Menu
I have a quick question. I develop iOS apps for multiple clients. Each client has their own Apple accounts and I create certificates for them from my machine. My question here is can I use the same CSR file to create certificates for different companies? Thanks.
485
It is recommended that you generate a CSR each time you renew your old certificates. Though some web servers may allow you to use the old CSR, generating a new one takes care of incorporating new encryption methods and hashing algorithms into the new certificates.
Answer: Yes.Best practices are to generate a new certificate signing request (CSR) when renewing your SSL/TLS certificate. Generating a new CSR creates a new unique keypair (public/private) for the renewed certificate. For more information, see Create a CSR.
You can generate the CSR from any server you like, but the final certificate must then be installed on the same server. (The private key that matches the CSR is on that server.) You could then export the certificate including the private key, and install on another server.
Yes, technically you can use the same Certificate Signing Request to create multiple certificates for multiple companies, clearly the certificate request must be uploaded from the right developer account.
The CSR contains in fact the requester public key that will be used by the CA (in this case Apple) to create the requested certificate. You can see its content by using the openssl command:
openssl req -text -noout -verify -in CertificateSigningRequest.certSigningRequest
But as a user correctly noted in a comment, all your certificates will be tied to the same private key (a public/private key pair is in fact regenerated each time you create a CSR) and this could lead to a reduced security if the machine requesting the certificate gets compromised. Some services require a unique CSR for each certificate generation but at the moment this is not enforced by Apple which allows the same CSR to be reused. This CSR separation is especially useful for the creation of the distribution certificates and the APNS production certificates.
129
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
