s "iPhone Distribution: BMC Software, Inc." --entitlements "./MyIT.entitlements" "./Payload/MyIT.app"
  13. Create the IPA zip file:

    zip -qr "MyIT-rebranded.ipa" Payload

Replacing the BMC MyIT APNS certificate with your APNS certificate

  1. Log on to the server that hosts the BMC MyIT server.
  2. Stop the Tomcat instance that executes the BMC MyIT server.
  3. Find the external-conf folder under the Tomcat home folder.
  4. Create a subfolder called certification.
  5. Place the p12 file containing your APNS certificate into the certification subfolder.
  6. Log on to the Oracle or Microsoft SQL database used for BMC MyIT.
  7. Go to the PUSH_NOTIFICATION_CERT table, and query for records. 
  8. If you are changing the iOS APNS certificate:
    1. In the iOS_Cert field, replace the current value (which is BMCiOSAPNSMyITMobile.p12, by default) with the name of the p12 file that contains your new APNS certificate.
    2. In the iOS_Password row, replace the current password with the password of your p12 file. (You will enter it in plain text.)
      The new value is encrypted after you save the changes.
  9. Click Save
  10. Start the Tomcat instance.


    Any notifications to iOS devices from your server (or tenant in multitenant environments) are sent using the new certificate.

Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Manoj Vishnubhotla

    MyIT.Entitlements

    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
        <key>application-identifier</key>
        <string><AppIDPrefix>.com.bmc.bsmapps.MyIT</string>
        <key>aps-environment</key>
        <string>production</string>
        <key>get-task-allow</key>
        <false/>
        <key>keychain-access-groups</key>
        <array>
            <string>ABCDE-ID.com.bmc.bsmapps.MyIT</string>
        </array>
    </dict>
    </plist>

      

    1. Replace the value for the application-identifier key with your team prefix and App ID.
      For example, where it says ABCDE-ID.com.bmc.bsmapps.MyIT, replace it with your TEAMBUNDLEID.com.companyName.MyIT
    2. Replace the value for the keychain-access groups key with your team prefix and App ID.
      For example, where it says ABCDE-ID.com.bmc.bsmapps.MyIT, replace it with your TEAMBUNDLEID.com.companyName.MyIT

    Aren't both options the same? I dont see 2 variables to set in the xml above?

    Jun 18, 2014 05:07
  2. Craig Parks

    You are correct the line states:

    <string><AppIDPrefix>.com.bmc.bsmapps.MyIT</string>


    and it should be:

    <string><AppIDPrefix>ABCDE-ID.com.bmc.bsmapps.MyIT</string>

     

    Jun 18, 2014 05:27
  3. Mike Verde

    It is not clear what parts of this page are required, recomended, and optional. 

    If it is an apple requirement that a customer re-sign the iOS application with their own certificate prior to deployment, that needs to be clearly stated. 

    Re-Branding is an optional step.  Customers do not need to do this.  By placing them together on the same page, with the same title, it muddys the water. 

    Since most Remedy customers are not APPLE/MAC experts,(not a supported Remedy paltform) we need to be very clear about these things.  We can not assume the customer is bringing any domain specific knowledge.

     

    Aug 08, 2014 09:41
    1. Gary Beason

      Thanks, Mike. I'm following up to confirm which parts are required so that the docs can be more clear about the two different goals and requirements.

      Aug 11, 2014 11:46
  4. Vladimir Filimonov

    Hello,

    Could you please clarify if the step to install the free Xcode from the App Store can be performed with an iPad?

    Or it has to be a Macintosh PC?

    Thanks.

    Mar 18, 2015 03:16
    1. Gary Beason

      Hi, Vladimir, I will check this and post what I find out.

      Thanks. 

      Mar 18, 2015 08:08