As we know that 2 maximum number of iOS Distribution certificates for in-house apps are can be generated.
So I have currently 2 valid certificates but different expiry dates. One is near soon and the other one is after a year. When I check on XCODE or Keychain Access that I can see both of these certificates. I have an archive built recently but I want to know which iOS Distribution certificate is used/applied on the app?
Using the commands below you can retrieve the expiry date of the certificate from IPA and you can match it with your keychain.
$ unzip -q MyApp.ipa
$ codesign -d --extract-certificates Payload/*.app
$ openssl x509 -inform DER -in codesign0 -noout -nameopt -oneline -dates