I've searched the web far and wide but haven't found this particular use case or corresponding answer.
Let me explain the situation:
We're an app development team in a company which has recently been taken over. The takeover company had an existing Apple developer account but outsourced iOS app development to an agency.
Since our job is to create apps for public release, we too need to option to sign our apps for distribution.
The problem is, there are 3 active distribution certificates (which is the limit for organisation accounts) and they are all signed with a private key the agency generated.
My suggestion would be to revoke one of the (oldest) distribution certificates and generate a new one with a private key that our team generated.
My question is, what impact will this have? I've found that revoking a distribution certificate has no impact on the apps that are signed with it and that you just can generate a new one if you want to update the app, but that all assumes the new distribution certificate is signed with the same private key. What happens when you have 2 active distribution certificates signed with a different private key? What are the best practices for this?
Thx!