Are Certificates worth the hassle?

Back when I first started programming there were only three environments you could program for A) Main Frames, B) Mini computers, and C) Personal computers. Given that A & B where tightly controlled by people in suites and ties, and no respectable business used C for anything that could impact their business, there was no need for Certificates. Even today the locked down world of mainframes and midrange computing has their own internal controls which doesn’t require certificates to be used.

More and more, however, security certificates are becoming the norm in programming. Websites need them to ensure that you are access the site you think you are on, and not some phishing site. Even Apple is enforcing certificates in OS X, and perhaps Microsoft will require them for Windows 8. But in the world of mobile phones, you need a certificate to provision anything. It seems that the complexities of security require that not only do you have a certificate, it needs to be updated periodically to show that you are who you are, and oh yeah that you paid for your rights on the iOS store.

There are also multiple different types of certificates: Developer, Distribution, Ad Hoc, and who knows what else… This means that as an app developer I feel that if I am not putting out a new version of my app every few weeks, that I will forget the complexities of ensuring that all of the various certificates and profiles are current and setup correctly. I personally find that when I move from one PC to another I invariably get it wrong, and have to start over getting all the certificates resubmitted and recreated.

Does this happen to you? Do you feel that having a certificate on an app makes it more secure? Would you install a piece of code on your phone or tablet that didn’t have a certificate? Would you immediately delete it, just because the certificate expired?

Are they worth the hassle?