I'm trying to figure out the nuances of providing an customized version of my app(which is already in apple appstore) for customer's enterprise appstore.
I am a contractor who wants to create an in-house app for my client. Can I join the iOS Developer Enterprise Program to do that?
No. The iOS Developer Enterprise Program is for
companies/organizations to develop and distribute proprietary in-house
apps to their employees.
Your client should enroll in the iOS Developer Enterprise Program and
add the appropriate developers from your company to their iOS
If my client is already enrolled in iOS Developer Enterprise Program, is it possible that client can share his enterprise certificate/distribution certificate with me so that I can build the app? If yes, can someone mention the high level steps to proceed or point to any documentation. Is sharing certificate a common thing and is it allowed legally?
Can I provide the customer with an artifact so that he can sign using his certificate and upload onto his app store?
I'm not sure if above approaches are correct/possible, but after reading several articles this is my understanding. Please correct me if my understanding is wrong.
Your client should enroll in the iOS Developer Enterprise Program and add the appropriate developers from your company to their iOS Development Team.
This is the simplest, Apple-approved way of doing it. When this is done you can select that team in Xcode or the dev center and get the certificates you need to produce a signed IPA.
Depending on the technical ability of the client, your alternatives are to provide them with source code and let them do the build locally with their own signing resources, or just to get them to give you the credentials for their enterprise account and let you do the whole thing, though Apple aren't too keen on that approach. They can also export a .p12 with their certificate to you but Apple really isn't keen on that approach - most of the "cracked" app stores and pirate app versions are powered by (accidentally or otherwise) leaked enterprise certificates.
A possible alternative is the custom B2B (business to business) route, as described here. This may also be easier for your client(s).