A contractor is asking for a private key and suggesting creating a new push certificate for this app with a new certificate signing request. Then to share the certificate and private keys with them.
I wondering how we can use these contractors without giving them private keys?
I am not sure how to manage this workflow. Any thoughts on how to manage would be greatly appreciated.
The certificates and keys used for the server side push service (interacting with Apple's APNS server) are different from the certificates and keys use to sign the app. If it's only for that your fine. You'll set this up when enabling push services on the app ID in the developer portal. You will however need to re-create your provisioning profiles in order to compile the app to receive the push messages.
If your contractor has their own dev account you might want to consider adding them as a team member so they can set up their own dev certificates.
Related
my compagny buy a application from another account, recently certificate push expired and push doesn't work anymore on version on the store, when i access to apple developper i can't find certificat linked to the current application
i think the certificates is keepen on the original account witch publish the application
we cannot have access to old account
what options we have to update certificat ?
we had to create new certificat an push a new version on the store inevitably ?
thank you for your answers
I have found answer on the apple documentation
https://help.apple.com/itunes-connect/developer/#/deved688524f
Associated client SSL certificates for push notifications aren’t transferred. If the app uses Apple Push Notifications service (APNs), the recipient needs to create a client SSL certificate using the recipient’s developer account to reenable it.
Hope it will helps someone
As a Team Admin I have created the production certificate for client enterprise application. Using this certificate now the enterprise app has gone live. Now I need to remove myself from the client's enterprise account. My question is, will this affect the existing production certificate in anyway? What will be the outcome? Will this affect the existing enterprise app?
It will not impact existing, enterprise signed apps.
1) Team Agent
You can transfer roles to another person to avoid those issues. You can find detailed information in your account under Transferring Roles.
2) Team Admin
You can simply add another team member as admin. Find details here.
Regarding the certificate: if you invoked the certificate, it is based on your private key. So you either have to export the certificate (including your private key) from the Key Chainapplication or the new admin has to revoke the certificate to sign future releases.
The problem is that a customer cannot trace the APPLE ID used to generate the MDM APNS certificate, and it is about to expire! They need to log in to https://identity.apple.com/pushcert/ to renew it.
According to Apple, if the cert expires, all devices will have to be re-enrolled!
Is there any way around this?
There is not going to be a way around this. If they have an Enterprise account it is likely (hopefully) they kept things vanilla and the Agent's account was used to create the MDM/APNs cert.
I realize there was a question about allowing multiple servers to send Push Notifications to the same application using the same SSL Certificate, but my question is different.
Suppose that the developer of a single iOS application would like to allow multiple providers to send Push Notifications to his application, but wants to control which providers have the authority to send APNs to his App (and to be able to revoke that privilege from any one of them).
If all the providers have the same certificate, in order to block one of them from sending APNs, he has to block them all (by revoking the Push SSL Certificate, and getting a new one).
Is it possible to get from Apple multiple Push SSL Certificates for the same Application?
That would make it possible to assign a unique certificate for each provider, which would allow to block a single provider without blocking the rest.
On the Apple Provisioning Portal there doesn't seem to be a possibility to create more than one Push SSL Certificate for the same Application and the same environment (Development/Production), but I wanted to be sure whether it can't be done.
Since no one answered my question, I'll answer it myself.
The answer to that question used to be no but it seems that Apple made some changes in the provisioning portal (which is now called Certificates, Identifiers & Profiles), and now it's possible to define multiple certificates for the same application and the same environment.
Actually you can create only 2 apple push certificates for one App ID and no more.
Apple developer center does not allow me to create more then two and same experience has my friend.
I don´t see how your task can be solved now. In my opinion Apple does not want to support such products. Maybe you can do more with Enterprise Developer account but I don´t have one. So maybe anyone else can tell us if it allows to create more push certificates for on iOS application.
The creation of a CSR will prompt
Keychain Access to simultaneously
generate a public and private key
pair. Your private key is stored on
your Mac in th....
So every iOS app can have two environments set up for push notifications, development and production.
What is the harm in reusing the same CSR (and thus the same private key?) for both dev and prod environments? Is this even possible?
In a similar effect what would be the harm of using the same CSR across the different apps.
Basically I want to manage a single private key when I install the required elements on the server that will handle push notifications on my end.
Thanks
I use the same private/public key for all my certificates. The only time I ever end up having different private/public keys is when a client wants me to manage their whole Apple account and certificate generation.