So, my first App is on the AppStore for almost a year now. I started receiving notices from Apple that my iOS Distribution Certificate will expire in 30 days time. That's fine — they expire.
But, the email says to go to Certificates, Provisioning and Identities to renew — only there is nothing there that specifically guides me through such a process that I can see — and it's a very clean, spartan portal so I imagine I would see something especially if I was directed to go there specifically for this reason.
As I've never renewed a certificate, I wonder if anyone might be able to guide me through the process? There seems to be no clear answer.
My concern is that the expired certificate would somehow break the App currently in the store? (I don't know that it will, or will not — but I'm not excited to find out in real time.)
Am I meant to create a new certificate in Xcode? Does it need to be somehow applied to the current version of the App, or the one in the App Store, meaning I may need to publish a new version of the App for hygiene?
Any pointers or help are greatly appreciated.
Julian
If your Apple Developer Program membership is valid, your existing apps on the App Store will not be affected. However, you will no longer be able to upload new apps or updates signed with the expired or revoked certificate to the App Store.
https://developer.apple.com/support/certificates/
For updating the app you need to generate new certificate.
Related
I have an enterprise app out in the field signed with a distribution certificate 3 years ago that is due to expire next month. Ideally I would like to not have to redeploy my app to my users and according to the apple docs Re-Creating Certificates and Updating Related Provisioning Profiles, it appears I can create a new dist cert, update my profile with the new cert and my app out in the field will not be effected. I have read some conflicting posts on the matter from a few years ago now admittedly that say I will need to re-deploy my enterprise app so was wondering would anyone be able to confirm for me what teh latest state of play is.
Any information would be greatly appreciated.
No, you don't need to redeploy an app if your bundler identifier is same.
You can revoke current certificate and create a new one. This action can result into 'stop' usage of app in mobile device (if or when it has connection to apple server). The reason for this is, user needs to accept/trust developer of new certificate from device's settings.
Once user accepts/trust new certificate, your app will continue working as it was.
You can ask me, if you still have any confusion or problem in understanding this scenario.
Recently, I practically tested this scenario for one of my enterprise app and it was successful.
Hope it would work for you also !!!
My previous attempt to get some help on this topic, failed, so I'm retrying again.
I've built my PhoneGap application without any problems until our Apple Development subscription expired (I guess, all the certificates expired as well).
While renewing our Apple dev program at our company, my boss made me a new account and added me as admin to the company.
I tried remaking the certificates, and while all my builds worked over at PhoneGap Build (means, that the certificates are valid), while trying to submit our app via the Application Loader, I get a binary error, and can't go any further.
Upon browsing the forums I've found out that this could be an issue with the certificates, so I came here to ask, what could be wrong with my setup.
I have to specify, that before this expiration happened, all our builds were submitted by using a Macbook, that is no longer available, so I can't access the old keychain information.
Also, another important information: while struggling with this issue, I remade all the certificates and profiles. (the App ID remains the same, since i don't need to change anything there)
Another note: our application supports push notifications, so I added that to the App ID, and created 2 certificates: Apple Development iOS Push Services and Apple Push Services. (I don't know if I need both, but I followed a tutorial, and it worked perfectly until the recent happenings)
We couldn't release our app for weeks now, which is a huge problem right now, so any help would be appreciated.
I just lost my private key with OS reinstallation so will have to create new Certificate Signing Requests.. I wanted to know if revoking my Distribution Certificate will have any effect on my existing applications on App Store especially when one of my applications is waiting for approval ( In Review ) build from old distribution certificate.
Should i wait for the app to be
accepted by the Apple or revoking the
distribution certificate won't have any
affect on the application?
I know this is an ancient question, but since it hasn't been answered... According to Apple support, you can revoke the certificate immediately after submitting an app for review and the app won't be affected. Apps already on the app store will not be affected either.
Related SO threads to support the above:
If I revoke an existing distribution certificate, will it mess up anything with existing apps?
iOS Provisioning and Certifcates - Will Revoke/Renew effect App Store Apps?
Often developers face this question and stay away from revoking a certificate. Possible thoughts are if it affect the app in the store, or will the same certificate be required for the next update etc.
But there are no any issues like that.
An Appstore and Adhoc production certificates are used for the App store submission process only. It needs to check the private key public key pair to validate that the ipa is code signed by a valid signing authority. Once the app goes to app store you need not have to bother about the certificate used.
The next time for creating an update, you can codesign using a different certificate, but you need to use the same app id.
As per my experience and according to Apple support, revoking certificate will not have any effect on the already uploaded build on iTunes either for review or on live.
Hope this helps!!
There will not be any affect on your current uploads. As the bundle identifier and app id for your application will remain same, it will not affect any of your push notification service too. This is the only reason we are able to replace PEM or p.12 certificates to web developers if the current certificate of any live app has expired.
From the apple docs:
https://developer.apple.com/support/technical/certificates/
iOS Distribution Certificate (App Store)
If your iOS Developer Program membership is valid, your existing apps on the App Store will not be affected. However, you will no longer be able to submit new apps or updates to the App Store.
I am updating in-house app for a client which they have a previous version currently on over 100+ iPads.
I want to push an update, but when i try to sign the app with the distribution provisioning profile it asks me for the private key. After searching, people suggested to revoke the old certificate and generate a new one on the machine i'm using so i can have the private key. I don't know if this is the best approach or not, but my client is concerned if I will be revoking the current In-House Distribution certificate, it will affect the applications which are currently distributed on those 100+ iPads? Thanks!
Unfortunately, yes. For enterprise distributed apps, the devices will regularly check with apples servers whether the certificate which has been used to sign them is still valid. So revoking the certificate will make those installations fail. Maybe not until the next reboot, maybe not when there is no internet connection available, but sooner or later, the app will refuse to launch.
If availability of the app must not be interrupted, you need to take precautions - for example by preparing the new version and notifying all users ahead of time that at a certain date, the old version will stop working and the new one must be installed.
Update:
I kept investigating and it appears like you can have two distribution certificates at the same time now. This is meant to eliminate gaps in app availability by allowing you to phase from one cert to another, way before the first one expires.
If this is still true, you might be able to simply create another distribution certificate without revoking the existing one. You will need to create new provisioning profiles as well (or update the old ones to use the new cert), but that shouldn't invalidate those already deployed. You would then be able to distribute the new / updated app and the existing installations will remain unaffected.
It has been some time since I last worked with enterprise distribution and right now, I don't have access to an enterprise dev account, so I can't try. But I don't think there is any risk if you just go ahead and try it - I assume the portal will either let you create a second cert or it just won't...
Toastor is correct - I recently had a discussion with Apple about this and it intentionally differs from App Store apps. When the distribution certificate is revoked (or expired) for an Enterprise app, the app stops working after expiration is reached, or revocation information is retrieved from Apple.
However if you manage several Enterprise apps, instead of requiring users to install a recompiled version of every single app with the new certificate, you may:
Push the new Provisioning Profile(s) to users over MDM (like Airwatch) **
Use a wildcard App ID for your apps and then as long as the user installs one app with the updated cert, it will apply to all apps that share that App ID
Allow users to download the updated Provisioning Profile without requiring an app install **
** CAVEAT: I don't code apps but do manage our certs, App IDs, and Provisioning Profiles. I haven't yet tested these approaches - it's my best effort based on notes from my recent discussion with Apple.
So I took over an existing iOS app from a client, that is currently available for public use through the App Store. When I was given the project in xcode, I noticed that all provisioning profiles associated with the app had expired and all were under the name of the previous developer.
So, I added myself as a developer and joined the team and code signed the development copy under my credentials. I created a new ad hoc provisioning profile for testing, and released a version through TestFlight to some registered devices. No problems. The app is greenlighted to go live.
Can someone please help me out with the release process from this point on? Do I create a third new provisioning profile for App Store release, and tie it to the code signing in XCode? Is this going to be problematic considering the version that is live now is under completely different (expired) profiles from a different developer? Is there some alternative way I need to do it through Apple? I'm trying to be super cautious here... if for some reason I release the app and its crashing because of some step I didnt take by accident, the poop will hit the fan.
You're going to have to release it under a new name on the App Store and forfeit all the ratings and reviews. Apple won't let you swap developer profiles on an existing app.
Other developers may disagree, but it looks like a huge PITA. See here
Transferring ownership of an iPhone app on the app store
The official answer seems to be NO
I didn't interpret the question as regarding change of ownership of an app.
I read the question as: I've inherited maintenance of an app and we'll want to submit an update as the same seller.
In this case, you can generate your own certificates and distribution profiles, and you can then build and submit the app.
I have done this numerous times. That is, I have inherited responsibility for an app that I did not necessarily craft originally. I easily created new signing and provisioning credentials, appropriate for the app the be submitted as the seller (not me) on their behalf.
And for what it's worth, the App Store Distribution profile is necessary, but only used when the app is submitted, so Apple can ensure that it is coming from a developer that has the right to submit it. (Remember, these profiles are signed with the same certificates used to sign your app package.) If that Distribution profile should expire or change, it has no bearing on an app already in the App Store.