自签名证书到期对SDK的影响

The impact of self-signed certificate expiration on the SDK. We have developed an SDK and signed it with a self-signed certificate. Our certificate will expire on January 30, 2025. After it expires, will there be any impact on apps that are already published on the App Store?

If a user opens the app on January 31, 2025, will the app crash due to the expired self-signed certificate? Many apps have integrated our SDK, and this issue is very urgent and important for us. We kindly ask for your prompt reply. Thank you!

Here are the steps we followed for signing: Self-signing steps: self-signed certificate xcframework

Keychain creation: Certificate Assistant - Create Certificate - Self-signed Root Certificate + Code Signing Modify trust settings for the self-signed root certificate Sign the already packaged xcframework (Official command example) codesign --timestamp -v --sign "Certificate Name" ~/Desktop/MySDK.xcframework

If a user opens the app on January 31, 2025, will the app crash due to the expired self-signed certificate?

No. When a developer submits their app to the App Store, they have to sign all the code within their app with their distribution signing identity. That means that the App Store never sees the certificate in your XCFramework.

Beyond that, the App Store re-signs the app before distributing it to users. I talk about this in more detail in the App Store re-signing section of TN3161 Inside Code Signing: Certificates.

Having said that, signing an XCFramework with a digital identity whose certificate is self-signed is a weird choice, because it means the Xcode can’t check that version N+1 of your SDK is the ‘same’ as version N. You should use a stable signing identity for this. Most folks use their Apple Distribution identity.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"