I am creating an MDM Server and have successfully completed all the steps and was able to install the profile on the device.
In the .mobileconfig file which is installed on the device, we pass the SSL certificate, APNS certificate and profile information.
1) What if the SSL Certificate on the server is changed? (I guess this is not practiced by many or not practiced at all but still want to know what happens when this case occurs)
2) What happens after the APNS certificate is expired after one year?
How do I update the profiles on devices in which the profiles were already installed. Should the profiles be manually deleted and reinstalled or is there any other way?
Regarding the SSL certificate:
The mdm profile using the SSL certificate is not affected and can be continued to use. The only thing that will happen is on the device when you view the profile it will show that specific signing certificate to be expired.
Solution: You need to sign the mdm profile again with the new certificate.
Refer solution to this question.
You have option to renew the APNS certificate before it expires. Apple sends you email (to the apple-id that generated the APNS certificate) before the certificate expires. If you renew the certificate before expiration, you don't have to re-enroll the devices.
In case the certificate is already expired, you need to create a new one using the same old apple-id and will have to re-enroll all the devices to receive the MDM push.
Related
I have one app available on app store. It is more than 1 year old.
I am using Notifications so I have APNS production certificate.
All distribution certificates and provisioning profiles are expired now.
I want to release an update to the app. Will my notifications break if I release new version by new provisioning profile and distribution certificate?
Your notifications will not break if you upload new certificate.
Suggestion: instead of using APNS Certificate. You can use iOS APNS Auth Key which will be valid till your memebeship is active and moreover it can be used in all the apps which are released under same account. Here are the steps to generate Auth Key,
You need to update your expired apns certificate and update them on the server.
I have an iOS MDM application which contains a set of restrictions to be imposed on the device. While a user enrolls a device , a provisioning profile along with a certificate is pushed on the device. Now the certificate is showing to be expired shortly. What could be the impact of not renewing the certificate. And how Can I renew the certificate.
Any suggestions will be really helpful.
When the certificate expires, your app will stop working. You can renew it by logging into your Apple developer account at https://developer.apple.com and navigating to the Certificates page - you should see your certificate there with the expiration date next to it. There is no option to renew it, but you can revoke the old one and issue a new one.
Once you have the new certificate you'll also need to rebuild the provisioning profile to link it with the new certificate, and then load the new profile onto the device.
Today, I realized that My Distribution Certificate has expired and cannot see any certificate under distribution anymore.
Also AppStore provisioning profile is expired but still there. When I want to edit it, of course i need to create a new distribution certificate.
So the question is, will I be able to update my existing App with new certificate?
Thanks
when your certificates is expired making following scenario:
1.When your certificate expires, it simply disappears from the Certificates, Identifier & Profiles section of Member Center. There is no Renew button that allows you to renew your certificate.You can revoke a certificate and generate a new one before it expires. Or you can wait for it to expire and disappear, then generate a new certificate.
2.When your development or distribution certificate expires, remove it and request a new certificate in Xcode.
3.When your certificate expires or is revoked, any provisioning profile that made use of the expired/revoked certificate will be reflected as ‘Invalid’. You cannot build and sign any app using these invalid provisioning profiles. As you can imagine, I'd rather revoke and regenerate a certificate before it expires.
4.Apps that are already on the App Store continue to function fine. Again, in
Important: Re-creating your development or distribution certificates doesn’t affect apps that you’ve submitted to the store nor does it affect your ability to update them.
I have some account with old certificate for an app that is currently in production. It's not duplicate of this question (Xcode apple developer certificate expiration: (0xE8008018)) because I know exactly what to do, but what harm it can does. Since I do not have CSR file that was used to create this certificate and app use a lot of push notifications.
Does revoking certificate will break push notifications?
What's about signing? If I revoke certificate I have to regenerate provisioning profile before pushing to store?
What will happen when I revoke certificate there?
You should review the Apple Support article on Certificates.
Does revoking certificate will break push notifications?
Yes, "you can no longer send push notifications to your app." At least not until you regenerate the cert and change your application to use the new one.
Distribution:
iOS Distribution Certificate (App Store)
If your Apple Developer Program membership is valid, your existing apps on the App Store will
not be affected. However, you will no longer be able to submit new
apps or updates to the App Store.
iOS Distribution Certificate (in-house, internal use apps)
Users will no longer be able to run apps that have been signed with this
certificate. You must distribute a new version of your app that is
signed with a new certificate.
Does revoking certificate will break push notifications?
Yes, if you revoke the certificate you will no longer receive push notifications to the app.
What's about signing? If I revoke certificate I have to regenerate provisioning profile before pushing to store?
If you create a new certificate and upload it to the server sending the push notifications you will be able to send push notifications again. This can be done without the need to build a new binary for the AppStore.
what harm it can does. Since I do not have CSR file that was used to create this certificate and app use a lot of push notifications.
Create a new certificate request and upload it to the correct app to create a new certificate in the developer portal. You do not need the original CSR file to do this.
In your case, Create a new certificate and replace the old cert on
push server with newly generated one. Cheers! All the pushes will
continue to deliver to users. But make sure do above thing just after
creation of new certificate.
Push cert is used for communication between your push server and APNS.
APNS allows push payload from the servers having valid certificates.
So replace the old cert with new one. I done it in past. No issue
faced. Push will be effected for the duration you would take to revoke
and update the certificates on push server.
I have just finished my first app and I want to submit it to the iTunes store. In getting ready I read a tutorial that said I should first clean up all certificates and provisioning profiles. So, as per this guys instructions, I revoked my certificate.
Now, I am having a heck of a time trying to figure out how to get it back. I've found an apparently out of date articles by Apple (TN2250) which no longer applies to my version of Xcode (4.3.2). In the Certificates section of the Provisioning Portal I can see no way to renew my certificate, or create a new one. I even called Apple's support and the nice gal was sweet but in the end was not able to help me and told me she was not technical support and I would need to ask my questions in the various help-forums.
How to renew my cert? Or create a new one?
There two certificates: one is for the development cert and another one is the distribution certificate.
If they are expired or you revoked them. You need to using key chain from your apple computer to generate the certificate requests.
Go to your apple computer, Open Application->utilities->keychain Access
Keychain Access->certificate Assantance->Request a certificate from a certificate authority
Fill in your email address and name, pick Save to disk
You need to generate two certificate for both the development certificate and the distribution certificate
Then:
You login to your provisioning portal.
Click the certificate manual on your left side
There two certificates: one is for the development cert and another one is the distribution certificate.
You request a new certificate from the portal, upload your certificate request you generated earlier.
You should be able to get your new certificates. You download these two certificates on to your computer, and double click the certificates to install them into your keychain.
Please let me know if you have problems to get your new certificate.