My client has a few apps in the app store that were submitted using a certain App Store profile which I have access to the account. We also have those apps installed Ad Hoc signed with the same Distribution Profile. Now I am taking care of one of this apps and I need to code sign to make a few changes and then submit it Ad Hoc for some testers. No one knows where the .developerprofile backup is. Can I revoke the existing certificate and recreate a new one without affecting the apps on the App Store. If I revoke, any other developer using this key pair will stop working, right? Any other problem I am not remembering. Can I revoke the certificate?
Thanks in advance.
Yes, you can safely revoke the developer and AdHoc distribution certificates without affecting any App Store apps. Be careful not to revoke any Push Notification certificates if your app uses push.
Generate a new certificate signing request on your machine and use that to generate the new certificates. Remember to edit the provisioning profiles after you create the new certificates, especially if you've added any additional devices to the provisioning list. Then download the new provisioning profiles and you should be good to go.
Any other developers (if they still have access) will be able to download the new profiles if they need them. If they also need to sign builds, they should generate their own keys/certificates as well for their developer certificates.
Related
I got this mail from Apple.
Your iOS Distribution Certificate will no longer be valid in 30 days. To generate a new certificate, sign in and visit Certificates, Identifiers & Profiles.
I get some information from StackOverFlow but I want to know what I need to do if I modify my existing app. Will I able to update in future the same app with new certificate and new profile. Is that I need to revoke and generate the new certificate. Thanks for your help and comments.
As per new updates, you don't need to renew the certificate as a separate action. The renewal is based on the expiration of the Apple developer account. By taking the action of renewing your membership, this will automatically renew your certificates.
It is just a reminder of the certificate that is going to be expired very soon in future.
I want to know what I need to do if I modify my existing app. Will I able to update in future the same app with new certificate and new profile.
Yes, You can always able to create new certificates (Some has limitation to create) and use these certificate to generate new mobile provisioning profile or regenerate mobile provisioning profile using the new certificates.
Using old certificate (Expired) you can not able to run build on device and not able to publish app on App Store.
The new certificate will not affect on your app. In simple words, certificates are being used to run app on device, publish app on App Store, push notification, etc.
While I try to create the iOS distribution certificate it says your account reached the maximum limit for distribution. if revoked one of the iOS distribution certificates. Is that cause any problem on the app that I have already the push to the app store with this certificate?
Well we can create 2 distribution certificates from a single account, revoking one will NOT CAUSE any harm to launch apps on app store. YOU CAN CREATE ONE AFTER REVOKING ONE FOR yourself and edit the provisional profile also with new certificate that you created.
the only consequence is no one will able to launch the app from the revoked one he has to get the new one along with he has to renew his provisional certi also
Your App distribution uses exportMethod as Ad-Hoc, (e.g. Firebase Distribution), will no able to launch and install.
My terrible experience.
The company i work for have a few iOS apps distributed through the Enterprise program. We dont update these apps very frequently. So making sure that the certificates and provisioning profiles dont expire until we've had the chance to renew and redistribute the apps can be easy to forget. How does your team ensure this doesn't happen?
There's really not much you can do to prevent this, other than trying to keep all your apps being created with the same certificate / profiles, as up to date as possible. I have yet to find a good automated solution.
To manage it, I think the best solution is to create a reminder each time you generate a new certificate that will remind you in 11.5 months to renew the certificate (using the original cert signing request file). Then generate your certificate and new provisioning profile to be distributed to the developers (either by hand or by having them all signed into their Apple developer accounts as team members).
Once you have your new certificate and profiles, you'll need to regenerate the IPAs through xCode, or simply re-sign the ipa using the instructions found here: https://stackoverflow.com/a/25656455/3708242
For our internal apps using our enterprise distribution profile, we have put in self-update logic that allows us to push updates so that the users won't end up with an app that won't launch due to an expired provisioning profile or certificate.
Although I know many developer frown upon the use of wildcard ids in provisioning profiles, they do have one advantage here. If you have one app that is on all the devices, you could potentially get by with only updating that one app, as long as the new app has a provisioning profile and certificate that are not expired, and the provisioning profile has a wildcard id that matches all the internal apps you have. Once the valid profile is on the device, it will allow older apps to run. For more details about what I am talking about, see this answer: https://stackoverflow.com/a/29121777/3708242
I have a doubt on Code Signing during Appstore submission. I already submitted an app to appstore with the profiles and certs created and its currrently in appstore. Unfortunately, i lost my machine where i had backup of those profiles and certs. I know that Prov Profile can be downloaded from my developer account.
My Doubt here is, 1) As i dont have backup of .p12, should i need to raise a request for new certificate from my keychain and proceed with that?
2) If so, will users can be able to upgrade the existing app from the appstore?
Thanks in Advance.
Here are your answers
1) As I don't have backup of certificate and .p12, should I need to raise a request for new certificate from my keychain and proceed with that?
Don't worry, when you like to give new update for your application, create new .p12 file and use it. Certificates are used to basically authenticate your machine with developer account.
2) If so, will users can be able to upgrade the existing app from the appstore?
No problem for users, as app store distribution provisioning profile works very different from developer provisioning profile, so no user needs to update.
Just for your info: the signing files for Android are very important, not for iPhone application. For Android, if signing keys are lost, you cannot update apps, whereas for iPhone you can create new certificates and update your apps.
Yes, you can just request a new production certificate from your new machine.
Then use it for your old provisioning profile for the app.
Yes without private key in your keychain, You cant use the existing provision files created with that private key. So you need to create a new Developer/Distribution certificates in developer portal with new Certificates. This will not affect the existing application in appstore.
I want to create provision certificate for development and testing purpose.
I login Apple web site and going to https://developer.apple.com/ios
But I did one mistake during certificate creation i revoking distribution profile... Now I am worried if I revoke distribution profile then the distribution binary on app store is not working if during this time any body download my application from app store? How do I go back if I revoke the distribution certificate?
If in not able to go back on real certificate then what is will be the solution of it?
Don't worry, if you revoke the distribution certificate or profile, it only means that you can't create a new binary for Ad-Hoc or App Store until you create a new one. No problems, don't panic.
Oh and you can't "go back", once it's gone - it's gone, just create a new one.