An invalid signing certificate was specified. Specify a valid Apple signing certificate

[vishal-shukla-viitorcloud]

Describe the bug: Getting issue while wrapping up app "An invalid signing certificate was specified. Specify a valid Apple signing certificate."

To Reproduce Steps to reproduce the behavior:

1. Create Build after enterprise profile added
2. IPA generated with distribute option as "Enterprise"
3. Wrap IPA with command given
4. Gives an error

/Users//Desktop/APP/IntuneMAMPackager/Contents/MacOS/IntuneMAMPackager -i /Users//Desktop/APP/App.ipa -o /Users//Desktop/APP/APP_Wrapped.ipa -p /Users//Desktop/APP/XXX.mobileprovision -c “XX XX --- ” -v true

Expected behavior: Intune wrap command should wrap app successfully

Screenshots and logs:

• If your app is crashing pre-wrapping, do you have app logs for the wrapper errors? - NO

MacOS (please complete the following information):

• OS: 12.0.1

Intune app wrapping tool (please complete the following information):

• What version of the wrapper are you using? Are you using the latest version? - Latest
• What platform is your app based in ? IONIC, Capacitor
• For pre-wrapping errors, does the app build without being wrapped? - YES.. IPA created and then We are wrapping it with command.

[Kyle-Reis]

Hi @vishal-shukla-viitorcloud, I'm unsure if the command you've provided above was copy/pasted from your MacOS terminal, but if so, it looks like there may be an issue with the specific quotation mark characters around the certificate hash. Could you try deleting them and retyping the quotation marks into the terminal? The quotation marks should not appear slanted in either direction, like this: ""

[vishal-shukla-viitorcloud]

Hi @Kyle-Reis, Yes. I have not copy/pasted command here, instead I removed some identity text for security purpose.

Also regarding "", its normal quotes only.

Is it any constraint that certificates and provision created mac machine only can generate this IPA and can be wrapped?

[Kyle-Reis]

@vishal-shukla-viitorcloud - The signing certificate which maps to the SHA-1 hash provided needs to be installed in the login keychain of the signed-in user on the local machine where the wrapping tool is being run. You can verify this by opening the "Keychain Access" app on the Mac, selecting "login" in the left pane, and verifying that the signing cert is listed there (you can right click on entries and select "Get Info" to check the SHA-1 hash. The provisioning profile provided also needs to include the certificate.

[vishal-shukla-viitorcloud]

Hi @Kyle-Reis,

Intune wrapping worked after removing space from sha-1 key. Followed steps from guide only. but now it worked without space.

But, After adding app into endpoint manager, it shows and installed into device from company portal.

Now Issue: App has Integrated Azure AD authentication with API & access_token so without wrapping login working fine. it has issue with intune wrapped app where user click on login, enter details and after succesfully login does not return token and so stuck on login page.

Is there any settings need to be done while adding app into intune manager? like allow something?

Please help.

Thanks,

[Kyle-Reis]

Hi @vishal-shukla-viitorcloud, is any error message shown after the user attempts authentication? Also, to be sure I understand correctly, the application already links to either the ADAL or MSAL library before wrapping and performs its own authentication with AAD? If so, did you provide AAD settings for for the Intune SDK to use during authentication? See here for info on the -aa, -ac and -ar, settings.

[vishal-shukla-viitorcloud]

Yes. I have custom login page which integrated AAD login. working fine with normal .apk & .ipa

Post-wrapping this issue coming,

As you suggested - I will try to wrap it up with command line parameters and see if it works.

But again question is: this issue happening on both android and ios... if I wrap IPA with passing those parameters and it resolves issue for ios, then I have tried to search same parameters for anrdroid as well but could not find any help on command for android.

Can you help on this, I am really glad to to have very quick response and support from your end.

Thanks.

[vishal-shukla-viitorcloud]

@Kyle-Reis

Can you help for below 2 points:

1. Which I asked in previous comment about parameters for android wrapping command
2. After intune wrap successfully in android, by accessing log it shows "https://login.microsoftonline.com/error?code=530003"
   • checked with Azure Admin, they says that apk not properly wrapped. so can you share what can be the issue?

For wrapping: 1 - Invoke-AppWrappingTool -InputPath ".apk" -OutputPath "outfolder*.apk" -KeyStorePath ".jks" -KeyAlias **

2 - jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -storepass * -keystore \unsigned.apk alias

3 - zipalign -v 4 \unsigned.apk   \app-intune.apk

These 3 steps worked successfully.

Your help much appreciated. Thanks

[Kyle-Reis]

Hi @vishal-shukla-viitorcloud, I'm not an expert on the Android wrapping tool as my team and I specifically work on the iOS Intune SDK and app wrapper. Could you try creating an issue here so the Android team can assist you? Thanks.

[Kyle-Reis]

Closing out this issue. Please reach out again if you need any further help on the iOS side!