How should an organization with multiple iOS applications under development manage iOS distribution certificates?

Question

I\'ve recently had some involvement with a group with an organizational account for iOS development.

They have multiple teams all developing separate iOS applications.

Answer 1

The right way is to have one distribution certificate and share the private key. We share a small keychain that contains just the private keys and certs needed for development/distribution among our org. You can add this 'stub' keychain to all your development machines, and if it's checked into version control, you can push out updates to everyone easily. You can also password protect it, in which case Xcode will ask you to unlock it when using to codesign.

The fact that it's "easy" to churn the certs is actually a bad thing, IMO. As you've observed, it's easy for other developers on the team to screw things up, particularly regarding TestFlight, although I heard from another developer recently that Apple might have fixed that. (I haven't confirmed it myself.)