When renewing an iOS distribution certificate, what will happen to my app that is in review? and will it use the same privarte key?

Question

My app is waiting for review and now the distribution certificate is just about to expire.

From my understanding, to renew the profile you just tap 'renew' in the portal.

• Will it use the same private key or will a new signing request be needed?
• What will happen to my app that has not yet been approved? Will I have to re-build / re-sign the app?

Answer 1

This question likely hasn't received a lot of attention as the second of your question calls for speculation on the inner workings and process of Apple and the App Store Review Team. Let's deal with what we absolutely know first:

Will it use the same private key or will a new signing request be needed?

Yes, so long as you tap the 'Renew' button, the existing public-private key pair will be used and a new certificate will be issued with an expiry set in the future. This avenue is the quickest and most painless way to deal with your code signing identity renewals. The Organizer will download and install the reissued certificate and once your current certificate formally expires, it will auto-switch to the new certificate.

If, however, you accidentally delete either your private or public key, then you will need to:

1. Go through the CSR process
2. Reissue your certificate
3. Install your certificate
4. Reissue your provisioning profiles
5. Remove the old profiles
6. Install the new profiles
7. Update code sign settings if necessary
8. Retest the build to make sure everything works properly.

Clearly this is way more work when done by hand and the one-touch renew button is a much quicker way to skip all of that manual code sign maintenance.

What will happen to my app that has not yet been approved? Will I have to re-build / re-sign the app?

As a heads-up, this subquestion calls for speculation about Apple's internal practices and as such should be treated with an appropriate amount of skepticism. Just to be crystal clear: I have no inside knowledge about how the App Review Team and their tools for approving apps work behind the scenes, but can speak to the technical aspects of the certificate and what may shake out from a certificate expiry mid-review.

We know from issuing our other apps that after the review process happens and an app is formally approved, there is a 'Preparing for AppStore' state that typically takes a few minutes to complete before transitioning to 'Ready for Sale'. Incidentally, this delay closely mirrors that of the application packaging and code signature phases of our own Xcode build process. Second, it would make little sense for Apple to prepare each and every binary it receives for the App Store. We know that there are a non-trivial number of submitted builds that get rejected each day for various violations of the Developer Program, blatant application crashes, and even the occasional invalid rejection. Collectively, these 'bad builds' will never hit the App Store, so it would make little sense to waste the time, effort, and storage space stashing these prepared apps just in case they were to get approved (you know we developers...we're overly protective of our time on the processor and our storage space!) Anyways, if you accept these hypothesis' as fact, then here's how an expired distribution certificate would likely impact your mid-review app:

If the App Store Review Team has not started the review

Your build would be rejected as the embedded provisioning profiles would be expired at the time the Reviewer picks up your app from the queue. While the Reviewer likely resigns a copy of your app for their own internal test devices, I'm certain the Review Team has a tool, script, or the iTunes Connect portal itself responsible for validating certain technical elements of the uploaded binary much like Xcode and the Application Uploader do at the time of submission. In this case, a simple rebuild and resubmit with the new distribution certificate and profile is all that is needed.

If the App Store Review Team has started the review

Depending on when the reviewer's device performs its next ad-hoc build check, your app may or may not launch on the reviewer's device(s). If it continues to work for the balance of the review cycle, and gets the team's stamp of approval, then you wouldn't need to worry about anything until you want to submit the next version.

On the other hand, if it does check and fail to launch the next time the review reopens the app, then you'll get an iTunes Connect rejection notice. Like before a rebuild and resubmit is all that would be necessary.

Alternatively, you could simply resign the expired binary using the code sign command line tool, however the specifics of doing so are outside the scope of this SO question so I'll leave that as an exercise for the reader (or for the reader to open another SO question!)

Answer 2

Went through certificate expiration. Once your certificate expired, it will be automatically removed from developer.apple.com, so new certificate must be created. Also all provision profiles with this certificate expired, expired even several hours early than certificate, so it's good idea to create new certificate and update profiles several days before it will expired. Once your application uploaded to the iTunes connect, nothing bad will happen if certificate will expired (in my case application was in 'waiting for review' when certificate expired, and review process started several days after it). But review might be failed if you will reject certificate, not sure about this case.