I have developed a couple of applications in iOS. Few days before my provisioning profile got expired. I renewed and downloaded it from apple developer portal. Now my question is how this new profile will get reflected in existing applications? Since there are many applications I won't be able to build it again with a new provisioning profile. So please let me know how to add this new profile with existing applications without a rebuild.
Thanks in advance.
The answer depends on what kind of builds you're concerned about:
App Store: expired provisioning profiles don't affect builds that have been downloaded from the App Store. You don't need to make a new build with the provisioning profile. You will, however, need to use the new provisioning profile if you update the app on the App Store.
Ad Hoc: builds will stop running if the provisioning profile used to create them has expired. You will need to make new builds and distribute them again.
Enterprise: you can update the profiles using the MDM protocol. See the "Provisioning Profiles Can Be Installed Using MDM
" section in the MDM Protocol Reference.
Related
I have an app in enterprise appstore and the provisioning profile with which I created iPa is due to expire next month. If I go to developer account and renew the provisioning profile, what happens to the app in appstore which was created with old provisioning profile? Should I create a new iPa with new renewed provisioning profile and submit it? Is it enough to just renew the expiring provisioning profile or should we renew, create iPa with new one and upload it to appstore again?
Any help would be appreciated. Thanks!
You will need to provide a new provisioning profile, that has a new expiration date, to the devices with your app or existing installations of the app will stop working.
You can do this by packaging a new version of your app that includes the new provisioning profile and then having your users install the update.
Alternatively, if your devices are managed by an MDM (which is best practice) then you can have the MDM server push the updated provisioning profile to the devices. The advantage of this approach is that it doesn’t require any user action.
The process of certificate and provisioning profile expiration is explained quite well in this WWDC video
As an example, here are the instructions for Microsoft InTune
My iOS Provisioning Profile will expire soon and I need to know the smoothest way to renew that profile. My certificate doesn't expire for another couple of years, so the certificate itself should be fine.It is an in-house (non-App Store) app and is installed on a number of devices.
Which is why I'm wondering if the app will stop working if I do the following:
Let the provisioning profile expire.
Click generate inside the existing profile.
If so, is there any way to update/renew the profile without taking down the app or releasing a new version? If I have to release a new version, is the best option to create a new profile to reduce downtime?
So generating a new provisioning profile will not invalidate any of the apps out there on devices. Basically, you should choose option 2. Generate the new provisioning profile, build a new version of the app with the new provisioning profile, and just make sure all your users / testers update to the new version of the app.
Alternatively, you could generate the provisioning profile and then distribute the profile to all the devices through MDM (if you're using an MDM solution) or by email (not a great experience). Basically the app will continue to run as long as the new provisioning profile gets on the device before the old one expires, whether that's through MDM, manually, or by installing a new version of the app with the provisioning profile in the .app payload. Or if your users download any app with the new provisioning profile, assuming that provisioning profile is set up with a wildcard app ID, that will also correct it (see information about that here: https://stackoverflow.com/a/29121777/3708242).
But option 1 will certainly result in your app refusing to launch once the expiration date arrives.
The company i work for have a few iOS apps distributed through the Enterprise program. We dont update these apps very frequently. So making sure that the certificates and provisioning profiles dont expire until we've had the chance to renew and redistribute the apps can be easy to forget. How does your team ensure this doesn't happen?
There's really not much you can do to prevent this, other than trying to keep all your apps being created with the same certificate / profiles, as up to date as possible. I have yet to find a good automated solution.
To manage it, I think the best solution is to create a reminder each time you generate a new certificate that will remind you in 11.5 months to renew the certificate (using the original cert signing request file). Then generate your certificate and new provisioning profile to be distributed to the developers (either by hand or by having them all signed into their Apple developer accounts as team members).
Once you have your new certificate and profiles, you'll need to regenerate the IPAs through xCode, or simply re-sign the ipa using the instructions found here: https://stackoverflow.com/a/25656455/3708242
For our internal apps using our enterprise distribution profile, we have put in self-update logic that allows us to push updates so that the users won't end up with an app that won't launch due to an expired provisioning profile or certificate.
Although I know many developer frown upon the use of wildcard ids in provisioning profiles, they do have one advantage here. If you have one app that is on all the devices, you could potentially get by with only updating that one app, as long as the new app has a provisioning profile and certificate that are not expired, and the provisioning profile has a wildcard id that matches all the internal apps you have. Once the valid profile is on the device, it will allow older apps to run. For more details about what I am talking about, see this answer: https://stackoverflow.com/a/29121777/3708242
My client has a few apps in the app store that were submitted using a certain App Store profile which I have access to the account. We also have those apps installed Ad Hoc signed with the same Distribution Profile. Now I am taking care of one of this apps and I need to code sign to make a few changes and then submit it Ad Hoc for some testers. No one knows where the .developerprofile backup is. Can I revoke the existing certificate and recreate a new one without affecting the apps on the App Store. If I revoke, any other developer using this key pair will stop working, right? Any other problem I am not remembering. Can I revoke the certificate?
Thanks in advance.
Yes, you can safely revoke the developer and AdHoc distribution certificates without affecting any App Store apps. Be careful not to revoke any Push Notification certificates if your app uses push.
Generate a new certificate signing request on your machine and use that to generate the new certificates. Remember to edit the provisioning profiles after you create the new certificates, especially if you've added any additional devices to the provisioning list. Then download the new provisioning profiles and you should be good to go.
Any other developers (if they still have access) will be able to download the new profiles if they need them. If they also need to sign builds, they should generate their own keys/certificates as well for their developer certificates.
I've developed and published an App on the App store successfully last month. However, since then, my Mac crashed and (stupidly!) I didn't have a backup of my Keychain Certificates. I've had to generate a new Certificate and ultimately create a new Developer Certificate in the Apple Provisioning Portal.
As a result - despite being able to sign and deploy the updated App to my iPhone and iPad, I cannot upload it to the App store because the signing is different.
Is there any way around this? Do I have to re-write the App and submit it a new with the new signing keys?
I've seen the question:
Can I upload a new version of my iOS app with a different certificate/profile than the previous one?
but this doesn't answer my question/problem.
your application bundle identifier & provisioning needs to be same which is irrespective with which distribution certificate you have compiled the build provided that you are generating build (ipa) for appstore submission from the same developer account.
Fixed! I logged into the Apple Provisioning Portal, revoked all my certificates and deleted all my distribution an provisioning certificates. Then I deleted everything from XCode and everything from my KeyChain. I re-generated a new CSR from the KeyChain, generates a new certificate in the Provisioning Portal with this and then did the rest through xCode. It found and downloaded my development and provisioning certificates, one against my team, the other as "unknown". I clicked on TEAMS in xCode and did a refresh then returning to the profiles say everything set as valid. I signed the App with the new certificates and uploaded them. The App is not awaiting review :)