225

I built an iOS app for an organization that has an app already on the store. After weeks of trying to get the guy who has the key to sign the app, they finally came back and said, "Just get it done!". So I am wondering how to proceed. If I go into the provisioning portal, and revoke the dist certificate, and then re-assign one, will I then be able to sign the app and upload it without problem?

That is what I was going to do, but I don't know the ramifications for the existing app. Will it mess anything up with that? And then when the organization wants to continue updates on their apps, can't they just revoke, and then reassign the certificate to them again?

This part of the process is a bit foggy to me, so a little clarification would be appreciated!!

pjs
  • 18,696
  • 4
  • 27
  • 56
Stephen J.
  • 3,127
  • 4
  • 20
  • 28
  • 8
    There's a link to [apple's documentation web page](http://developer.apple.com/library/ios/technotes/tn2250/_index.html#//apple_ref/doc/uid/DTS40009933-CH1-TNTAG6). – Artem Oboturov Oct 11 '11 at 09:40
  • 22
    From the linked document: "Important: Members of the Standard iOS Developer Program can be assured that replacing either your developer or distribution certificate will not affect any existing apps that you've published in the iOS App Store, nor will it affect your ability to update those apps." - http://developer.apple.com/library/ios/#technotes/tn2250/_index.html#//apple_ref/doc/uid/DTS40009933-CH1-TNTAG6 – Proud Member Oct 10 '12 at 18:19
  • 5
    The two references are now invalid. Apple's message:."Retired Document Important: This document may not represent best practices for current development. Links to downloads and other resources may no longer be valid" – RK- Nov 06 '14 at 17:21
  • 4
    [This](https://developer.apple.com/library/ios/documentation/IDEs/Conceptual/AppDistributionGuide/MaintainingCertificates/MaintainingCertificates.html#//apple_ref/doc/uid/TP40012582-CH31-SW34) might be the up-to-date documentation. – Michael Radionov Aug 31 '15 at 15:28
  • What about push notification? My distribution certificate has expired and I need to revoke it a make a new one. I do not need to make a new app upload. The one on-line is good. I think I have to do a new certificate and a new .pem (with a new .cert and a new .key). After that will my app receive push notification again, without resubmit? – Miwi Sep 20 '16 at 11:32

4 Answers4

245

There is no problem doing this unless you are on an enterprise account. Distribution certificates expire anyway, so eventually it will happen that you need a new one. Go ahead and delete away.

You can also find this question asked, answered, and asked again many times over on the Apple Dev forums (e.g. here's one), so google around there if you're still hesitant.

About Enterprise Developer accounts: With thanks to Mike's comment

An App store app gets resigned with an Apple certificate when it goes on the store. Revoking the cert in the provisioning portal therefore won't affect it. Enterprise apps use the original certificate, which means revoking it will cause the app to stop functioning on all devices it is installed on. If you revoke an enterprise account's certificate, all apps installed on all employee devices will stop working

mfaani
  • 33,269
  • 19
  • 164
  • 293
PengOne
  • 48,188
  • 17
  • 130
  • 149
  • 41
    Just a note for others coming here: this is only good advice for app store apps. Do not revoke a certificate if you are managing an enterprise account. – Mike Weller Jun 18 '13 at 13:08
  • 4
    @MikeWeller can you explain why? – Karoh Sep 09 '13 at 16:14
  • 77
    @Horak An App store app gets resigned with an Apple certificate when it goes on the store. Revoking the cert in the provisioning portal therefore won't affect it. Enterprise apps use the original certificate, which means revoking it will cause the app to stop functioning on all devices it is installed on. If you revoke an enterprise account's certificate, all apps installed on all employee devices will stop working. – Mike Weller Sep 10 '13 at 07:27
  • With iOS 7, would you say that this is still true, given the new in-app purchase receipt verification process? – SAHM Nov 05 '13 at 16:42
  • @MikeWeller So if enterprise profile expires, then the app on the device gets expired, too ? – onmyway133 Jan 13 '16 at 17:07
  • This entire thing is a cluster. – sammysounder Jan 19 '16 at 22:01
  • 2
    @MikeWeller Ok so if we are managing enterprise apps and revoked the certificate to create a new one, how do we get those enterprise apps to use the new certificate so their app isn't broken so I don't loose my job? – Brandon A Dec 09 '16 at 20:17
  • 1
    @BrandonA, happened to me too. You have to resign all apps and redistribute. Learning process. What I'm wondering though is if I delete a development cert, will it affect production apps? So If I leave the production cert untouched – MobileMon Feb 07 '17 at 14:38
  • @BrandonA You don't. You have to force hundreds if not thousands of people to re-download your apps (and also have them do so when that certificate expires in 1-2 years). It's horrifically broken, in my opionion. – mpowered Oct 03 '17 at 17:58
  • @MobileMon Revoking development certs is fine, it's just revoking the certificate for apps that were signed with that very cert that are problematic. – mpowered Oct 03 '17 at 17:59
  • Beware revoking a Push certificate will immediately prevent push messages to your app! https://developer.apple.com/support/certificates/ – Gerry Apr 08 '21 at 16:08
  • I think it will also stop your TestFlight apps from working – Andy Weinstein May 24 '21 at 17:52
69

Revoking a certificate has no relation to the App Store or existing apps. Once you revoke your certificate, it will be deleted from the list of certificates. Revocation has these effects:

  1. You can no longer build apps in Xcode using provision profiles containing the revoked
    certificate.

  2. You can no longer submit apps to the App Store that were signed with the revoked certificate or built with the affected provisioning profiles.

Bruno Bronosky
  • 66,273
  • 12
  • 162
  • 149
SURESH SANKE
  • 1,653
  • 17
  • 34
  • @SURESHSANKE does it mean that you cannot update apps which certificate is deleted? – zbz.lvlv Oct 09 '14 at 07:13
  • 8
    You can update them with new builds signed with the new certificate. – Gasper Dec 08 '14 at 21:24
  • What if I have sent an application on review and I delete the deployment certificate? Will they reject my app? – Chanchal Raj Oct 16 '15 at 10:46
  • 1
    No they won't reject your app. Because certificate validation is mandatory only for submission, Once submit to review then it doesn't have any relation with the deleted certificate . – SURESH SANKE Oct 27 '15 at 11:36
  • From what I've seen, if I sign an ad-hoc app with a certificate it can't be installed any more after it is revoked. Anyone else see this? – Matt__C Jan 06 '17 at 20:21
  • I want to believe you but.. I'm too much afraid of Apple – Made in Moon Mar 14 '18 at 21:44
3

You can revoke it after you have paid for your next year of service. It will then prompt you for a new certificate. You submit your CSR, download the new cert, and remake your provisioning profiles.

iOSDevSF
  • 1,169
  • 1
  • 13
  • 24
0

If we revoke the existing certificate and 1)If ur using enterprise account that applications which has dependency on this certificate will stop working in App store 2) If ur using Development account that applications which has dependency on this certificate will working properly.

Priyanka N
  • 1
  • As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Jan 28 '23 at 14:56