Unfortunately, yes. For enterprise distributed apps, the devices will regularly check with apples servers whether the certificate which has been used to sign them is still valid. So revoking the certificate will make those installations fail. Maybe not until the next reboot, maybe not when there is no internet connection available, but sooner or later, the app will refuse to launch.
If availability of the app must not be interrupted, you need to take precautions - for example by preparing the new version and notifying all users ahead of time that at a certain date, the old version will stop working and the new one must be installed.
I kept investigating and it appears like you can have two distribution certificates at the same time now. This is meant to eliminate gaps in app availability by allowing you to phase from one cert to another, way before the first one expires.
If this is still true, you might be able to simply create another distribution certificate without revoking the existing one. You will need to create new provisioning profiles as well (or update the old ones to use the new cert), but that shouldn't invalidate those already deployed. You would then be able to distribute the new / updated app and the existing installations will remain unaffected.
It has been some time since I last worked with enterprise distribution and right now, I don't have access to an enterprise dev account, so I can't try. But I don't think there is any risk if you just go ahead and try it - I assume the portal will either let you create a second cert or it just won't...
Are you sure of this? I know that with apps in the App Store, revoking the signing certificate has no impact on applications either in the App Store or already installed. It's possible that it's different with an Enterprise application, but it seems unlikely that the certificate is checked except when installing.
Yes, I am. See this apple support page under "What happens if my certificate expires or has been revoked": developer.apple.com/support/technical/certificates There was another apple document somewhere, which explained how validity of certificates would be checked only occasionally and the server response cached on the device for several days, but I can't find it right now...
Found it - not the original document, but this SO answer is citing it...: stackoverflow.com/a/9386400/416600