IOS creating a new distribution certificate without revoking old one - ios

Tried reading around but there's a lot of information around which negates itself
I have an app which I built with a certain distribution certificate, those certificate's private keys are lost to me now...
I want to create a new distribution certificate, and a new provisioning profile without revoking the old one... because the old needs to remain active on the places I've installed it on... I can't afford to re-publish it.
will uploading a new certificate ruin the old certificate?
I should mention I am using an enterprise account to distribute the app.
do I have ANY other choice other than revoking and re-install my app on all devices for my account?

Uploading the new certificate to the Apple dev a/c and creating the new profile will not ruin the old certificate. As long as the old certificate is valid, application with that certificate will continue to work.

Related

What will happen to existing builds if I revoked distribution certificate?

I want to create the new distribution certificate for my new app and my existing certificate limit is over for the distribution certificate. So I have revoked the existing distribution certificate but before that, I have done my research and I conclude that it will not affect my existing builds but unfortunately my builds stop working.
Can anyone help me with this scenario? After revoking, why my existing builds are stopped working?
Is there anything I am doing wrong here?
Revoking a distribution certificate has no effect on existing distributions, such as the apps already in the App Store.
But it does affect anything you do from now on.
Revoking of the certificate will not affect the builds that are published and installed on the devices
But revoking of certificates will definitely disable your in-house app because the device will regularly validate with apple server for the certificates, that the builds are signed with the certificate are valid or not.
So your in-house build will be invalid once you revoked the certificate but your app store build will not be affected.

Expiring In-house Distribution provisioning profile and certificate

I have an in-house enterprise app that is managed (deployed) from MaaS360
'https://portal.fiberlink.com'
And this app is built (and still maintained) in XCode 4.6.3 (i know, i know), so I don't have any of the fancy new features in XCode 7 that might help alleviate this problem. In fact, even the refresh button in Organizer no longer works... you tap it and a dialog says "service unavailable" and I've tried it on different days, so it's not just a temporary glitch or service interruption. I believe apple disabled whatever portion of their service was servicing that request from XCode 4's Organizer.
The provisioning profile on it is going to expire in March, and I'm trying to figure out how to renew it without inconveniencing the users by making them download a new rebuilt app. It would be particularly painful for them because it would require they sync a few gigabytes of data from their device through iTunes for each person, and it's a few hundred people.
My problem is, my certificate I used to sign the app is also expiring around the same time (in March).
I happened to have another certificate and an associated provisioning profile, I had generated on a different mac which expires in 2019, and I tried to use it to update the expiring provisioning profile on MaaS360 for this app in question, and I get this error
So what has me a little terrified is, I'm back on the mac where I originally created and deployed the app... if I need to renew my existing certificate (which I assume means revoking it and replacing it with a new one), in order to create a new provisioning profile, aren't I going to run into this dialog again, claiming that my certificates don't match, because I'll now have a new one, hence I can't update the profile.
If the only way to update my expiring provisioning profile is with my soon-to-be-expired-but-also-identical certificate which originally created the profile, that still means my profile is going to expire as scheduled because my original certificate will have expired too.
Is there a way out of this dilemma?
You can have two certificates active at the same time. So I would generate a new certificate using the same key you used to generate the original one. To do this on the Apple developer portal, you will need the cert signing request. Most developers don't save this when they generate their certificate the first time. The good news is, if you have the private key that was used for your distribution certificate, you can use that to generate the CSR. To find out if you have the private key, you can use this post for how to locate it in the Keychain app. https://stackoverflow.com/a/33651921/3708242
Once you have verified that you have the private key used for the certificate for the app store distribution, you can generate the a CSR using the following procedure: https://stackoverflow.com/a/7111454/3708242
Once you have the CSR, go to Apple's developer portal and generate a new distribution certificate for "In-House and Ad Hoc" distribution. As long as you only have one out there, you should be able to create a second without having to revoke the existing one. Once you've done that, you will likely need to provide that certificate to the MaaS360 service (I'm not familiar with how that works, but somehow the Maas360 server must have the private key and certificate that the apps were built with, as it is clearly checking that when you push the build of your app and the certs don't match). So download the new cert and provide that to MaaS360.
Then, generate a new distribution profile using the new certificate. Or you can update the existing one to use the new cert by clicking the edit button on the provisioning profile, then changing the radio button to the new cert which should expire several years out. Note that this won't prevent any existing apps built using the profile from running in the meantime (revoking the certificate, however, would immediately cause the apps to stop working, which you don't want). Save and download the new profile, and use it to rebuild the app.
The app will then be built with the new certificate, that won't expire any time soon. I do think you are missing the part of the process where you will have to provide the new cert to MaaS360. I can't really help you with that part, but hopefully there is some documentation from IBM that can help you out there. But, you will need to fix it, because once the cert expires, non of the apps built with it will work. Good luck and let me know if any of this is not clear enough.

iOS Certificates and Provisioning Profile

My client has a few apps in the app store that were submitted using a certain App Store profile which I have access to the account. We also have those apps installed Ad Hoc signed with the same Distribution Profile. Now I am taking care of one of this apps and I need to code sign to make a few changes and then submit it Ad Hoc for some testers. No one knows where the .developerprofile backup is. Can I revoke the existing certificate and recreate a new one without affecting the apps on the App Store. If I revoke, any other developer using this key pair will stop working, right? Any other problem I am not remembering. Can I revoke the certificate?
Thanks in advance.
Yes, you can safely revoke the developer and AdHoc distribution certificates without affecting any App Store apps. Be careful not to revoke any Push Notification certificates if your app uses push.
Generate a new certificate signing request on your machine and use that to generate the new certificates. Remember to edit the provisioning profiles after you create the new certificates, especially if you've added any additional devices to the provisioning list. Then download the new provisioning profiles and you should be good to go.
Any other developers (if they still have access) will be able to download the new profiles if they need them. If they also need to sign builds, they should generate their own keys/certificates as well for their developer certificates.

Distribution certificates for iPhone

I have an app at the appstore.
Now I want to switch developers.
If the old developer won't give me the private key for the distribution certificate, what are my options?
If I revoke my existing distribution certificate and create a new one, I understand that my existing app in the store cannot be updated.
On the other hand, if I wait until my current distribution certificate expires, then create a new one, then my app at the store should be updatable?
Please whoever can clarify this issue will be blessed!
You will be fine with revoking your distribution certificate and making a new one. You can still update an existing app after doing this.
Relevant info:
Lost Private Key For iPhone Distribution Certificate. What could be solutions?
If I revoke an existing distribution certificate, will it mess up anything with existing apps?

Creating provisioning profile?

I want to create provision certificate for development and testing purpose.
I login Apple web site and going to https://developer.apple.com/ios
But I did one mistake during certificate creation i revoking distribution profile... Now I am worried if I revoke distribution profile then the distribution binary on app store is not working if during this time any body download my application from app store? How do I go back if I revoke the distribution certificate?
If in not able to go back on real certificate then what is will be the solution of it?
Don't worry, if you revoke the distribution certificate or profile, it only means that you can't create a new binary for Ad-Hoc or App Store until you create a new one. No problems, don't panic.
Oh and you can't "go back", once it's gone - it's gone, just create a new one.

Resources