5

I need to renew my Development & Distribution Certificates. It's expiring soon and I'm a bit worried doing so before being 100% sure I'm doing the right thing. (there are 20 apps on the app store attached to those Certificates ) Any way, I've read a few guides online and couldn't find an answer for that, after I request a new CSR from my keychain, should I use the same certSigningRequest file bor both Development & Distribution or should I create a new one before each one?

If I didn't save the CSR from last year, will I need to upload new pems file to gain back push notifications on my apps?

tshepang
  • 12,111
  • 21
  • 91
  • 136
Segev
  • 19,035
  • 12
  • 80
  • 152

2 Answers2

6

Yes you can. There's nothing wrong with that, I do it all the time. In fact, keep your CSR so you can use it in the future and save yourself some effort.

Mackey18
  • 2,322
  • 2
  • 25
  • 39
  • What do I gain if i save the CSR from last year? – Segev Jan 07 '13 at 08:40
  • 1
    You simply don't have to generate a new one. However, if you're doing things like Push Notifications where you need a Private Key, it's advised, otherwise you'd have to generate completely new server certificates every time you got a new CSR. If you keep the same CSR everything works with each other when you have to create a new certificate for whatever reason, otherwise there could be incompatibilities. Hope that makes sense. – Mackey18 Jan 07 '13 at 08:44
  • Let me understand this more clearly. Right now I have 6 apps on the appstore , after I renew the Development & Distribution Certificates (I don't have the old CSR) I'll have to renew all the pem files on my server for each app to gain back push notifications?? – Segev Jan 07 '13 at 09:19
  • I should have mentioned this in my question. The apns is the first thing I'm worried about. – Segev Jan 07 '13 at 09:27
  • 1
    @Sha Sorry for the late reply. Yes that is so. The PEM file uses a Private Key linked to the CSR. The CSR is used to create the Cert (therefore the Cert is linked to the Private Key). When you merge the Cert and the Private Key together into a single PEM (or just use them in conjunction with each other), they need to be able to work together or push Notifications will not work. Therefore it's essential that the Private Key comes from the CSR used to create Cert. – Mackey18 Jan 07 '13 at 11:37
0

Yes, you are using only one CSR and when your certificate is approved in Provisioning portal you are creating Distribution and Development certificates.

After that you can always create new user with different privileges and different certificate but why bother?

Amar Kulo
  • 1,098
  • 8
  • 18
  • What do you mean by "when your certificate is approved". To my understanding I create the CSR with my keychain and when I revoke my Development or Distribution certificate I need to upload that same CSR file. My question is should I upload the same CSR to development and to Distribution – Segev Jan 07 '13 at 08:23
  • You don't need to revoke them, renewing from XCode will do all that for you using single CSR. You can use one or two, it's completely up to you, for one-man-company or single user using one is easier, that's how I do it. – Amar Kulo Jan 07 '13 at 08:56