I have created an iOS app. The app is already in the store. Now, I am creating a new iOS app. I am wondering, what should I change in regard to development certificate, distribution certificate, provisioning profile.
I am reading this document. It says the following:
You use the same development and distribution certificates for iOS,
tvOS, and watchOS apps.
OK, does it mean for the new app, I can use the same development & distribution certificate as the old app is using? If so, what about provisioning profile? Could someone please clarify all these to me for the new app?
====== Other related questions =====
What if the app is developed by other developers, we are in the same team, now I create a new app. Do I need to create new certificate, provisioning profile, etc?
If developer A developed an app & distributed to Apple store, then he left the company. Developer B needs to fix the same app and upload to Apple store again. What does developer B needs from developer A? The private key, right? Other things certificate, provisioning profile from developer B can be used by developer A directly right?
#Shubham Ojha, thanks for your comment below. But I still want to ask the following scenario: We are several developers in the same company, we have a company Apple developer account. One developer has created the development/distribution certificate, provisioning profile, etc for the first app, then, he left company.
Now questions are :
For the same app, I need to fix some bugs and release to Apple store again, what do I need to do with those certificate? I think the private key is on that developer's laptop right? Do I have to have that private key in order to release the app?
For a new app, what do I need to with those certificates?
You can use the same development and distribution certificates for a new app, since the certificates are bound to a developer or any development/distribution team respectively.
Only you need to create a new App Id from the developer portal(member center) and you can select the same developer and distribution certificates while creation of the provisioning profiles.
Yes you need to export the certificates from the MAC on which it was created first and the private key is also required for its installation on any other MAC. But if the employee hasn't submitted that, then you need to create a different signing identity using your Xcode->preferences->accounts->View Details(of Apple ID associated with developer account). Here you can create the signing identities and export them.
At below link you will get all your answers with proper step by step documentation, if you still have any doubts feel free to ask.
https://developer.apple.com/library/content/documentation/IDEs/Conceptual/AppDistributionGuide/MaintainingCertificates/MaintainingCertificates.html
For a new app also you need the same certificates since certificates are for team/developer and not for a particular app.
Related
I understand that in iOS app development, for team collaboration, the leaving developer should export the distribution certificate from his keychain app because only his Macbook has the private key used as code signing identity. (Please correct me if I am wrong here.)
My questions are:
1. Am I right that the distribution provisioning profile for app store & the provisioning profile for ad-hoc distribution using the same code signing identity?
2. Am I right that if we lost the contact of leaving developer who has distributed the app to Apple Store, I can just delete the distribution certificate & corresponding distribution provisioning profile in Apple Developer account , and create a new distribution certificate & profile on my Macbook so that I have the new signing identity in my keychain, I don't need the leaving developer to export his, because the distribution certificate & profile is only used to distribute the app to Apple store or do ad-hoc distribution? Is there any harmful consequence I missed if do so?
For question 1
Yes, distribution certificate is used for uploading app to apple store. And development for running on device or sending build.
For question 2
Yes, you can simply revoke his certificate. And create new one. That way your previous developer certificate are not required. Moreover, he wont be able to use them anymore and you can create new one and keep your certificate on apple developer account clean.
Hope it clears your doubt.
The company i work for have a few iOS apps distributed through the Enterprise program. We dont update these apps very frequently. So making sure that the certificates and provisioning profiles dont expire until we've had the chance to renew and redistribute the apps can be easy to forget. How does your team ensure this doesn't happen?
There's really not much you can do to prevent this, other than trying to keep all your apps being created with the same certificate / profiles, as up to date as possible. I have yet to find a good automated solution.
To manage it, I think the best solution is to create a reminder each time you generate a new certificate that will remind you in 11.5 months to renew the certificate (using the original cert signing request file). Then generate your certificate and new provisioning profile to be distributed to the developers (either by hand or by having them all signed into their Apple developer accounts as team members).
Once you have your new certificate and profiles, you'll need to regenerate the IPAs through xCode, or simply re-sign the ipa using the instructions found here: https://stackoverflow.com/a/25656455/3708242
For our internal apps using our enterprise distribution profile, we have put in self-update logic that allows us to push updates so that the users won't end up with an app that won't launch due to an expired provisioning profile or certificate.
Although I know many developer frown upon the use of wildcard ids in provisioning profiles, they do have one advantage here. If you have one app that is on all the devices, you could potentially get by with only updating that one app, as long as the new app has a provisioning profile and certificate that are not expired, and the provisioning profile has a wildcard id that matches all the internal apps you have. Once the valid profile is on the device, it will allow older apps to run. For more details about what I am talking about, see this answer: https://stackoverflow.com/a/29121777/3708242
I am trying to generate a Enterprise provisioning profile from an wildcard AppID but I am required to set a explicit AppID to generate the provisioning profile.
One mobileprovision with a wildcard appID would be enough for our users to install our different applications and they are not forced to install a mobileprovision for each .ipa we develop.
I am pretty sure this was possible in the past (around 2014)
How could achieve this?
Edit (Some more information added)
I am able to create wildcard appIDs and with those appIDs I can generate development or ad-hoc provision profiles but not In House provision profiles.
When creating In House Development profiles from the website just explicit App Ids are shown.
When trying export In House apps with AppIDs that are not already defined in the web this message appears:
I this Apple Developer link It can be read in the 4th step "You can not distribute an enterprise app using a wildcard App ID"
I am using Xcode 6.1.1 and the In House account is pretty new
Same story here : on a "recent" iOS entreprise account (i.e. late 2014 or start 2015), the wildcard appID is not proposed when creating an in-house distribution profile.
Just tested with an older account: the wildcard appID is listed when I want to create a new in-house distribution profile.
Yes, you can certainly create an enterprise in house provisioning profile that uses the wildcard app id. We do it today, and I just tried creating a new one and it let me. You cannot use wildcard app IDs if your app needs to do iCloud, Game Center, In-App Purchases, etc., but for standard apps you should be fine. If you cannot, there may be another issue. Post more details about how you are required to set and explicit app ID and maybe we can be more help.
Do you have an existing iOS Wildcard AppID when you go to the App IDs section on the developer site?
I have a strange issue.
I have a distribution certificate for my app in my developer portal with two App IDs (one wildcard and one explicit) and I've had to adjust the app ID to include the iCloud entitlements because I'm working on an update (iOS 7 only) with iCloud support.
I'm now ready to distribute and so I created a new provisioning profile in the developer portal with that certificate. As soon as it's added to Xcode, it shows up as "invalid" in the Developer Portal.
If I archive and validate my app before the app distribution in Xcode, and use my Apple ID and this provisioning profile, it says "it passed without any errors".
I'm extremely nervous about uploading this to Apple because it doesn't make sense to me.
The other provisioning profiles I have in the developer portal are the iOS Team Provisioning Profile (managed by Xcode).
I've got the entitlements in Xcode and my app works in development with iCloud, but I really want to distribute this.
If I add in more distribution profiles, as soon as it's added to Xcode, it shows up as invalid in the developer portal member centre. That's with using the explicit App ID. If I create one using the wildcard ID, it remains active, but I've read on the Apple documentation that for iCloud, you have to use an explicit App ID.
I have managed to solve this, thankfully.
I contacted the Apple Developer Support team by phone with this (without having to create a new support request and have that take a while) and was sent the following link:
https://developer.apple.com/library/ios/documentation/IDEs/Conceptual/AppDistributionGuide/MaintainingCertificates/MaintainingCertificates.html#//apple_ref/doc/uid/TP40012582-CH31-SW34
The specific header is "Re-Creating Certificates and Updating Related Provisioning Profiles”,
basically went through and revoked all of my certificates in the portal and removed the certificate and private key in the keychain access. From there, I removed all of my provisioning profiles as well.
Within Xcode on the accounts section, I got a popup asking if the development and distribution certificates should be generated. I said YES and it did it. In the developer portal, I now had two certificates. I created a developer profile and tested my app; it worked. I then created a distribution certificate and added it to Xcode. After refreshing the portal, it still showed active. I archived and validated my app, with no issues and then uploaded. The new distribution profile is still active.
This was great and I'm happy to have this resolved.
I have a doubt on Code Signing during Appstore submission. I already submitted an app to appstore with the profiles and certs created and its currrently in appstore. Unfortunately, i lost my machine where i had backup of those profiles and certs. I know that Prov Profile can be downloaded from my developer account.
My Doubt here is, 1) As i dont have backup of .p12, should i need to raise a request for new certificate from my keychain and proceed with that?
2) If so, will users can be able to upgrade the existing app from the appstore?
Thanks in Advance.
Here are your answers
1) As I don't have backup of certificate and .p12, should I need to raise a request for new certificate from my keychain and proceed with that?
Don't worry, when you like to give new update for your application, create new .p12 file and use it. Certificates are used to basically authenticate your machine with developer account.
2) If so, will users can be able to upgrade the existing app from the appstore?
No problem for users, as app store distribution provisioning profile works very different from developer provisioning profile, so no user needs to update.
Just for your info: the signing files for Android are very important, not for iPhone application. For Android, if signing keys are lost, you cannot update apps, whereas for iPhone you can create new certificates and update your apps.
Yes, you can just request a new production certificate from your new machine.
Then use it for your old provisioning profile for the app.
Yes without private key in your keychain, You cant use the existing provision files created with that private key. So you need to create a new Developer/Distribution certificates in developer portal with new Certificates. This will not affect the existing application in appstore.