Certificate Revocation Impact

Background
We are using a Developer ID application certificate to sign our application. We lost the private key and we need to revoke it before we can receive a new one.

Per documentation (https://developer.apple.com/support/certificates/), I know that previously installed applications will still be able to run, but new installations will not be able to work.

I want to confirm what will happen when we revoke the certificate so we know how to prepare customers for this upcoming change.

Questions

  1. Will existing installations of the application receive a notice that the certificate has been revoked?

  2. Will previously installed applications be able to launch again after they are closed?

  3. What will the user see when they try to install the application with the revoked certificate?

Up vote post of sjones_forescout Down vote post of sjones_forescout
2.4k views
Posted by
sjones_forescout
Reply
Add a Comment

Replies

Hello, I'm interested to know the answers please. Did you got any?

Posted by
NextApple
Up vote reply of NextApple Down vote reply of NextApple
Add a Comment

See Developer > Support > Certificates.

In general you would not revoke a Developer ID certificate just because you lost the private key. Developer ID revocation is an extremem measure, reserved for situations where the private key has been compromised.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

When you revoke an Apple enterprise certificate, all applications signed with that certificate will become invalid and cannot be installed or updated.

Additionally, any configuration profiles, VPN settings, or other mobile device management (MDM) features that rely on your enterprise certificate will also become invalid.

If you revoke a certificate and wish to continue using your applications and mobile device management features, you will need to re-sign your applications and configuration profiles with another valid enterprise certificate and install these updates on your mobile devices. If you use a mobile device management (MDM) solution, you may also need to reconfigure your MDM server to use the new certificate.

Posted by
Archangelonelay
Post not yet marked as solved Up vote reply of Archangelonelay Down vote reply of Archangelonelay

  • To be clear, this thread is about Developer ID certificates on the Mac, not Enterprise certificates on iOS.

    eskimo
Add a Comment