Good morning, this is my first time dealing with an expiring iOS distribution certificate, so please pardon my noob question :(
I have personal unreleased apps running on my phone and Apple TV that are using this certificate. I was curious if theres a way to renew/create a new certificate that will not require me to reinstall these apps to my phone/Apple TV?
What is the normal process you do when your certificate is expiring?
Thank you in advance!
The apps don't use the certificate, the distributions certificates are only necessary to validade when sending an app. Your certificate can be revoked/expired and nothing will happen with your installed application or even ( if is the case ) your application on AppStore.
The only certificate that you need to care more is the PushNotification one, because if this one get expired/revoked your push server can't send notifications.
Related
So, my first App is on the AppStore for almost a year now. I started receiving notices from Apple that my iOS Distribution Certificate will expire in 30 days time. That's fine — they expire.
But, the email says to go to Certificates, Provisioning and Identities to renew — only there is nothing there that specifically guides me through such a process that I can see — and it's a very clean, spartan portal so I imagine I would see something especially if I was directed to go there specifically for this reason.
As I've never renewed a certificate, I wonder if anyone might be able to guide me through the process? There seems to be no clear answer.
My concern is that the expired certificate would somehow break the App currently in the store? (I don't know that it will, or will not — but I'm not excited to find out in real time.)
Am I meant to create a new certificate in Xcode? Does it need to be somehow applied to the current version of the App, or the one in the App Store, meaning I may need to publish a new version of the App for hygiene?
Any pointers or help are greatly appreciated.
Julian
If your Apple Developer Program membership is valid, your existing apps on the App Store will not be affected. However, you will no longer be able to upload new apps or updates signed with the expired or revoked certificate to the App Store.
https://developer.apple.com/support/certificates/
For updating the app you need to generate new certificate.
I have an enterprise app out in the field signed with a distribution certificate 3 years ago that is due to expire next month. Ideally I would like to not have to redeploy my app to my users and according to the apple docs Re-Creating Certificates and Updating Related Provisioning Profiles, it appears I can create a new dist cert, update my profile with the new cert and my app out in the field will not be effected. I have read some conflicting posts on the matter from a few years ago now admittedly that say I will need to re-deploy my enterprise app so was wondering would anyone be able to confirm for me what teh latest state of play is.
Any information would be greatly appreciated.
No, you don't need to redeploy an app if your bundler identifier is same.
You can revoke current certificate and create a new one. This action can result into 'stop' usage of app in mobile device (if or when it has connection to apple server). The reason for this is, user needs to accept/trust developer of new certificate from device's settings.
Once user accepts/trust new certificate, your app will continue working as it was.
You can ask me, if you still have any confusion or problem in understanding this scenario.
Recently, I practically tested this scenario for one of my enterprise app and it was successful.
Hope it would work for you also !!!
According to Apple, in-house apps will stop working once the Distribution Certificate expires:
iOS Distribution Certificate (in-house, internal use apps)
Users will no longer be able to run apps that have been signed with
this certificate. You must distribute a new version of your app that
is signed with a new certificate.
My question is:
Is it the same for apps built with an iOS Development Certificate? My guess is yes, but I would like to know for sure...
Please note: I'm not asking what will happen to apps in the App Store, I know they are not affected.
Yes, your assumption is correct.
I just lost my private key with OS reinstallation so will have to create new Certificate Signing Requests.. I wanted to know if revoking my Distribution Certificate will have any effect on my existing applications on App Store especially when one of my applications is waiting for approval ( In Review ) build from old distribution certificate.
Should i wait for the app to be
accepted by the Apple or revoking the
distribution certificate won't have any
affect on the application?
I know this is an ancient question, but since it hasn't been answered... According to Apple support, you can revoke the certificate immediately after submitting an app for review and the app won't be affected. Apps already on the app store will not be affected either.
Related SO threads to support the above:
If I revoke an existing distribution certificate, will it mess up anything with existing apps?
iOS Provisioning and Certifcates - Will Revoke/Renew effect App Store Apps?
Often developers face this question and stay away from revoking a certificate. Possible thoughts are if it affect the app in the store, or will the same certificate be required for the next update etc.
But there are no any issues like that.
An Appstore and Adhoc production certificates are used for the App store submission process only. It needs to check the private key public key pair to validate that the ipa is code signed by a valid signing authority. Once the app goes to app store you need not have to bother about the certificate used.
The next time for creating an update, you can codesign using a different certificate, but you need to use the same app id.
As per my experience and according to Apple support, revoking certificate will not have any effect on the already uploaded build on iTunes either for review or on live.
Hope this helps!!
There will not be any affect on your current uploads. As the bundle identifier and app id for your application will remain same, it will not affect any of your push notification service too. This is the only reason we are able to replace PEM or p.12 certificates to web developers if the current certificate of any live app has expired.
From the apple docs:
https://developer.apple.com/support/technical/certificates/
iOS Distribution Certificate (App Store)
If your iOS Developer Program membership is valid, your existing apps on the App Store will not be affected. However, you will no longer be able to submit new apps or updates to the App Store.
My app is not released yet, so you couldn't find it in the App Store. But it is being used by a group of private beta users (through the iOS TestFlight service). And it is hitting my production server, which is the reason for the question.
In the situation described above, what .p12 do I use? the Dev certificate or the Distribution certificate? I am asking because I am not clear on whom the distinction is for. As far as my server is concerned I don't care which one is used. I just need to send push notifications, and as long as the users get them, I am happy. And since I am using my production server, I figure I should use the production/distribution certificate. But I have a suspicion that my server -- dev or production -- has nothing to do with it. And which certificate I use may entirely have to do with the App Store. So will someone please clarify for me? Thanks.
From http://www.raywenderlich.com/32960/apple-push-notification-services-in-ios-6-tutorial-part-1
Development If your app is running in Debug mode and is signed with the Development provisioning profile (Code Signing Identity is “iPhone Developer”), then your server must be using the Development certificate.
Production Apps that are distributed as Ad Hoc or on the App Store (when Code Signing Identify is “iPhone Distribution”) must talk to a server that uses the Production certificate. If there is a mismatch between these, push notifications cannot be delivered to your app.