4. Kobiton Cloud Installation - deviceShare™

Install deviceShare™ Signing on mac mini

The deviceShare™ Signing is responsible for signing iOS apps. A Kobiton system requires at least one execution of deviceShare™ Signing deployed.

  1. Install the version of Xcode downloaded above. (Please SKIP this step if the deviceShare™ is installed on the same machine with deviceConnect, XCode is already installed) 
  2. Double click on the deviceShare™ installer file so that it shows the Wizard screen. Don’t move on yet. You may need to grant permissions here. If you don’t see the prompt to grant permissions, then continue as sometimes it doesn’t appear.
    Grant permissions Full Disk Access and Automation for Installer app.Screen_Shot_2022-09-06_at_5.11.01_PM.pngScreen_Shot_2022-09-06_at_5.11.22_PM.png
  3. In case you see below screen, make sure the checkbox Device-sharing Service is unchecked and the checkbox Signing Service is checkedScreen_Shot_2022-09-06_at_5.11.47_PM.png
  4. Continue on with the installer wizard, following the prompts to complete the installation.

Configure deviceShare™ Signing

  1. Import SSL Self-signed certificate (For On-Premise system only)


    - If the OP server app-hub-service is set up to use HTTPS and the SSL cert is the self-signed cert, please do the following steps. Otherwise, IGNORE this section.

    - You should do these steps only once time at the first time you install the deviceShare™ Signing service on your Mac

    • Download the self-sign certificate from OP server by using a command (don’t forget to turn on the VPN to the OP server):
      # scp <server-username>@<server-ip>:/path/to/ssl.crt /path/to/local-dir
      and then enter the password that is used to access the server.
      The /path/to/ssl.crt on the server normally is /ml/var/kobiton-op/config/ssl.crt. The ssl.crt file will be then downloaded to /path/to/local-dir in your Mac.
    • Open Keychain Access application.
    • Open Finder, go to /path/to/local-dir folder, and then drag and drop the ssl.crt file into the Keychain Access application.
    • Double click on the cert, a popup appears, and trust the above certificate by choosing Always trust option in 2 fields Secure Sockets Layer (SSL) and X.509 Basic Policy as the following image.Screen_Shot_2022-09-06_at_5.12.44_PM.png
    • Close the popup and enter the password of the Mac machine to save the config.
  2. Import .p12 files (please ignore this step if you install deviceShare™ Signing on same machine with deviceConnect)
    1. Open Terminal app and execute the command:
      # sudo security import $HOME/Desktop/Certificates.p12 -k /Library/Keychains/System.keychain -A
      Where $HOME/Desktop/Certificates.p12 is the location of your .p12 certificates file.
    2. Repeat step 2 for each .p12 certificate file, if you have multiple.
  3. Setup provisioning profile files
    • If deviceShare™ is installed on the same machine with deviceConnect™, please follow these steps:
      1. Execute
        # mkdir -p /usr/local/kobiton/deviceShare/provisioning_profiles
      2. Execute
        # cp -R /usr/local/deviceconnect/ProvisioningProfiles/* /usr/local/kobiton/deviceShare/provisioning_profiles
    • Otherwise, please follow these steps
      1. Execute
        # mkdir -p /usr/local/kobiton/deviceShare/provisioning_profiles 
      2. Move all .mobileprovision files (you have prepared at step Setup provisioning profile and certificate files) to the above directory
  4. Update config file

    Open /usr/local/kobiton/deviceShare/deviceShare_config.toml file, change settings accordingly with below instructions:

    # Replace http: to 

    # https://app-signing.kobiton.com and give outbound IP address of the deviceShare server to Kobiton Operation team to finish the setup

    portal_signing_service_uri = ""

    # Replace the value here into your file

    ios_keychain_paths = [



    # Replace the value here into your file

    ios_provisioning_profile_paths = [




    # Ensure it's set as "false"

    enabled = false


    # Ensure it's set as "false"

    enabled = false



    If app-hub-service server is setup on Kobiton AWS, after change the deviceShare™ config at /usr/local/kobiton/deviceShare/deviceShare_config.toml, please prepare the outbound IP of the deviceShare™ server and contact with Kobiton CS to update whitelist for deviceShare™ server. (You can use this link to get outbound IP address of the server).

    Please note down the outbound IP address of the deviceShare™ server and send to Kobiton CS team at step 7.

  5. Setup new Keychain

    The default configuration for the signing service will read ios_keychain_paths from this directory: /usr/local/kobiton/deviceShare/keychains/deviceShare.keychain@password123. However, this file is not created automatically by the installer. The installer creates the deviceShare/keychains directory, but does not create any keychain files. You need to create one or more password-protected keychain files and put them in this directory or some other secure location. Keychain files can be created and modified using the macOS Keychain Access application or the security command-line tool.

    Here is how one would create a keychain file with password mySecret and copy signing-identity certificates from your account's keychain:

    1. Open the Keychain Access application (located in Applications > Utilities).
    2. Choose the File > New Keychain... menu item. Enter deviceShare in the Save As field, and navigate to the /usr/local/kobiton/deviceShare/keychains directory (press Command + Shift + . in Save As popup to show all dirs, or you can use Shift + Command + G to bring up the Go to Folder subdialog). Click the Create... button.
    3. Enter mySecret for the password and click OK.
    4. You will now see the deviceShare item in the Custom Keychains area of the Keychain Access window.
    5. Select the "login" keychain, and then Certificates. You will see your Apple Development signing certificates along with all the other certificates in your keychain. For each identity you want to copy, click the disclosure arrow to display the private key along with the certificate, then select all the certificates and private keys, Control+click, and choose the Copy menu item from the popup menu.
    6. Select the deviceShare keychain and Certificates. Control+click the empty area and choose the Paste command from the popup menu. You will be prompted to enter your login keychain password and the password for the deviceShare keychain, perhaps multiple times.
    7. You can now close the Keychain Access application if you wish or you can leave the deviceShare item in your Custom Keychains, to make it easy to come back and add more items later.Screen_Shot_2022-09-06_at_5.20.42_PM.png
  6. Update Team ID on the iOS cert

    Kobiton will take the information you provided and activate the deviceShare™ Signing service. Please follow below instructions to get team id, team name and organization id

    1. Find the Team ID of our current Apple provisioning profiles
      • Open Gigafox Portal / System / iOS managementScreen_Shot_2022-09-06_at_5.23.07_PM.png

      • Roll-out page as title name Installed provisioning profiles / Extract provisioning profilesScreen_Shot_2022-09-06_at_5.24.30_PM.png
      • Example of output:



        "application-identifier": "4X2699AQKX.*",

        "keychain-access-groups": [ "4X2699AQKX.*", "com.apple.token" ], 

        "get-task-allow": true, 

        "com.apple.developer.team-identifier": "4X2699AQKX"


      • Note down Team ID. Per the above sample, the Team ID is 4X2699AQKX
      • If there are multiple provisioning profile, repeat and note down all unique Team ID
    2. Find the Team Name of our current Apple provisioning profiles
      • Launch Postbird, enter below values and then connect to the Postgres at GEM OP server
        • Host: put GEM IP
        • Database: kobiton
        • Username: kobiton
        • Password: shh
        • Port: 5432
      • Go to Query tab
      • Run below query to get the teamName:

      select "ProvisioningProfiles"."teamName" from "ProvisioningProfiles"

      where "ProvisioningProfiles"."appIdentifierPrefixes" ='["input teamId"]'

      Example query:

      select "ProvisioningProfiles"."teamName" from "ProvisioningProfiles"

      where "ProvisioningProfiles"."appIdentifierPrefixes" ='["4X2699AQKX"]'

      • Note down the teamName
    3. Find the ID of the current Organization in Kobiton Portal

      (Please IGNORE this section if you already knew your Org ID)

      • Open your Chrome browser, open Portal Web UI
      • Open Chrome DevTools , navigate to Network tab
      • Login to Kobiton, then refresh (e.g. Ctrl+R) page
      • On Network tab, find the entry me and click on it
      • Then click on Preview tab
      You will see the org id at the object { organization: { id: ...  . Note down the organization id
    4. After noting down the teamId, teamName ( On-Premise system only), organization id, please contact Kobiton CS and send those information for Kobiton finish the setup (Please send those information to Kobiton at step 7 below).


  7. Send information to the Kobiton Support to finish the setup

    Kobiton need your information to finish the setup for the deviceShare™ server, please contact to Kobiton CS with below information: 

    • deviceShare™ server outbound IP (get at step 4 above)
    • teamId, teamName, organizationId (get at step 6 above)

    The deviceShare™ needs the Kobiton team to finish the setup with your provided information, please wait for Kobiton CS contact back.

    Template for the ticket:

    Title: Setup deviceShare™ Signing server


    • deviceShare™ server outbound IP : {your deviceShare™ server outbound IP}
    • List of teams:


    TeamName (Only for On-Premise system)


    • Example for the ticket of On-Premise system:

    Title: Setup deviceShare Signing server


    • deviceShare server outbound IP:
    • List of teams:





    Kobiton Tech


    • Example for the ticket of other systems:

    Title: Setup deviceShare Signing server


    • deviceShare server outbound IP:
    • List of teams:





  8. Apply all

    After Kobiton team inform you when we finish the setup, please do following steps to start the deviceShare™ Signing server

    • Verify that deviceShare™ can recognize all certs and profiles. If you see any error, go to Troubleshooting section below to fix them

    Open terminal and execute these commands:

    # cd /usr/local/kobiton/deviceShare

    # ./deviceShare™ profile list

    # ./deviceShare™ identity list

    • Restart deviceShare™ Signing to apply all our settings by executing sudo:

    # sudo /bin/launchctl unload -w /Library/LaunchDaemons/com.kobiton.deviceShare.signing.plist && sudo /bin/launchctl load -w /Library/LaunchDaemons/com.kobiton.deviceShare.signing.plist

  9. Verify setting up the deviceShare™ Signing server successfully

    If you do not have any iOS app on Kobiton App Repo, please follow these steps to upload one

    • Download app at this link
    • Go to kobiton portal app repo to upload the app
    • The uploaded app have name XCUITestSample

    After get the app on Kobiton App Repo

    • Go to kobiton portal and launch an iOS device
    • Install the iOS app on the device
    • If the app is installed successfully, then the deviceShare™ is setup successfully.
    • If the app is installed fail, please follow below step to gather information send to Kobiton CS to troubleshoot the issue

    Step to gather information when install app fail:

    • Note down the session id that the device can not install iOS app
    • Open terminal and execute the following commands:

    mkdir -p ~/Desktop/deviceShare_logs && cp /usr/local/kobiton/deviceShare/deviceShare_signing* ~/Desktop/deviceShare_logs 

    • Send the above information to Kobiton CS with the following content:
      • Session ID: (session Id that the device can not install iOS app) (example: 16123)

    Attach the logs file you just created above (located at ~/Desktop)



Was this article helpful?
0 out of 0 found this helpful