If I revoke an existing distribution certificate, will it mess up anything with existing apps?

Asked 12/6, 2011 at 5:7 Answered 20/1, 2023 at 10:1

Solved certificate app-store apple-developer ios-app-signing

225

I built an iOS app for an organization that has an app already on the store. After weeks of trying to get the guy who has the key to sign the app, they finally came back and said, "Just get it done!". So I am wondering how to proceed. If I go into the provisioning portal, and revoke the dist certificate, and then re-assign one, will I then be able to sign the app and upload it without problem?

That is what I was going to do, but I don't know the ramifications for the existing app. Will it mess anything up with that? And then when the organization wants to continue updates on their apps, can't they just revoke, and then reassign the certificate to them again?

This part of the process is a bit foggy to me, so a little clarification would be appreciated!!

Cavalla answered 12/6, 2011 at 5:7 Comment(5)

There's a link to apple's documentation web page. – Congenial 11/10, 2011 at 9:40

From the linked document: "Important: Members of the Standard iOS Developer Program can be assured that replacing either your developer or distribution certificate will not affect any existing apps that you've published in the iOS App Store, nor will it affect your ability to update those apps." - developer.apple.com/library/ios/#technotes/tn2250/_index.html#//… – Frasier 10/10, 2012 at 18:19

The two references are now invalid. Apple's message:."Retired Document Important: This document may not represent best practices for current development. Links to downloads and other resources may no longer be valid" – Dryad 6/11, 2014 at 17:21

This might be the up-to-date documentation. – Brodeur 31/8, 2015 at 15:28

What about push notification? My distribution certificate has expired and I need to revoke it a make a new one. I do not need to make a new app upload. The one on-line is good. I think I have to do a new certificate and a new .pem (with a new .cert and a new .key). After that will my app receive push notification again, without resubmit? – Empery 20/9, 2016 at 11:32

246

There is no problem doing this unless you are on an enterprise account. Distribution certificates expire anyway, so eventually it will happen that you need a new one. Go ahead and delete away.

You can also find this question asked, answered, and asked again many times over on the Apple Dev forums (e.g. here's one), so google around there if you're still hesitant.

About Enterprise Developer accounts: With thanks to Mike's comment

An App store app gets resigned with an Apple certificate when it goes on the store. Revoking the cert in the provisioning portal therefore won't affect it. Enterprise apps use the original certificate, which means revoking it will cause the app to stop functioning on all devices it is installed on. If you revoke an enterprise account's certificate, all apps installed on all employee devices will stop working

Suppose answered 12/6, 2011 at 5:11 Comment(12)

Just a note for others coming here: this is only good advice for app store apps. Do not revoke a certificate if you are managing an enterprise account. – Ironstone 18/6, 2013 at 13:8

@MikeWeller can you explain why? – Siloa 9/9, 2013 at 16:14

@Horak An App store app gets resigned with an Apple certificate when it goes on the store. Revoking the cert in the provisioning portal therefore won't affect it. Enterprise apps use the original certificate, which means revoking it will cause the app to stop functioning on all devices it is installed on. If you revoke an enterprise account's certificate, all apps installed on all employee devices will stop working. – Ironstone 10/9, 2013 at 7:27

With iOS 7, would you say that this is still true, given the new in-app purchase receipt verification process? – Mundane 5/11, 2013 at 16:42

@MikeWeller So if enterprise profile expires, then the app on the device gets expired, too ? – Dravidian 13/1, 2016 at 17:7

This entire thing is a cluster. – Beady 19/1, 2016 at 22:1

@MikeWeller Ok so if we are managing enterprise apps and revoked the certificate to create a new one, how do we get those enterprise apps to use the new certificate so their app isn't broken so I don't loose my job? – Diandrous 9/12, 2016 at 20:17

@BrandonA, happened to me too. You have to resign all apps and redistribute. Learning process. What I'm wondering though is if I delete a development cert, will it affect production apps? So If I leave the production cert untouched – Classic 7/2, 2017 at 14:38

@BrandonA You don't. You have to force hundreds if not thousands of people to re-download your apps (and also have them do so when that certificate expires in 1-2 years). It's horrifically broken, in my opionion. – Motherofpearl 3/10, 2017 at 17:58

@Classic Revoking development certs is fine, it's just revoking the certificate for apps that were signed with that very cert that are problematic. – Motherofpearl 3/10, 2017 at 17:59

Beware revoking a Push certificate will immediately prevent push messages to your app! developer.apple.com/support/certificates – Yardage 8/4, 2021 at 16:8

I think it will also stop your TestFlight apps from working – Ohg 24/5, 2021 at 17:52

Revoking a certificate has no relation to the App Store or existing apps. Once you revoke your certificate, it will be deleted from the list of certificates. Revocation has these effects:

You can no longer build apps in Xcode using provision profiles containing the revoked
certificate.
You can no longer submit apps to the App Store that were signed with the revoked certificate or built with the affected provisioning profiles.

Leisure answered 29/10, 2013 at 12:37 Comment(6)

@SURESHSANKE does it mean that you cannot update apps which certificate is deleted? – Semicentennial 9/10, 2014 at 7:13

You can update them with new builds signed with the new certificate. – Wundt 8/12, 2014 at 21:24

What if I have sent an application on review and I delete the deployment certificate? Will they reject my app? – Chirurgeon 16/10, 2015 at 10:46

No they won't reject your app. Because certificate validation is mandatory only for submission, Once submit to review then it doesn't have any relation with the deleted certificate . – Leisure 27/10, 2015 at 11:36

From what I've seen, if I sign an ad-hoc app with a certificate it can't be installed any more after it is revoked. Anyone else see this? – Etna 6/1, 2017 at 20:21

I want to believe you but.. I'm too much afraid of Apple – Edger 14/3, 2018 at 21:44

You can revoke it after you have paid for your next year of service. It will then prompt you for a new certificate. You submit your CSR, download the new cert, and remake your provisioning profiles.

Teddie answered 6/1, 2012 at 1:25 Comment(0)

If we revoke the existing certificate and 1)If ur using enterprise account that applications which has dependency on this certificate will stop working in App store 2) If ur using Development account that applications which has dependency on this certificate will working properly.

Neral answered 20/1, 2023 at 10:1 Comment(1)

As it’s currently written, your answer is unclear. Please edit to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers in the help center. – Ashworth 28/1, 2023 at 14:56

Recommended topics

Hot tags