我们的客户刚刚加入了 iOS Developer Enterprise Program。他们已经使用他们的 Enterprise Distribution 签署了应用程序(由我们开发),并通过 MDM 成功地将其安装在一些设备上。
据我所知,当我的非企业分发证书到期时,我必须更新它。一旦设备根据 Apple 的 OCSP 服务器检查证书的有效性,此过期将禁用所有使用过期证书签名的应用程序。
或者,我可以在到期日期之前撤销我的非企业分发,并向 Apple 申请新的分发。使用已撤销证书签名的应用程序(例如 Ad Hoc beta 应用程序)将根据相同的机制被禁用。
所以对于我的开发者程序,我不能同时拥有两个有效的分发证书。好吧,作为开发者,我们可以接受。
我们的客户能否通过 iOS Developer Enterprise Program 同时拥有两个有效的企业分发证书?
根据 Apple 的说法:
Certificate Validation
The first time an application is opened on a device, the distribution certificate is validated by contacting Apple’s OCSP server. Unless the certificate has been revoked, the app is allowed to run. Inability to contact or get a response from the OCSP server is not interpreted as a revocation. To verify the status, the device must be able to reach ocsp.apple.com. See“Network Configuration Requirements”(page 9).
The OCSP response is cached on the device for the period of time specified by the OCSP server—currently between 3 and 7 days. The validity of the certificate will not be checked again until the device has restarted and the cached response has expired. If a revocation is received at that time, the app will be prevented from running. Revoking a distribution certificate will invalidate all of the applications you have distributed.
An app will not run if the distribution certificate has expired. Currently, distribution certificates are valid for one year. A few weeks before your certificate expires, request a new distribution certificate from the iOS DevCenter, use it to create new distribution provisioning profiles, and then recompile and distribute the updated apps to your users. See “Providing Updated Apps” (page 10)
我是否遗漏了什么,或者可能是员工在等待辞职的应用程序时无法打开他们的应用程序,他们可能拥有数百台带有多个内部应用程序的 iOS 设备?
最佳答案
这是我们过去 2 年以来一直在处理的问题。内部应用程序会在 1 年后停止工作。对于像我们这样的组织来说,每年重建数百个应用程序并将其重新部署到数千台设备上是一项艰巨的任务。
对我们来说,这是为期一个月的练习,我们重建所有应用程序并通知所有用户通过分发 channel 获取新应用程序。每年仍有一些用户留下无法正常运行的应用程序。
我已就此向 Apple 提交增强请求(错误 ID#9848075),我仍在等待回复。
编辑: 上述错误现已关闭。官方回复如下:
Distribution certs for enterprise are now 3 years in duration.
关于iphone - 如何管理企业分发证书到期?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/9216485/