I accidentally pressed the reset button on 'IOS Distribution' within IOS Developer account. This in turn made a hand-full of provisioning profiles invalid.
From what I have read here: https://developer.apple.com/support/certificates/
apps are still intact I will no longer be able to submit new apps or updates to the App Store.
Just want to verify if this is correct in my case and apps will not go down??
Thanks
Yes , the current apps will have no effect of the certificate being revoked.
Happened with me many times .
similar question threads here
Will revoking Distribution certificate affect application which is In Review (on apple store) for Iphone?
If I revoke an existing distribution certificate, will it mess up anything with existing apps?
If you are revoked .cer then you can generate it again and that does not effect on your live application.
In the developer Member Center there is your generated application ID that you generate for each application. You must take care about that Application id is not removed else you need to generate it as a new because its a unique and in this case you need add new app app and you can not update the current application that live.
What kind of steps you need to do if .CER revoked or expire:
If .cer revoked then just click on add new and select your CSR(Certificate Signing Request)
Now you have new cer then you need to just update your provisional profile and download it and use it thats it
Related
I got this mail from Apple.
Your iOS Distribution Certificate will no longer be valid in 30 days. To generate a new certificate, sign in and visit Certificates, Identifiers & Profiles.
I get some information from StackOverFlow but I want to know what I need to do if I modify my existing app. Will I able to update in future the same app with new certificate and new profile. Is that I need to revoke and generate the new certificate. Thanks for your help and comments.
As per new updates, you don't need to renew the certificate as a separate action. The renewal is based on the expiration of the Apple developer account. By taking the action of renewing your membership, this will automatically renew your certificates.
It is just a reminder of the certificate that is going to be expired very soon in future.
I want to know what I need to do if I modify my existing app. Will I able to update in future the same app with new certificate and new profile.
Yes, You can always able to create new certificates (Some has limitation to create) and use these certificate to generate new mobile provisioning profile or regenerate mobile provisioning profile using the new certificates.
Using old certificate (Expired) you can not able to run build on device and not able to publish app on App Store.
The new certificate will not affect on your app. In simple words, certificates are being used to run app on device, publish app on App Store, push notification, etc.
I've been using Xcode with a free Apple ID, and signing a App with a free provisioning profile.
However, after I signed the App with another Mac, the certificate on the first Mac I used to sign the App with does not work anymore.
I received this error message when I tried to run it on my iPhone:
Please verify that your device's clock is properly set, and that your signing certificate is not expired. (0xE8008018).
After generating a new certificate via Xcode > Preferences > View Details... > iOS Distribution > Create, I got this error instead:
The identity used to sign the executable is no longer valid.
After deleting the App from my iPhone, I tried to run the App again and received this error message instead. This also caused my phone to freeze for a while:
dyld: Library not loaded: #rpath/libswiftCore.dylib
Referenced from: /var/mobile/Containers/Bundle/Application/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/Test.app/Test
Reason: no suitable image found. Did find:
/private/var/mobile/Containers/Bundle/Application/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/Test.app/Frameworks/libswiftCore.dylib: mmap() errno=1 validating first page of '/private/var/mobile/Containers/Bundle/Application/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/Test.app/Frameworks/libswiftCore.dylib'
(lldb)
Update: I'm using Free Provisioning Profile, thus I don't have access to iTunes Connect. I also can't import the certificate from my 2nd Mac as it was it was reset.
Update 2: I've also visited Keychain App and found 2 certificates - one expired and one valid. I deleted the expired one and tried to run the App on my phone again, but the error persists.
Update 3: I've tried to revoke all my certificates in developer.apple.com, but there isn't a certificates management. Only 'Programs & Add-ons' and 'Your Account' sections are available in the nav, which allows me to enrol into Apple Developer Program.
Update 4: I've also restarted my Xcode to no avail.
The main problem is that I'm not sure why I cannot revoke and regenerate a new certificate.
How can I solve this problem?
Generate a New CSR from your Keychain and download new certificate using this CSR. Include this certificate in your provisional profile and download it. Make sure you remove all expired certificates from Keychain. Good luck.
You don't need iTunes Connect to manage your certificates, IDs and provisioning profiles. iTunes Connect is used for managing your app store releases, which as you know you can't do with a free account.
You need to go to developer.apple.com and log in with your free account to the member center. You will be able to see the certificates and provisioning profiles under your developer account.
Since you don't have anything in the store (you can't with a free account), I would go into the developer's member center, revoke and delete any certificates that are out there, and delete all provisioning profiles. Start from scratch and generate a new certificate using a brand new CSR. Then generate a new provisioning profile using the existing app ID and the newly created certificate. Download the profile update your project settings to use the new signing identity and profile, and you're back in business.
Also, this is assuming that you are not sharing this developer account. If you are, doing the above instructions will make it so other developers will not be able to build with the signing identity unless you give them the private key for the certificate.
I managed to fix this problem by renaming the App name, and recompiling the App. I think that by renaming the App, a new certificate is generated, thus it would work.
Even though, it's not really a great solution, but it solved my problem as I wanted to rename the App in the first place.
Thanks everyone for providing answers!
I had to create a new Apple ID and it worked. Not the ideal solution but without access to certificates its the only solution that worked for me.
I have an in-house enterprise app that is managed (deployed) from MaaS360
'https://portal.fiberlink.com'
And this app is built (and still maintained) in XCode 4.6.3 (i know, i know), so I don't have any of the fancy new features in XCode 7 that might help alleviate this problem. In fact, even the refresh button in Organizer no longer works... you tap it and a dialog says "service unavailable" and I've tried it on different days, so it's not just a temporary glitch or service interruption. I believe apple disabled whatever portion of their service was servicing that request from XCode 4's Organizer.
The provisioning profile on it is going to expire in March, and I'm trying to figure out how to renew it without inconveniencing the users by making them download a new rebuilt app. It would be particularly painful for them because it would require they sync a few gigabytes of data from their device through iTunes for each person, and it's a few hundred people.
My problem is, my certificate I used to sign the app is also expiring around the same time (in March).
I happened to have another certificate and an associated provisioning profile, I had generated on a different mac which expires in 2019, and I tried to use it to update the expiring provisioning profile on MaaS360 for this app in question, and I get this error
So what has me a little terrified is, I'm back on the mac where I originally created and deployed the app... if I need to renew my existing certificate (which I assume means revoking it and replacing it with a new one), in order to create a new provisioning profile, aren't I going to run into this dialog again, claiming that my certificates don't match, because I'll now have a new one, hence I can't update the profile.
If the only way to update my expiring provisioning profile is with my soon-to-be-expired-but-also-identical certificate which originally created the profile, that still means my profile is going to expire as scheduled because my original certificate will have expired too.
Is there a way out of this dilemma?
You can have two certificates active at the same time. So I would generate a new certificate using the same key you used to generate the original one. To do this on the Apple developer portal, you will need the cert signing request. Most developers don't save this when they generate their certificate the first time. The good news is, if you have the private key that was used for your distribution certificate, you can use that to generate the CSR. To find out if you have the private key, you can use this post for how to locate it in the Keychain app. https://stackoverflow.com/a/33651921/3708242
Once you have verified that you have the private key used for the certificate for the app store distribution, you can generate the a CSR using the following procedure: https://stackoverflow.com/a/7111454/3708242
Once you have the CSR, go to Apple's developer portal and generate a new distribution certificate for "In-House and Ad Hoc" distribution. As long as you only have one out there, you should be able to create a second without having to revoke the existing one. Once you've done that, you will likely need to provide that certificate to the MaaS360 service (I'm not familiar with how that works, but somehow the Maas360 server must have the private key and certificate that the apps were built with, as it is clearly checking that when you push the build of your app and the certs don't match). So download the new cert and provide that to MaaS360.
Then, generate a new distribution profile using the new certificate. Or you can update the existing one to use the new cert by clicking the edit button on the provisioning profile, then changing the radio button to the new cert which should expire several years out. Note that this won't prevent any existing apps built using the profile from running in the meantime (revoking the certificate, however, would immediately cause the apps to stop working, which you don't want). Save and download the new profile, and use it to rebuild the app.
The app will then be built with the new certificate, that won't expire any time soon. I do think you are missing the part of the process where you will have to provide the new cert to MaaS360. I can't really help you with that part, but hopefully there is some documentation from IBM that can help you out there. But, you will need to fix it, because once the cert expires, non of the apps built with it will work. Good luck and let me know if any of this is not clear enough.
I have a doubt on Code Signing during Appstore submission. I already submitted an app to appstore with the profiles and certs created and its currrently in appstore. Unfortunately, i lost my machine where i had backup of those profiles and certs. I know that Prov Profile can be downloaded from my developer account.
My Doubt here is, 1) As i dont have backup of .p12, should i need to raise a request for new certificate from my keychain and proceed with that?
2) If so, will users can be able to upgrade the existing app from the appstore?
Thanks in Advance.
Here are your answers
1) As I don't have backup of certificate and .p12, should I need to raise a request for new certificate from my keychain and proceed with that?
Don't worry, when you like to give new update for your application, create new .p12 file and use it. Certificates are used to basically authenticate your machine with developer account.
2) If so, will users can be able to upgrade the existing app from the appstore?
No problem for users, as app store distribution provisioning profile works very different from developer provisioning profile, so no user needs to update.
Just for your info: the signing files for Android are very important, not for iPhone application. For Android, if signing keys are lost, you cannot update apps, whereas for iPhone you can create new certificates and update your apps.
Yes, you can just request a new production certificate from your new machine.
Then use it for your old provisioning profile for the app.
Yes without private key in your keychain, You cant use the existing provision files created with that private key. So you need to create a new Developer/Distribution certificates in developer portal with new Certificates. This will not affect the existing application in appstore.
While working on a new version of one of my apps Xcode told me today, that it cannot run the project any more because the development profile has expired.
The organizer shows for all development profiles "Valid signing identity not found" and for all distribution profiles "Profile has expired".
Of course it is not a suprise that profiles expire. In the past all I had to do was a click on "Renew" but this does not work any more. After entering user name and password for my Account Xcode shows the error message "No value was provided for the parameter 'certificateIds'"...
What can I do?
Instead of using the Organizer the directly visited the Provisioning Center webpage. There are two entries within the section "iOS Apps/Certificates/All":
1. "My Name iOS Development Expires: Mar, 17 2012"
2. "My Name Development Expires: Mar, 19 2013"
A click on one of the certificates show option to "Revoke" or "Download" certificate. There is also a "+ Button" to create a new Certificate but the option "iOS App Development Sign development versions of your iOS app." is deactivated.
In the section "Provision Profiles" all development profiles are marked as "Active" and all distribution profile as "Expired". Only "Edit" and "Delete" options are available while a "Renew" option is missing. The "Edit" option shows the profile details and "Generate" button. I would assume that "Generate" creates a new version, but after pressing the button only a progress indicator is shown which comes to no result. After I reload the page the status is unchanged.
So, there are no options to renew the existing certificates and profiles (are there?). Thus I have to create new certificates but - as described - this option is grayed out. I Assume that I have to delete / revoke the existing certificates first. A click on "Revoke" shows a very explicit warning: "Revoking this certificate will invalidate it and any related services or provisioning profiles that use this certificate may be affected."
I am afraid that revoking the certificate might effect my existing app in the App Store - that the app might be removed from sale because the certificate they are based on was deleted.
Of course this is a scenario I would like to avoid. Does anyone know for sure what happens when using the Revoke option for an existing certificate. Does this even effect App Store apps?
Thank you very much!
For App Store apps, you don't need to worry. The signing information on app store binaries is only used for the initial validation to ensure it came from you. Once it has been uploaded the binary will be transformed and resigned with Apple's private key, encrypted with Fairplay, etc.
This means revoking your distribution certification will not affect live apps. You only need to worry if you have an enterprise account.
No, revoking certificates does not affect apps already on sale. For that matter it won't even affect apps submitted for review. (We had renew a certificate while an update was in review. No problems at all)