Creating a second prod certificate

Hi,


We have 2 prod certificates - A to expire in 08/2018 and B to expire in 2021. We have 2 provisioning profiles - C to expire in 04/2018 and D to expire in 08/2018.


I understand that a profile is linked to a certificate. I don't have the admin rights to generate a profile or to create a new cert for my company. However, I'm responsible for doing the build for enterprise distribution using Xcode 8.3.3.


Should I ask that profile D be linked to cert B and be regenerated so it will expire in 2019?


I should download cert B and install in my keychain. If I were to use automatic signing, this will revoke cert A in my keychain? Xcode will pair cert B with profile D?


Revoking a cert in my keychain does not affect the enterprise app already in the field? But revoking a cert in developer.apple.com will affect the app in the field?


We would like to do a new build using a cert and a profile that do not expire this year.


Thank you.

Up vote post of edxsturt Down vote post of edxsturt
2.6k views
Posted by
edxsturt
Reply
Add a Comment

Accepted Reply

This thread has been deleted

Revoking an Enterprise Developer distribution certificate will cause all installed apps that have a distribution provisioning profile that used it to stop functioning. You are correct that the app must occasionally check with Apple's server to see if the certificate and profile are still valid (which is why Enterprise apps don't work well on devices without regular internet access). Apple doesn't say exactly how often that check is done.


If Xcode revokes a certificate, it will be revoked on the developer site.


I'm not sure what automatic signing does if you have 2 distribution certificates installed in your keychain. I haven't used it because I want to make sure I know what is being used to sign things. When I export an archive for Enterprise Distribution, I choose to manual signing and make sure I choose the correct certificate and profile.

Posted by
guywithmazda
Up vote reply of guywithmazda Down vote reply of guywithmazda
Post marked as solved
Add a Comment

Replies

One certificate can sign any number of provisioning profiles which are what you need to run the app on devices.

  • Distribution Certificate: Program wide
  • Provisioning Profile: Per app


You may have two active certificates at any given time. Normally you will only use one at a time and then transition to the second certificate before the first one expires.


Before I attempt to answer your questions...


How many apps do you have?


Which cert was used to generate profile D?

Posted by
KMT
Up vote reply of KMT Down vote reply of KMT
Add a Comment