I submitted a few app updates about a week ago. Yesterday, my iOS Distribution Certificate issued by Apple Worldwide Developer Relations Certificate Authority expired. Xcode organizer prompted me to renew one, and it installed, and I deleted the old one from the Keychain Access Tool. My question is this: will me having to replace the distribution certificate have any adverse affects on the updates I submitted with the old one?
Please note that there are two certificates: the Apple WWDR and the Distribution certificate that is actually used to sign your app. The Apple Worldwide Developer Relations Certification Authority certificate basically certifies that your other certificates are valid.
There should be no adverse effects, as it is not this certificate, but your distribution certificate that is used for signing your app.
Adding to what #gambit said. Another point to look at is Apple's responsibility toward the app customers. Today i buy your $100 app and tomorrow you decide to adopt sainthood and never renew your certifcates - why should i waste money? App once installed lives on forever unless it breaks because of updates.
Related
We have more than 900 iOS devices enrolled on MDM protal. In last month mdm profile for all devices changed to "Not verified". Due to this we are unable to publish apps on iOS devies. All commnds remains in pending states.
I did some research on it, everyone is saying to reenroll the device which we really don't want to...
Any help would be really appreciated...
Check attached screnshots
What Settings is showing there isn't a provisioning profile of the app but the trust of the certificate that signed the MDM enrollment profile. The only way to change that would be to update or reinstall the MDM enrollment profile or determine what's failing in chaining the signing certificate to a trusted root certificate (you can guess which is usually easier).
That said, the MDM profile not being verified shouldn't have any impact on the MDM channel. Are you sure you weren't affected by some bug like updating iOS via MDM with JAMF? https://9to5mac.com/2018/04/04/jamf-pro-mdm-ios-11-3/
I've just accidentially submitted an update for my app via organizer -> distribute, not noticing that my build settings still had the developer certificate set instead of the distribution certificate.
will the update still work on the users devices, or will it fail to install? I did not find any option to reset the submitted app, so I will probably have to wait until its published. Or will it even be rejected for not beeing signed with a distribution certificate?
App Store will likely reject if you have the wrong certificate. Send Connect an email and explain, they're usually pretty helpful.
Quick question. Our apple developer distribution certificate expires at the end of this month. When it expires it does not effect any apps that are currently up on the app store (that the expiring dist. certificate was used with), correct?
It only means for future distribution a new certificate will need to be created to submit apps to apple, correct?
Im pretty sure i know the answer, just one of my co-workers questioned it and have a little doubt that i need to double check.
Thanks
when you cert. expires your already submitted apps will continue to work but you not able to update the apps until you renew your account.And yes you already know the answer
I built an iOS app for an organization that has an app already on the store. After weeks of trying to get the guy who has the key to sign the app, they finally came back and said, "Just get it done!". So I am wondering how to proceed. If I go into the provisioning portal, and revoke the dist certificate, and then re-assign one, will I then be able to sign the app and upload it without problem?
That is what I was going to do, but I don't know the ramifications for the existing app. Will it mess anything up with that? And then when the organization wants to continue updates on their apps, can't they just revoke, and then reassign the certificate to them again?
This part of the process is a bit foggy to me, so a little clarification would be appreciated!!
There is no problem doing this unless you are on an enterprise account. Distribution certificates expire anyway, so eventually it will happen that you need a new one. Go ahead and delete away.
You can also find this question asked, answered, and asked again many times over on the Apple Dev forums (e.g. here's one), so google around there if you're still hesitant.
About Enterprise Developer accounts:
With thanks to Mike's comment
An App store app gets resigned with an Apple certificate when it goes on the store. Revoking the cert in the provisioning portal therefore won't affect it. Enterprise apps use the original certificate, which means revoking it will cause the app to stop functioning on all devices it is installed on. If you revoke an enterprise account's certificate, all apps installed on all employee devices will stop working
Revoking a certificate has no relation to the App Store or existing apps. Once
you revoke your certificate, it will be deleted from the list of certificates. Revocation
has these effects:
You can no longer build apps in Xcode using provision profiles containing the revoked
certificate.
You can no longer submit apps to the App Store that were signed with the revoked certificate or built with the affected provisioning profiles.
You can revoke it after you have paid for your next year of service.
It will then prompt you for a new certificate.
You submit your CSR, download the new cert, and remake your provisioning profiles.
If we revoke the existing certificate and
1)If ur using enterprise account that applications which has dependency on this certificate will stop working in App store
2) If ur using Development account that applications which has dependency on this certificate will working properly.
The company I work for has outsourced development of an iPhone app to another company. They want the binary to be signed with our certificate for distribution, but they've asked me to pass the private key (certificates.p12) used to create our certificate on to the other company. I am extremely concerned about handing the ability to sign applications as us over to another company.
How can I convince my boss this is a really bad idea? What alternative solutions can I suggest to him? I have already asked him to get the source from them so we can sign and submit it ourselves, but without the ability to conclusively state that giving them the certificate is a bad idea, I'm kinda stuck in the "just look into it for me" limbo.
You don't need the source. You just need the compiled binary (make sure it's ARM, not x86) to sign with codesign.
The outsource company can just build and sign the app with their own certificate. You can then resign the app with your company's certificate before submission (use codesign).
There's not too much a consultant can do with the private key to just an App store Distribution certificate but without the team agent's iTunes Connect login credentials, as Apple's review team are the only ones who can run an app signed with your Distribution certificate, and you can't submit an app to iTunes Connect without the login matching the certificate (AFAIK).