How to Renew a Revoked Certificate? - ios

I have just finished my first app and I want to submit it to the iTunes store. In getting ready I read a tutorial that said I should first clean up all certificates and provisioning profiles. So, as per this guys instructions, I revoked my certificate.
Now, I am having a heck of a time trying to figure out how to get it back. I've found an apparently out of date articles by Apple (TN2250) which no longer applies to my version of Xcode (4.3.2). In the Certificates section of the Provisioning Portal I can see no way to renew my certificate, or create a new one. I even called Apple's support and the nice gal was sweet but in the end was not able to help me and told me she was not technical support and I would need to ask my questions in the various help-forums.
How to renew my cert? Or create a new one?

There two certificates: one is for the development cert and another one is the distribution certificate.
If they are expired or you revoked them. You need to using key chain from your apple computer to generate the certificate requests.
Go to your apple computer, Open Application->utilities->keychain Access
Keychain Access->certificate Assantance->Request a certificate from a certificate authority
Fill in your email address and name, pick Save to disk
You need to generate two certificate for both the development certificate and the distribution certificate
Then:
You login to your provisioning portal.
Click the certificate manual on your left side
There two certificates: one is for the development cert and another one is the distribution certificate.
You request a new certificate from the portal, upload your certificate request you generated earlier.
You should be able to get your new certificates. You download these two certificates on to your computer, and double click the certificates to install them into your keychain.
Please let me know if you have problems to get your new certificate.

Related

How to check which distribution certificate signed an .ipa?

I have 2 distribution certificates in my enterprise account, and I have distributed a app with one of the certificates of this account, but I don't know which certificate I signed with.
Now the private keys associated with both certificates have been lost. I have to use a new certificate to sign the app when I distribute a new version next time, but one enterprise account can only generate 2 distribution certificates at most, so I have to revoke a distribution certificate, but I don't know which one can be revoked, if I revoke the certificate that has used to sign my app last time, then all the apps have installed on the user's phone will can't be open.
what should I do? Thank you very much.
Hope below image will help you,

Renew Apple developer certificate

I am just about a week away of expiration of the Apple developer certificate. Accidentally I lost the CSR file which I used when I created the last certificate which I am currently using.
Could you please let me know what all issue I may face if I will go with another CSR for new certificate?
Note:
Without CSR, you will be able to work with existing certificate but once it expires, you must create new one and you can use/create new CSR if previous one is lost.
Updating your certificate will not impact on your distributed build on public environment (Apple App Store). But of-course it won't allow you to distribute your new build with invalid/expired certificate.
Here is an instruction from Apple Developer Documentation for Code Signing Identity, that says,
If you lose control of your Apple-issued signing identity, such as
your Developer ID or Mac App Distribution identity, report this to
Apple immediately. Apple will invalidate the old identity and help you
to replace it. While this seems like a bit of work, it is critical,
because anyone possessing your identity can distribute potentially
malicious or destructive code that looks like it came from you.
This may also help you.
No Code Signing Identities Found
Xcode detects when you’re missing a signing identity. Typically, this happens when you move from one Mac to another. Follow the steps in Creating the Team Provisioning Profile to create your signing identity and add it to the team provisioning profile. You’ll have the option of importing your signing identity from another Mac or resetting it. If you use a custom development provisioning profile that you manage yourself, it becomes invalid after revoking the development certificate. Read Editing Provisioning Profiles in Your Developer Account to regenerate it.
To avoid this problem, export your certificates as a developer profile file on the other Mac, and then import them on your new Mac, as described in Exporting and Importing Certificates and Profiles.
As per apple documentation .CSR is used in combination with your App ID, provisioning profile and entitlements. So, if one have both (App ID and provisioning profile) it will harmful to you.
.CSR explanation

Auto revocation of distribution certificate

My role is member in apple developer program.
I had been given distribution certificate and adhoc provisioning profile.
I released the app but later on certificate has been revoked.
I am wondering what would have caused this ?
As far as I know development certificates can be created and removed by a person who is having member role also which is me.
sometimes If xcode autocreates a certificate it might revoke the existing certificate and add the new one.
But in my case its not development certificate that have got revoked but distribution certificate that got revoked.
A person with member access can submit CSR for Distribution but can not either add new one or revoke existing one.so auto revocation of distribution certificate is not possible.
But I can see a new distribution certificate in the member center on the same day.
Which makes me think whether somebody revoked it manually and added the new one or xcode did it.
somebody with experience please clarify this.
Some One have login into xcode and run it after that so its revoke certificate automatically. remove login from xcode and set certificate manually in xcode.

How can I "revoke and request" my iOS Developer Profile?

I am trying to export an .ipa file from XCode 6, and I get an error like this:
The dialog says "revoke the current certificate and request one again", but I don't see a way to do that. The Apple Troubleshooting page for this issue suggests I should click the "Revoke and Request" button, but I don't see one.
How do I revoke the old developer certificate and request a new one?
I suppose that the certificate is a distribution one, not development one. It seems that you have installed your iOS Distribution certificate in another Mac. And, it seems again that you download this certificate from Apple portail and import to your new machine. Of course, the simple import is not valid. Cause a certificate requires a private key to be associated with.
Then, you have 2 solutions:
Export your certificate from old machine (include private key) then import to your new machine. I recommend it.
Revoke this certificate if you do not use anymore on old machine. Then, from new machine, create new request signning and request again the distribution certificate.
Visite your account, in distribution certificate section, click to the certificate to revoke, you will see "Revoke" button.
Beware that all provisioning profiles created with this certificate will be invalidated.
Just for info, you have only <= 2 distribution certificates to be created.

New iOS team member: no valid signing identity

This is getting frustrating. I have two identities, one old, one new, and the latter should be used to deploy iOS apps to the App Store.
I've created the new user, granted him admin access, then I created the app name and provisioning profiles. However, in the Organizer I see that the Dev provision works flawlessly, while the Deploy profile shows me the dreaded error:
Valid signing identity not found.
How can it be?
Well, I see that in the Certificates section in the iOS Provisioning Portal, there is only one distribution certificate, the one belonging to my company.
Is there a way to enable the new user to create apps without accessing the uberadmin's Xcode?
Thanks & Cheers!
You need the key that was used to create the Distribution Certificate for your company.
Remember when you created your developer certificate? Then you went to keychain -> certificate assistant -> Request a certificate from ...
When you did this, your Mac paired your certificate request to a key in your keychain. Once your developer certificate was processed and you downloaded it to your computer, it could be accessed by your computer through that key.
But if you did not create the Distribution Certificate that your company has, you don't have the key on your computer.
Take a look at your certificates in keychain:
Go to 'Certificates' and expand your developer certificate - it will have a little key with your name.
Now try to expand your distribution certificate - it will not have a key, right?
If this is the case, you have two options:
Ask the person who created the Distribution Certificate to export it from his keychain. This will create a file that includes both certificate and key.
Delete the current Distribution Certificate, and create a new Certificate Signing Request from your computer, which will connect it to a key that you have.
First method require access to "Uberadmins" computer. The second require admin access to your teams Apple account. There is usually no downside in using method 2, because creating a new certificate is necessary from time to time anyway. It will not affect already published apps, just coming releases and updates need to use a the latest certificate.
Once all this is done, you need to create a distribution provisioning profile for App Store and connect to the Distribution Certificate that you are going to use. (if you went with option 1, you might already have done this).
Download the profile to your computer, install it, and then in your app, select to build with this profile for distribution builds.
According to Apple's documentation:
A team’s distribution certificate allows a developer to build an app for distribution. If your team wants to use another Mac to create a distribution build, you need to transfer a copy of the distribution certificate as described in, “Safeguarding and Transferring Your Signing and Provisioning Assets” in Tools Workflow Guide for iOS. (from Managing a Distribution Certificate)
So, in order to have multiple users able to create & submit App Store builds, you must share a private key between them.
Create a new private key for the team, and then send that private key to everyone who needs it. Follow the instructions under Generating a Certificate Signing Request with Keychain Access.
See also: Any concern to share private key for distribution certificate among different group under a team account in itune provisioning portal

Resources