Gaaahh! You click your application in iTunes Connect, then on “view details”, then you’ll find a button in there (top right) saying something like “I’m ready to upload” (didn’t notice it before, but must have on the other app). Click it and go ahead and upload. Gaaaaaaaaaah 2!
(Based on Nilesh’s answer) In the default configuration, openssl will keep copies of all signed certificates in /etc/ssl/newcerts, named by its index number. So grep /etc/ssl/index.txt to obtain the serial number of the key to be revoked, e.g. 1013, then execute the following command: openssl ca -revoke /etc/ssl/newcerts/1013.pem #replacing the serial number The -keyfile and … Read more