I managed to accidentally revoke an enterprise distribution certificate. My Apps are deployed using an MDM. All these apps have stopped working. Is there any way to get these apps working again without rebuilding using a new certificate and redeploying.
I am in a real mess here and it will take me days to recover. Any help, suggestions, assistance will be rewarded.
This is an old post but I thought I'd answer it in case it helps others. You probably now know that unfortunately once a certificate has been revoked you will have to create a new certificate and then either edit or create a distribution profile to point to that certificate. You'll then have to rebuild and deploy using the updated/new provisioning profile.
Related
I want to create the new distribution certificate for my new app and my existing certificate limit is over for the distribution certificate. So I have revoked the existing distribution certificate but before that, I have done my research and I conclude that it will not affect my existing builds but unfortunately my builds stop working.
Can anyone help me with this scenario? After revoking, why my existing builds are stopped working?
Is there anything I am doing wrong here?
Revoking a distribution certificate has no effect on existing distributions, such as the apps already in the App Store.
But it does affect anything you do from now on.
Revoking of the certificate will not affect the builds that are published and installed on the devices
But revoking of certificates will definitely disable your in-house app because the device will regularly validate with apple server for the certificates, that the builds are signed with the certificate are valid or not.
So your in-house build will be invalid once you revoked the certificate but your app store build will not be affected.
Distribution Enterprise Certificate got revoked.Is there any way to avoid reinstallation of existing apps.
It'll be difficult to ask all users to install app again.
Any help will be appreciated.
If your Certificate is revoked, it will be deleted from the list of certificates. No need to reinstall existing apps.
You have revoked your certificate, so it is no longer valid.
Certificate: iOS Development
Team Name:
Any provisioning profiles that include this certificate are no longer valid and must be regenerated for future use.
Best regards,
Apple Developer Program Support
I don't know what it means and how should I do?
It probably means you, or someone else with access to the same development account had Xcode auto-generate a new development certificate for it to use. The first step there is to revoke the old one.
These messages look much scarier than they actually are. You may have to go into the member center and tell your provisioning profiles to use that new certificate now, then redownload them.
If you were the one who initiated the certificate creation in Xcode, then you should be all set. If you were not, and you need to use the same account for development, then have whomever clicked the button export the certificate for you, then you shouldn't have a problem building to a device after installing it on your computer.
If you and everybody else on the account don't have a current development certificate, then just make a new one.
The company i work for have a few iOS apps distributed through the Enterprise program. We dont update these apps very frequently. So making sure that the certificates and provisioning profiles dont expire until we've had the chance to renew and redistribute the apps can be easy to forget. How does your team ensure this doesn't happen?
There's really not much you can do to prevent this, other than trying to keep all your apps being created with the same certificate / profiles, as up to date as possible. I have yet to find a good automated solution.
To manage it, I think the best solution is to create a reminder each time you generate a new certificate that will remind you in 11.5 months to renew the certificate (using the original cert signing request file). Then generate your certificate and new provisioning profile to be distributed to the developers (either by hand or by having them all signed into their Apple developer accounts as team members).
Once you have your new certificate and profiles, you'll need to regenerate the IPAs through xCode, or simply re-sign the ipa using the instructions found here: https://stackoverflow.com/a/25656455/3708242
For our internal apps using our enterprise distribution profile, we have put in self-update logic that allows us to push updates so that the users won't end up with an app that won't launch due to an expired provisioning profile or certificate.
Although I know many developer frown upon the use of wildcard ids in provisioning profiles, they do have one advantage here. If you have one app that is on all the devices, you could potentially get by with only updating that one app, as long as the new app has a provisioning profile and certificate that are not expired, and the provisioning profile has a wildcard id that matches all the internal apps you have. Once the valid profile is on the device, it will allow older apps to run. For more details about what I am talking about, see this answer: https://stackoverflow.com/a/29121777/3708242
Tried reading around but there's a lot of information around which negates itself
I have an app which I built with a certain distribution certificate, those certificate's private keys are lost to me now...
I want to create a new distribution certificate, and a new provisioning profile without revoking the old one... because the old needs to remain active on the places I've installed it on... I can't afford to re-publish it.
will uploading a new certificate ruin the old certificate?
I should mention I am using an enterprise account to distribute the app.
do I have ANY other choice other than revoking and re-install my app on all devices for my account?
Uploading the new certificate to the Apple dev a/c and creating the new profile will not ruin the old certificate. As long as the old certificate is valid, application with that certificate will continue to work.