如何管理企业分发证书到期? [英] How to manage Enterprise Distribution certificate expiration?
问题描述
我们的客户刚刚加入了iOS开发者企业计划。他们已经使用他们的企业发行版签署了应用程序(由我们开发),并通过MDM在一些设备上成功安装。
Our customer has just joined the iOS Developer Enterprise Program. They have signed the app (developed by us) with their Enterprise Distribution and installed it succesfully in some devices via MDM.
据我所知,我的非企业分销证书到期我必须续签。一旦设备检查证书对Apple的OCSP服务器的有效性,此过期将禁用使用过期证书签名的所有应用。
As far as I know when my non-enterprise distribution certificate expires I have to renew it. This expiration disables all apps signed with the expired certificate as soon as the devices checks the certificate's validity against Apple’s OCSP server.
或者,我可以撤销之前的非企业分发到期日期并向Apple索要新的。使用已撤销的证书签署的应用程序(例如Ad Hoc beta应用程序)将根据相同的机制禁用。
Alternatively, I can revoke my non-enterprise distribution before the expiration date and ask for a new one to Apple. Applications signed with the revoked certificate, for example Ad Hoc beta apps, will be disabled according to the same mechanism.
因此,对于我的开发人员计划,我不能有两个有效的同时分发证书。好的,作为开发人员,我们可以接受它。
So with my developer program I can't have two valid distribution certificates at the same time. Ok, as developers we can live with that.
我们的客户可以与iOS Developer Enterprise计划同时拥有两个有效的企业分发证书吗?
Can our customer have two valid Enterprise Distribution certificates at the same time with the iOS Developer Enterprise Program?
根据Apple的说法:
According to Apple:
证书验证
Certificate Validation
首次在设备上打开应用程序时,通过联系Apple的OCSP服务器验证分发
证书。除非已撤销
证书,否则允许该应用运行。无法与
联系或从OCSP服务器获得响应不会被解释为
撤销。要验证状态,设备必须能够达到
ocsp.apple.com。请参阅网络配置要求(第9页)。
The first time an application is opened on a device, the distribution certificate is validated by contacting Apple’s OCSP server. Unless the certificate has been revoked, the app is allowed to run. Inability to contact or get a response from the OCSP server is not interpreted as a revocation. To verify the status, the device must be able to reach ocsp.apple.com. See"Network Configuration Requirements"(page 9).
OCSP响应在OCSP服务器指定的
指定的时间段内缓存在设备上3到7天之间。在设备重新启动
并且缓存的响应已过期之前,不会再次检查
证书的有效性。如果当时收到的撤销是
,则该应用程序将无法运行。撤销
a分发证书将使
已分发的所有应用程序无效。
The OCSP response is cached on the device for the period of time specified by the OCSP server—currently between 3 and 7 days. The validity of the certificate will not be checked again until the device has restarted and the cached response has expired. If a revocation is received at that time, the app will be prevented from running. Revoking a distribution certificate will invalidate all of the applications you have distributed.
如果分发证书
有,则应用程序将无法运行过期。目前,分发证书的有效期为每年
。证书到期前几周,请从iOS DevCenter申请新的
分发证书,使用它创建新的
分发配置文件,然后重新编译并将
更新的应用程序分发给您的用户。请参阅提供更新的应用程序(第10页)
An app will not run if the distribution certificate has expired. Currently, distribution certificates are valid for one year. A few weeks before your certificate expires, request a new distribution certificate from the iOS DevCenter, use it to create new distribution provisioning profiles, and then recompile and distribute the updated apps to your users. See "Providing Updated Apps" (page 10)
我是否遗漏了某些内容,或者可能是员工,可能有数百个iOS具有多个内部应用程序的设备在等待重新签名的应用程序时无法打开他们的应用程序?
Am I missing something or is is possible that the employees, with potentially hundreds of iOS devices with several In House apps, can't open their applications while they wait for the resigned apps?
推荐答案
这是一个问题我们自过去两年以来一直在处理。内部应用程序在1年后停止工作。对于像我们这样的组织来说,每年重建数百个应用程序并在数千台设备上重新部署它是一项大规模的练习。
This is an issue that we have been dealing since the last 2 years. The in-house applications do stop working after 1 year. It is a massive exercise for an organization like ours to rebuild hundreds of apps and redeploy it on thousands of devices every year.
对于我们来说,这是一个长达一个月的练习重建我们的所有应用程序并通知所有用户通过分销渠道获取新应用程序。仍然每年都有一些用户留下了非功能性应用程序。
For us it is a month long exercise where we rebuild all our apps and inform all users to get new ones through the distribution channel. Still every year some users are left with non-functional apps.
我已向Apple提交了增强请求(错误ID#9848075 )这个,我还在等待回复。
I have filed an enhancement request with Apple(Bug ID#9848075) for this and am still waiting for a reply.
编辑:
上面提到的错误现在已经关闭。以下是官方回复:
The above mentioned bug is closed now. Here's the official response:
企业的分发证书现在为期3年。
Distribution certs for enterprise are now 3 years in duration.
这篇关于如何管理企业分发证书到期?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
