applicationSignerCertificate

Defines the signer certificate(s) that App Shielding trusts when checking for repackaging. That is, App Shielding assumes the app has been repackaged if the certificate used to sign the app does not match any of the given certificates here. The exception is that App Shielding implicitly trusts the certificates that Apple uses to re-sign an app when it is deployed through TestFlight or the App Store. This implicit trust can be disabled using the disableAppStoreTrust and disableTestFlightTrust options.

To configure App Shielding to trust multiple certificates of your own (e.g., development and distribution certificates), add a separate applicationSignerCertificate option for each certificate. The value for this option can either be an encoded certificate (see below for an example) or the special value auto. If set to auto, the Shielding Tool will add (i.e., trust) the certificate that it deems most likely to be correct. If the Shielding Tool is integrated with Xcode, it will add the certificate that it thinks Xcode will use to sign (which might change over time). When run from the command line, the Shielding Tool will add the certificate with which the app was originally signed.

• Type: certificate

• Default Value: N/A

• Multiple allowed: Yes

• Required: No

• Depends on: checkRepackaging

<applicationSignerCertificate	v="MIICSTCCAbKgAw(...)=="/>

The format of this field has to be the Base64 encoded DER version of the certificate without any form of white space.

The certificate can be exported from the Keychain Access application in the following manner:

1. Launch Keychain Access.

2. Right click on the certificate to use and select Export….

3. Select the Certificate file format (.cer)

4. Save the certificate.

5. Execute the following command on the command line (where <file> is the filename of the certificate you just saved):

   cat <file> | base64

6. The output of the above command is the value you should use for this setting.