Effect of Pass Type ID w NFC Certificate Expiration

I'm having a hard time finding in the Wallet documentation what the net effect would be when the production signing certificate for a Pass Type ID w/ NFC expires out. I'm pretty sure any attempts to install a pkpass signed by an expired certificate will fail, but what I'm a bit unclear about is whether & how users who have already installed the pkpass previously while the signing certificate was valid would be affected. Will this already installed NFC pkpass signed with the expired certificate no longer be able to provide its function & so push notifications should be sent to attempt to update the pkpass with a new one that is signed with a currently valid certificate? Does the pass get removed automatically from Wallet or is the user notified in some way that the pkpass is expired due to the signing certificate?


If anyone can point me at the documentation that covers this, I'd appreciate it.

Up vote post of abot Down vote post of abot
2.2k views
Posted by
abot
Reply
Add a Comment

Replies

Abot,

Have you found a solution to this question?

We are currently looking for an answer to the same question.


If anyone else has an answer as well please feel free to provide here.


Much appreciated :-)


Thank you,


IoT Influx Team

Posted by
Iot-Influx
Up vote reply of Iot-Influx Down vote reply of Iot-Influx
Add a Comment

Any updates on this? Not able to find any correct answer for this.

Posted by
santoshshetty
Up vote reply of santoshshetty Down vote reply of santoshshetty
Add a Comment

A little late to the party, but I can definitively answer this. When a .pkpass bundle is signed, the signature contains the signing date. As long as the date is within the validity of the certificate used to sign it, then the pass will continue to function and can be deleted and re-installed.

If a certificate expires, you are unable to sign a new .pkpass bundle, which means that you cannot create any new passes or update old passes. But your legacy passes will continue to function.

Passes signed with a new certificate with the same PassTypeIdentifier will overwrite the old passes - meaning that updates signed with the new certificate will work seamlessly.

Posted by
PassKit
Up vote reply of PassKit Down vote reply of PassKit
Add a Comment