iOS certificates

For OTA distribution you have to use valid distribution provisioning profile.  Distribution provisioning profile requires distribution certificate.

Quoting Apple's documentation:

Before an app can be distributed, your team must have a valid distribution certificate linked to a distribution provisioning profile. Only team admins can create or install a distribution certificate. Each team can have only one active distribution certificate. The team admin can either use Xcode to create a distribution certificate or manually request and download one from iOS Provisioning Portal.

The certificate requires a private key that was used to generate certificate. There are two possibilities how to get the private key at the build server:
  • If you do not yet have certificate/key generated, you can either generate a private key and Certificate Signing Request on Jenkins machine (see apple documentation). Make sure to store the certificate/key as a backup in a safe place. 
  • If you already have a certificate - you can export/import from another machine. No matter which way you choose you have to have certificate and associated private key in CI user keychain. 
To prevent user “interaction is not allowed” errors you have to manually run build from command line (using osx terminal and not ssh) and confirm keychain access by clicking “always allow” when popup is shown whenever new provisioning profile is added.
  • run gradle buildAll from teminal
  • click "Allways Allow" when prompted

You can also disable this check for your distribution certificate key in keychain access settings:

Next steps

Follow Jenkins iOS job setup