Hey everyone,
We have an enterprise developer account and have two distribution certificates. Both are expiring in 2016, one in February and one in November of 2016. The problem is that we have lost the private key associated with the November cert so it cannot be used to sign .ipa's.
We have 3 apps deployed to end users using an MDM solution, and with our distribution certificate expiring soon, we want to revoke the incomplete November cert (because Apple only lets us have two active distribution certs) and create a new one to sign our apps. The problem is that we are not sure which certificate was used to sign the apps, it could be the February one or it could be the November one before the private key was lost. Thus, we are hesitant to revoke the November one in case an app was actually signed with that certificate and becomes non-functional.
Thus, my question is, is there a way to check which certificate was used to sign an .ipa? I have been able to find commands for the terminal such as codesign -dvvv <path_to_embedded_provision>/ but the output of this is only the name of the cert and the timestamp for when it was signed. This information is not helpful as both our certs are named identically, and we are not sure when we lost the November private key so we can't use this timestamp to compare. In addition, I found another command: security cms -D -i <path_to_.app_file>/ which gives information about the mobile provisioning profile such as its expiration date. If only there was a similar function for the distribution certificate.
Please let me know if you know of a way to solve this problem.
Thanks!