Reputation: 4475
Managing Distribution Certificates with a Large Dev Team
I am part of a development team with many apps spanning multiple business units and iOS teams. We are having a lot of trouble right now managing distribution certificates. Apple lets you have 3 distrution certificates on one development account, but there is no way to name the certificates uniquely, so they all look the same. The only identifying information on the different certificates is the date on which it was generated. Apple, why can't we rename these distribution certificates so that we can manage them better???
We need the ability to allow multiple build boxes to archive and submit to iTunesConnect for TestFlight or App Store releases.
We are finding ourselves accidentally revoking each other's distribution certificates all of the time, and even worse making it impossible for beta users to install from TestFlight if the certificate has been revoked. Apple, why do you disallow installation of TestFlight builds if the "developer's certificate is no longer valid"??? This is crazy. You don't do this when an app has been published in the App Store. Why should TestFlight be any different??? Why punish beta users because the developers have accidentallly revoked a certificate??? We also think that it is Xcode's "Reset" or "Fix it" buttons that are doing the certificate revoking and causing so much trouble.
So how are other large development organizations handling this better? We've got a big team, but not nearly as big as many others that are out there.
We've tried assigning different dev teams a certificate generated on a particular date and asking them to only use that date and never revoke anyone elses' certificate. We've also tried exporting certificates from a single box. But it seams that no matter what we do something happens that causes the certificates to become revoked. It seems that Xcode itself is causing this.
Upvotes: 4
Views: 500
Answers (2)
Reputation: 4475
We adopted the following approach and have been conflict free for a few months now! We first removed the 'admin' role from most of our development team members so that they couldn't so easily revoke certificates by clicking on a 'fix' button. Then we generated a single distribution certificate that we share amongst the team. We also encourage builds being made on a shared build box when possible.
Upvotes: 1
Reputation: 73
Have you ever tried fastlane
also you can try match (one of the tools in fastlane) that could help you to sync with all your devs the certificates
https://github.com/fastlane/match
also with fastlane tools you can automatically submit to appstore and testflight ipas
HTH
Upvotes: 1
Related Questions
- Certificate has either expired or has been revoked
- Apple Push Service certificate is not trusted
- Distribution certificate / private key not installed
- Xcode 10: A valid provisioning profile for this executable was not found
- Xcode "Build and Archive" from command line
- What kind of Certifcate and Provisioning Profile is needed for an iOS Apple TestFlight release?
- How should an organization with multiple iOS applications under development manage iOS distribution certificates?
- TestFight beta testing for internal testers - Build state is "processing"
- Revoking company iOS distribution certificates and creating a new one with a new key
- Xcode upload for TestFlight - do I need a distribution provisioning profile?