When you register with Apple and pay your fee, you have to go through several steps in order to be able to build apps and install them on iOS devices. The first step is creating private key and certificate signing request. All your developer certificates will require that you have this private key.
To quote Apple's docs from the provisioning portal on their website:
Quote:
It is critical that you save your private key somewhere safe in the event that you need to develop on multiple computers or decide to reinstall your system OS. Without your private key, you will be unable to sign binaries in Xcode and test your application on any Apple device.
If your hard drive crashes and you don't have a backup of your private key, you will have to revoke your developer certificate and create a new one, and regenerate all your provisioning profiles. Needless to say, this is bad.
Below are the instructions on backing up the private key that's used to create your developer certificate, extracted from the how to section of Apple's provisioning portal:
It is critical that you save your private key somewhere safe in the event that you need to develop on multiple computers or decide to reinstall your system OS. Without your private key, you will be unable to sign binaries in Xcode and test your application on any Apple device. When a CSR is generated, the Keychain Access application creates a private key on your login keychain. This private key is tied to your user account and cannot be reproduced if lost due to an OS reinstall. If you plan to do development and testing on multiple systems, you will need to import your private key onto all of the systems you’ll be doing work on.
When a CSR is generated, the Keychain Access application creates a private key on your login keychain. This private key is tied to your user account and cannot be reproduced if lost due to an OS reinstall. If you plan to do development and testing on multiple systems, you will need to import your private key onto all of the systems you’ll be doing work on.
To export your private key and certificate for safe-keeping and for enabling development on multiple systems, open up the Keychain Access Application and select the ‘Keys’ category.
Control-Click on the private key associated with your iOS Development Certificate and click ‘Export Items’ in the menu. The private key is identified by the iOS Developer: public certificate that is paired with it.
Save your key in the Personal Information Exchange (.p12) file format.
You will be prompted to create a password which is used when you attempt to import this key on another computer.
You can now transfer this .p12 file between systems. Double-click on the .p12 to install it on a system. You will be prompted for the password you entered in Step 4.
Check out this password generator app that shows various techniques including using a data container singleton object to share data between objects in your project.
Why is it such a big deal to re-create your provisioning profiles?
I've done it a couple of times. Doesn't really affect App Store distribution.
Maybe you're pushing out a lot of Ad Hoc Dist builds? I bet not many people are doing that.
I'm not talking about provisioning profiles. I'm talking about the private key that is used to create your developer certificate. If you lose that, you have to revoke your developer certificate and re-create it, AND all of your provisioning profiles (release, development, and ad hoc, across all your products)
Check out this password generator app that shows various techniques including using a data container singleton object to share data between objects in your project.
I'm not talking about provisioning profiles. I'm talking about the private key that is used to create your developer certificate. If you lose that, you have to revoke your developer certificate and re-create it, AND all of your provisioning profiles (release, development, and ad hoc, across all your products)
Yeah I know.
So you are creating different profiles for each product? I only have the distribution profile, the team profile that Xcode automatically creates/maintains, and one ad hoc one (because I do such limited ad hoc). Maybe I'm doing this wrong?
Once you re-create your profiles everything is back to normal. It *is* a bit of a hassle, though.
In KeyChain Access, the private key contains my developer certificate, which is set to expire
in exactly one year.
What must I do when this certificate expires? Will I need to go through this process again,
and export another private key?
Nope. Prior to expiration date (I did it 2 weeks in advance) login to your developer portal on apple and pay for another year. Once your payment cleared (few minutes to few hours) your profile extends to another year from the expiration date. Tnen when you launch Xcode just sync your new profile from organizer.
About main topic: I might be wrong here but I don't think it's a big deal about your local keychain. Your profile is maintain on Apple side. Local keys is just an ssl self signed request to ensure identity, not a validity.
I revoked and recreated my profiles few times with signing process started over and it didn't affected my existing apps being revoked or something.
As long as you paid on time prior to your Dev account on Apple expiration you are good. Even if you screw things up you can call them and they will work with you to help you out. It might take you a lot of waiting and hassle but not the end of the world.
Nope. Prior to expiration date (I did it 2 weeks in advance) login to your developer portal on apple and pay for another year. Once your payment cleared (few minutes to few hours) your profile extends to another year from the expiration date. Tnen when you launch Xcode just sync your new profile from organizer.
About main topic: I might be wrong here but I don't think it's a big deal about your local keychain. Your profile is maintain on Apple side. Local keys is just an ssl self signed request to ensure identity, not a validity.
I revoked and recreated my profiles few times with signing process started over and it didn't affected my existing apps being revoked or something.
As long as you paid on time prior to your Dev account on Apple expiration you are good. Even if you screw things up you can call them and they will work with you to help you out. It might take you a lot of waiting and hassle but not the end of the world.
Thanks for the reply.
Just to get this straight in my head, does my private key need to be backed up every year,
since my certificate expires annually, or does it only need to be backed up once?
Critical: Back up your developer key!
Linear Mode
