4

I am part of a development team with many apps spanning multiple business units and iOS teams. We are having a lot of trouble right now managing distribution certificates. Apple lets you have 3 distrution certificates on one development account, but there is no way to name the certificates uniquely, so they all look the same. The only identifying information on the different certificates is the date on which it was generated. Apple, why can't we rename these distribution certificates so that we can manage them better???

We need the ability to allow multiple build boxes to archive and submit to iTunesConnect for TestFlight or App Store releases.

We are finding ourselves accidentally revoking each other's distribution certificates all of the time, and even worse making it impossible for beta users to install from TestFlight if the certificate has been revoked. Apple, why do you disallow installation of TestFlight builds if the "developer's certificate is no longer valid"??? This is crazy. You don't do this when an app has been published in the App Store. Why should TestFlight be any different??? Why punish beta users because the developers have accidentallly revoked a certificate??? We also think that it is Xcode's "Reset" or "Fix it" buttons that are doing the certificate revoking and causing so much trouble.

So how are other large development organizations handling this better? We've got a big team, but not nearly as big as many others that are out there.

We've tried assigning different dev teams a certificate generated on a particular date and asking them to only use that date and never revoke anyone elses' certificate. We've also tried exporting certificates from a single box. But it seams that no matter what we do something happens that causes the certificates to become revoked. It seems that Xcode itself is causing this.

toofah
  • 4,455
  • 4
  • 31
  • 42
  • You are not alone experiencing frustration in this area! See my (linked) question http://stackoverflow.com/q/36987995/24283 – timday May 02 '16 at 20:39

2 Answers2

1

Have you ever tried fastlane

https://fastlane.tools/

also you can try match (one of the tools in fastlane) that could help you to sync with all your devs the certificates

https://github.com/fastlane/match

also with fastlane tools you can automatically submit to appstore and testflight ipas

HTH

Matteo Vitolo
  • 73
  • 1
  • 6
  • 1
    Thanks for your suggestion. I'll have to check it out! For now we have decided to lock down access to our distribution certificates to only a few people and carefully manage them so that they don't get revoked out from under us. We will have everyone use the same certificate and export as necessary to other build boxes. – toofah Mar 11 '16 at 22:53
1

We adopted the following approach and have been conflict free for a few months now! We first removed the 'admin' role from most of our development team members so that they couldn't so easily revoke certificates by clicking on a 'fix' button. Then we generated a single distribution certificate that we share amongst the team. We also encourage builds being made on a shared build box when possible.

toofah
  • 4,455
  • 4
  • 31
  • 42