I found that I can submit the same CSR for both dev and production when creating certs for iOS push notification.
For a single app I need to create 2 certs (dev/production), so for 10 app, I need to create 20 certs - which is a nightmare for certs management and pollute my keychains, so I am thinking by submitting the same CSR (hence same private key)..just more easy to maintain the stuffs.
對於單個應用程序,我需要創建2個證書(開發/生產),因此對於10個應用程序,我需要創建20個證書 - 這是證書管理的噩夢和污染我的鑰匙鏈,所以我想通過提交相同的CSR(因此相同的私鑰)..更容易維護的東西。
I want to know if any drawbacks and are you also doing the same way to reduce the effort in keys/certs management?
You don't necessarily have to use different private keys for development and production, but you should, especially if you are working in a large team or with external developers.
Every developer that has to test the notification code will need to have access to the private key for the development certificate. If you use the same key for the production certificate you also give them access to sending notifications in the production system. It all comes down to trust - do you trust that every developer on your team won't use the key to play mischief with your paying customers, now and forever?
每個必須測試通知代碼的開發人員都需要訪問開發證書的私鑰。如果對生產證書使用相同的密鑰,則還可以授予他們在生產系統中發送通知的權限。這一切都歸結為信任 - 您是否相信您的團隊中的每個開發人員都不會使用密鑰來與您的付費客戶惡作劇,現在和永遠?
If you're working alone, or if you really trust everyone on your team completely go ahead and use a single key. But think about the consequences if someone misuses the key.
Look here ProvisioningDevelopment
You must get separate certificates for the sandbox (development) environment and the production environment. The certificates are associated with an identifier of the application that is the recipient of push notifications; this identifier includes the application’s bundle ID. When you create a provisioning profile for one of the environments, the requisite entitlements are automatically added to the profile, including the entitlement specific to push notifications, . The two provisioning profiles are called Development and Distribution. The Distribution provisioning profile is a requirement for submitting your application to the App Store.
To rephrase shannoga's answer. while you could get away with using the same cert in the dev stage, each app needs proper certificates when being submitted to the appstore. It is best if create proper certs for apps in both stages that way you are sure to meet Apples standard.
Just because something works, does not make it right. By properly maintaining certs in the dev stage, it will make it easier when you have to transition to production as your code won't rely on short cuts.