0

I have a client who forgot to pay for their enterprise account and therefore their apps stopped working, as expected.

However, one would think that it should be sufficient to just start paying again to be able to use the apps as before. But as it seems, all certificates in the apple developer portal are now deleted?!

Is this expected behaviour or will they show up after some time again?

As it is now, we will have to rebuild all apps again with new distribution certificates. Is this the solution?

ullstrm
  • 9,812
  • 7
  • 52
  • 83
  • I'm voting to close this question as off-topic because it is a question about a specific account, and not a general interest question. This matter should be addressed to Apple directly by the holder of the account. – Ken White Jun 30 '16 at 01:38

1 Answers1

1

Short answer to your question:

I wouldn't expect the certs to automatically reappear. I recommend opening a support incident with Apple. Since the account was recently renewed, you should have two incidents available.

There's this section of the App Distribution Guide which talks about re-creating deleted certificates but I'm guessing it's more geared toward iTunes distributed apps and circumstances where certificates (private keys) are deleted but not revoked at Apple's CA.

Instead of recompiling your apps, you might be able to instead push out updated Provisioning Profiles and Certs. See below for more details.

Additional info:

It makes sense that Apple would revoke Enterprise certs upon membership expiration since that's the only way they could force apps to stop working. Since Enterprise apps stop working when either the Provisioning Profile or the Certificate expire, Appple can't push out an expired Provisioning Profile, and there's no in-app check for a Profile either (which is why if you delete your Profile in the developer portal, it won't affect any already downloaded/installed apps), which leaves the only other option: revoke the certs. The affected apps stop working once they sync with Apple's CA. Devices without connectivity will continue working until the Profile expires.

It may be possible to remove your certs from the Certificate Revocation List (CRL) but Apple support would be your only likely resource to help with this.

If you're out of options for re-enabling your old certs, you can update the Provisioning Profiles (and I think Certs) and push that out without recompiling all your apps. Also, if you use wildcard App IDs, an update to one app Provisioning Profile will apply to all installed apps that share that App ID.

If your users' devices are managed via MDM, it's possible to push updated provisioning profiles via MDM, and according to this post, via Device Enrollment Program (DEP). I thought I read a while back that you could also update provisioning profiles from a desktop/laptop to a connected device using iTunes - not sure where that is now. I don't know if it's possible to direct users to a link to update the Profile OTA like they would install an app.

I hope this helps in some way. Please let us know what happens - I fear the same could happen to me, whether a cert is deleted by Apple or a haphazard developer.

Community
  • 1
  • 1
MJA
  • 350
  • 1
  • 3
  • 15