Quick question. Our apple developer distribution certificate expires at the end of this month. When it expires it does not effect any apps that are currently up on the app store (that the expiring dist. certificate was used with), correct?
It only means for future distribution a new certificate will need to be created to submit apps to apple, correct?
Im pretty sure i know the answer, just one of my co-workers questioned it and have a little doubt that i need to double check.
Thanks
when you cert. expires your already submitted apps will continue to work but you not able to update the apps until you renew your account.And yes you already know the answer
Related
I submitted a few app updates about a week ago. Yesterday, my iOS Distribution Certificate issued by Apple Worldwide Developer Relations Certificate Authority expired. Xcode organizer prompted me to renew one, and it installed, and I deleted the old one from the Keychain Access Tool. My question is this: will me having to replace the distribution certificate have any adverse affects on the updates I submitted with the old one?
Please note that there are two certificates: the Apple WWDR and the Distribution certificate that is actually used to sign your app. The Apple Worldwide Developer Relations Certification Authority certificate basically certifies that your other certificates are valid.
There should be no adverse effects, as it is not this certificate, but your distribution certificate that is used for signing your app.
Adding to what #gambit said. Another point to look at is Apple's responsibility toward the app customers. Today i buy your $100 app and tomorrow you decide to adopt sainthood and never renew your certifcates - why should i waste money? App once installed lives on forever unless it breaks because of updates.
While making my application to be listened for Push Notification, I have read the guideline given by Apple. It is clearly mentioned that Certificate for Sandbox and Production should be separately created.
My question is, is that Production certificate goes with "Distribution Profile" also?
If yes, then does this means that even though I am creating this profile for testing purpose I have to attach my Production Certificate with that Profile?
Thank you in advance.
The debug/developer pem has to be used with a developer mobileprovision and Apple's sandbox APNS URL
The distribution pem can be used with an Adhoc and App Store mobileprovision and Apple's production APNS URL
Not sure if this answers your question. If you need any more details, please specify in your question.
I know ASIHTTPRequest works perfectly well with HTTPS. All we need is this one line of code:
[myASIHTTPRequest setValidatesSecureCertificate:NO]
Here's my question, I don't have any HTTPS certificates approved by any authority, including the US government. And I am not a US citizen, and my app isn't targeted at the US market. When I submit an app containing the above HTTPS code,
Do I need to check the encryption box when submitting?
If I don't check that box, will the HTTPS code be detected? (Like an private API?)
If I check that box, will I get rejected? (since I don't have any certificates approved by any authority)
If I have to get a certificate approved by someone before my app get approved by the App Store, how long will this apply-and-get-approved process be, and what about the cost?
Thanks in advance!
Do I need to check the encryption box when submitting?
No. Your not encrypting any data on the device, it's only transport encryption provided by apple so don't have to tick the box.
If I don't check that box, will the HTTPS code be detected? (Like an
private API?)
As above, it doesn't matter.
If I check that box, will I get rejected? (since I don't have any
certificates approved by any authority)
If you tick the box you have to fill out a lot more information and your in for a long long wait just getting the legal stuff squared away before you even get to the app review..
If I have to get a certificate approved by someone before my app get
approved by the App Store, how long will this apply-and-get-approved
process be, and what about the cost?
You buy a certificate from any root certificate authority. Certificates expire, so you have to renew it when it runs out. The cost depends on who you buy the certificate from. I would recommend that you shop. You can also get wildcard certificates e.g. *.example.com that would allow you to setup any site ending in .example.com.
The accepted answer is simply wrong, and following its advice puts your app in danger of being removed from the App Store. You should look at the FAQ for Worldwide Trade Compliance on the iTunes Connect site. It clearly states that even if you use iOS-provided HTTPS, you still need to submit an ERN request to the US government. Also, it does not matter that you live outside the US, as your app is distributed by a company (Apple) in the US.
See this blog post for more details, especially the comments, as BIS has recently made it easier to apply.
I built an iOS app for an organization that has an app already on the store. After weeks of trying to get the guy who has the key to sign the app, they finally came back and said, "Just get it done!". So I am wondering how to proceed. If I go into the provisioning portal, and revoke the dist certificate, and then re-assign one, will I then be able to sign the app and upload it without problem?
That is what I was going to do, but I don't know the ramifications for the existing app. Will it mess anything up with that? And then when the organization wants to continue updates on their apps, can't they just revoke, and then reassign the certificate to them again?
This part of the process is a bit foggy to me, so a little clarification would be appreciated!!
There is no problem doing this unless you are on an enterprise account. Distribution certificates expire anyway, so eventually it will happen that you need a new one. Go ahead and delete away.
You can also find this question asked, answered, and asked again many times over on the Apple Dev forums (e.g. here's one), so google around there if you're still hesitant.
About Enterprise Developer accounts:
With thanks to Mike's comment
An App store app gets resigned with an Apple certificate when it goes on the store. Revoking the cert in the provisioning portal therefore won't affect it. Enterprise apps use the original certificate, which means revoking it will cause the app to stop functioning on all devices it is installed on. If you revoke an enterprise account's certificate, all apps installed on all employee devices will stop working
Revoking a certificate has no relation to the App Store or existing apps. Once
you revoke your certificate, it will be deleted from the list of certificates. Revocation
has these effects:
You can no longer build apps in Xcode using provision profiles containing the revoked
certificate.
You can no longer submit apps to the App Store that were signed with the revoked certificate or built with the affected provisioning profiles.
You can revoke it after you have paid for your next year of service.
It will then prompt you for a new certificate.
You submit your CSR, download the new cert, and remake your provisioning profiles.
If we revoke the existing certificate and
1)If ur using enterprise account that applications which has dependency on this certificate will stop working in App store
2) If ur using Development account that applications which has dependency on this certificate will working properly.
The company I work for has outsourced development of an iPhone app to another company. They want the binary to be signed with our certificate for distribution, but they've asked me to pass the private key (certificates.p12) used to create our certificate on to the other company. I am extremely concerned about handing the ability to sign applications as us over to another company.
How can I convince my boss this is a really bad idea? What alternative solutions can I suggest to him? I have already asked him to get the source from them so we can sign and submit it ourselves, but without the ability to conclusively state that giving them the certificate is a bad idea, I'm kinda stuck in the "just look into it for me" limbo.
You don't need the source. You just need the compiled binary (make sure it's ARM, not x86) to sign with codesign.
The outsource company can just build and sign the app with their own certificate. You can then resign the app with your company's certificate before submission (use codesign).
There's not too much a consultant can do with the private key to just an App store Distribution certificate but without the team agent's iTunes Connect login credentials, as Apple's review team are the only ones who can run an app signed with your Distribution certificate, and you can't submit an app to iTunes Connect without the login matching the certificate (AFAIK).