$99 Digital Cert for Signing Air Apps

Similar Messages

• Digitally signing AIR apps for the client

  How does a developer digitally sign a client's application
  without requiring the client to have to purchase the certificate?
  We want to do this for them. Are there any options for the
  developer?

  What happens when a certificate applied to an AIR app.
  expires? Does anyone know the technical details of the process? Is
  the expiration date embedded in the cerficate? Will the installer
  just revert to an UNKNOWN publisher or present another message,
  such as certificate expired? Will the installer still work?
  My Web guy thinks we can purchase the certificate for our
  client after discussing this process with them, by being listed as
  the technical contact and getting their contact info (like we can
  with SSL certificates). We do NOT want to put the customer through
  the below steps. There is a document though on Thawte's website
  that says the business and technical contacts must be from the same
  company though. This document
  (https://www.thawte.com/guides/pdf/enroll_codesign_eng.pdf) says
  nothing about AIR though.
  Here's some text Thawte sent me:
  ENROLLING:
  1. Visit
  https://www.thawte.com/process/retail/new_devel?language=en&productInfo.productType=devel 2
  2 Select the Adobe AIR Developer Certificate
  3. Enter the required information in the enrollment process
  "step 1 Configure your enrollment"
  Note: As part of this process a private/public key pair will
  be generated by thawte. The private key will be automatically
  stored within the Firefox keystore.
  4. Click Submit to complete your enrollment.
  5. Click Accept after confirming that all information entered
  on the enrollment page is correct.
  6. After the certificate is issued, log into the status page
  using the link provided in the confirmation email to download the
  certificate.
  7. Click on "Fetch Certificate" and the certificate will
  automatically be saved to the Firefox keystore.
  8. Export the private key and certificate from the Firefox
  keystore.
  The exported file can now be used to sign the Adobe Air
  application.
  FIREFOX INFO:
  You must use FireFox to initiate the Adobe AIR developer
  certificate browser and to obtain the certificate.
  1. Visit
  https://www.thawte.com/process/retail/new_devel?language=en&productInfo.productType=devel 2
  2 Select the Adobe AIR Developer Certificate
  3. Enter the required information in the enrollment process
  "step 1 Configure your enrollment"
  Note: As part of this process a private/public key pair will
  be generated by thawte. The private key will be automatically
  stored within the Firefox keystore.
  4. Click Submit to complete your enrollment.
  5. Click Accept after confirming that all information entered
  on the enrollment page is correct.
  6. After the certificate is issued, log into the status page
  using the link provided in the confirmation email to download the
  certificate.
  7. Click on "Fetch Certificate" and the certificate will
  automatically be saved to the Firefox keystore.
  8. Export the private key and certificate from the Firefox
  keystore with this solution: SO6899
  The exported file can now be used to sign the Adobe Air
  application.
  The a guide to signing the application can be found in SO6896
  Note: When exporting the private key and certificate from
  Firefox, it ill be exported in a .p12 (pfx) format which ADT, Flex,
  Flash Authoring, Dreamweaver, and Apatana tools can consume.
  Thawte will perform an Identity verification process, which
  may take 2-5 working days, and may need additional information.
  https://www.thawte.com/ssl-digital-certificates/free-guides-whitepapers/pdf/enroll_codesig n_eng.pdf
  After verification is complete, Thawte will email you
  instructions on how to retrieve the certificate.
  Please make sure that you retrieve the certificate using
  Firefox.
  How to export the private key and certificate from Firefox to
  sign Adobe®AIR™applications
  Solution ID: SO6899
  Adobe®AIR™ Developer Certificates can use a .pfx
  or a .p12 file to sign applications. Please follow the steps below
  to export the certificate with the private key from Firefox:
  1. A. Start Firefox
  B. Select Tools
  C. Select Options
  D. Select Advanced
  E. Select Certificates
  F. Select Manage Certificates
  Note: On a MAC OS go to Firefox > Preferences >
  Advanced > Certificates > Manage Certificates
  2. Select your signing certificate you retrieved from the
  status page and click the Backup button.
  3. Enter the file name and location to export the certificate
  and private key to and click Save.
  4. If you are using the Firefox Master Password, you will be
  prompted for your master password for the software security device.
  5. From the "Choose a certificate backup" password dialog
  box, enter a password to create/export the certificate.
  6. Enter the password twice and click OK. You should receive
  a successful backup password message.
  7. Use this .p12 (pfx) file within ADT, Flex, Flash
  Authoring, Dreamweaver, or Apatana tool.
  When prompted for a password, use the password for the .p12
  file export in step 5.
  8. Sign the application.
  Follow the steps below to sign Adobe®AIR™
  applications:
  1. Open AIR Application and Installer Settings from the Adobe
  Air application
  2. Click Set button under Installer settings, next to Digital
  signature
  3. In the Digital Signature dialog box, click Browse.
  4. Select the certificate.
  5. Enter a password.
  6. Click OK
  The application now has the digital signature applied.

• How to sign digital cerificate for adobe air application

  Hello freinds Please guide me how to sign the digital cerificate for my adoge air application.
  I am working on adobe flex sdk 3.2. so please guide me step by step how to sign my aaplication so that i can distribute it to other users.
  this is my first time thats why littlebit confused..
  Thanks And Regards
     Vineet Osho

  I assume you use Flex Builder. There is a UI that will let create a certificate when you try to export the AIR file.
  If you are using ADT directly. Use the '-certificate' option to create a PFX file.

• Trying to Sign Air App

  I am going nuts here,
  I have a certificate from Thawte in my firefox browser.
  according to the docs, I should be able to just backup the certificate in firefox and use it as the signing certificate in my air app (flash CS5). However it is not working, each time I try to publish I get the error "unable to build a valid certificate chain for the signer"
  I have contacted Thawte and despite their every effort, I still cannot make it work.
  Can anyone help me with this issue?

  The certificate file needs to have the whole certificate chain.
  When you export the cert from firefox, make sure to check the option to include the whole certificate chain.

• Admin Rights for Adobe AIR apps

  Which Admin rights are needed on a system to install a .AIR file on a system? In our Enterprise scenario users do not have Admin rights on the system. And whenever user tries installing an AIR app an error is thrown for the same. I want to know what are the least (Admin) rights that we need to give to a user on a WindowsXP system so that he can install air apps?

  Hello,
  Unfortunately, there isn't a simple answer to this question because AIR isn't in complete comtrol over the full set of files and registry keys touched during an install - we rely on Windows Installer for that.  However you can find additional information about this at:
  Does Installing an AIR Application Require Admin Rights?
  What are Administrative Rights, Anyway?
  You might also want to vote for this idea: Installation of Adobe AIR apps without having administrative privileges
  Hope this helps,
  Chris

• CustomeUpdateUI for native AIR app installer

  Hi,
  We have a native installer for a windows and Mac AIR app.
  For updates, we use the NativeApplicationUpdater code from:
  http://code.google.com/p/nativeapplicationupdater/
  After an update has been downloaded and launched, AIR shows a dialong prompting the user to "Replace" or "Cancel"
  the update.
  I would like to get rid of the dialog as this seems to include a redundant question for the user who chose to update from the first place.
  I believe setting the <customUpdateUI> tag at the application decriptor file would hide the dialog, but that causes the update to just launch the existing app. How can I come up with custom logic that will cause the update to actually replace the existing app?
  Thanks,
  Eilon

  It does have half an answer. SWFs can request loading AIR applications so they suggested embedding a SWF on the page which would be able to launch your AIR application. Your link would need to fire off some JavaScript to use the ExternalInterface with the SWF to relay your request inside the SWF. 
  If you really want it on Windows for example then you'll need to register your URI, the example should be self explainatory:
  http://msdn.microsoft.com/en-us/library/aa767914(v=vs.85).aspx

• Using Packager for Existing AIR App

  Hi,
  (I'm a total newbie to Flash and almost a newbie to development.)
  What are the considerations when planning to re-package an existing AIR app into an .ipa?  How do I even know what files to include for publishing?
  Thanks,

  One thing to consider is if using Flash CS5 your app might not publish properly or may publish with errors and bugs.  It depends on how you coded the app/flash site.  But if you are using Loader() method in your FLA make sure to include all of the swfs that your swf container file accesses.  If they are not in a subfolder you will have to add them one-by-one to your list of included files.

• Advice please for creating a preloader for an AIR app

  Hi.
  I've developed an AIR app in flex and all I want is a preloader for when the app is opened.
  I've ready plenty of the tutorials online - but most of the tutorials are geared towards <mx:Application> not <mx:WindowedApplication> and I
  can't seem to get them working using the <mx:WindowedApplication preloader=" ">.
  Coding the actual preloader isn't the issue i'm just having problems running it from the AIR app.
  If anyone has any tips for me that would be great!
  Thanks.

  you could use a mx:Window in order to create a splash window.
  http://livedocs.adobe.com/flex/3/html/help.html?content=WorkingWithWindows_2.html

• Any solution for Launching Air Apps from Sandboxed Chrome and Safari Browsers?

  Before we go and build our own plug-in (Ugh!)...
  As of early this year, we could no longer launch our Air application from Chrome. Now Safari (with Mavericks) has Sandboxed Flash with their browser and it will no-longer launch our application.
  Does anyone have any helpful advice (beyond building our own plug-in)?
  Thanks,
     Leo

  For the Chrome issue, I added instructions on how to manually enable an exception so that the plugin could run. The easier way to get it working is to have them install an Air app from the browser using a Flash badge. This didn't work for us since our app needs a native installer. Another option is to have our user install another Air app from our site. The exception is created for the site and the Air plugin so even though it would be a different app, once they allowed the plugin on our site, we could launch the natively installed app after that.
  I just discovered the Safari sandbox issue on Mavericks. I haven't tried either of these approaches on Safari yet. Is it the AdobeAAMDetect plugin in Safari settings that needs to be allowed?
  http://support.trainerroad.com/entries/22547739-How-do-I-allow-TrainerRoad-to-be-launched- from-the-website-

• How to create a more general install package for an AIR app?

  Hi,
  I have been using the ADT to compile an exe of my AIR app along with some other files I want to distribute. Problem is, I would like to do more general install actions (e.g. copy a bunch of files to the users Documents directory, copy a file to the local store, install fonts etc). Right now I achieve some of these by copying stuff from the application directory on the first run, but that is rather kludgy. Currently I am looking at using InstallShield or InstallAnywhere to do what I want out of the can, but I thought I'd see if anyone has some more AIR-friendly suggestions...
  Thanks!

  In my case I managed to work around the issues we were having by doing a configuration pass on the first run of the app. That means I had to basically put all the data I needed in my assets directory using the ADT compiler, then determine if it is a first run as follows:
  var locationPrefsObj:SharedObject = SharedObject.getLocal("PrefsObj");
  if ( !locationPrefsObj.data.hasOwnProperty("appCreatedDate")
  || ( locationPrefsObj.data.appCreatedDate != File.applicationDirectory.creationDate.toString() ) )
       firstRun();
  else {
       initConfig();
  // initialize an existing config
  The firstRun function will obviously be very bespoke, but you need to set the SharedObject at the end of it to make sure it doesn't get called every time.
  // this function is only run straight after an install
  private function firstRun():void {
       var success:Boolean = false;
       // do your first run stuff here and mark success=true if you are happy   
       if ( success ) {
            // set the appCreatedDate - then a future install can identify dirt left by the previous install
            var locationPrefsObj:SharedObject = SharedObject.getLocal("PrefsObj");
            locationPrefsObj.data.appCreatedDate = File.applicationDirectory.creationDate.toString();
            locationPrefsObj.flush();
  Other gotchas I hit:
  (1) You can copy things from the assets folder no problem, but to move or delete anything (so as not to leave lots of extra stuff hanging around), you need to (a) run with administrator privileges on Vista and w7 (the elevation happens automatically if you leave the "Run after install" box checked on an ADT install), and (b) work around the Flash security model that says you can't delete anything from a subdirectory of Program Files under any circumstances. I got around this by something like:
  // delete a file
  new File(File.applicationDirectory.resolvePath("assets/fileToBeDeleted").nativePath).deleteFi le();
  It's a bit nasty as it violates the security model, but until ADT lets you put stuff in two install locations I can't see another way to clean up the install properly.
  (2) I tried to install fonts (using VB and other stuff), but it is a real mess - the models in all different flavours of Windows seem to be different. I gave up as our software could get around it another way ...
  Hope that helps!

• Unable to self sign AIR apps

  I receive this error when packaging my AIR apps
  "Packaging failed. Make sure your computer time is in sync and your certificate is valid"
  As a note I am using "-tsa none" when packaging.   The problem only occurs when I use captive runtime via ’-target bundle’.  If I try to produce a regular .air file it works fine.

  I am using the latest SDK (3.5).
  I just was able to find out that if I removed a particular f4v (600+ megs) from the bundling then it works.  Once I reintroduce the F4V to a child folder in the build directory it fails.

• License Keys for Adobe Air Apps

  Many software applications require the end user to input a valid license key before proceeding with the installation. I have yet to come across an Adobe AIR application that employs this mechanism.
  The question is how can i integrate such a mechanism into an adobe air app?

  Two options:
  a) Build a licensing verification scheme yourself
  b) Use a 3rd party tool, such as NitroLM or Sharify or Shibuya

• Sign self-signed AIR app with trusted cert

  I have an AIR application that has been signed with a self-signed certificate that was created by the "Create Self-Signed Digital Certificate" wizard in the Export Release Build wizard in Flash Builder 4. This application has had multiple releases with auto-updating that clients have been successfully using but now we want to stop scaring our clients with the big red question mark symbol on the installer when they are first time installers.
  Now I have in  my possession a real trusted certificate that I want to start signing with. This certificate was given to me as a .crt file. I think it is from Verisign ... I didn't purchase it.
  First, how do convert that .crt file into a .p12 file and second how do I sign the existing app upon the next build so that clients can auto-update to the next version signed by this trusted cert without any headaches .. because I have read there can be some nasty issues and warnings.

  Hi,
  If the admin URL is specified with the https protocol, then http tunneling must be enabled for the server from the console -> servers -> AdminServer ->Protocols -> http.
  Moreover we also need to add following java options to the stopWebLogic.cmd or setDomainEnv.cmd:
  set JAVA_OPTIONS=$JAVA_OPTIONS$ -Dweblogic.security.IdentityKeyStore=CustomIdentity -Dweblogic.security.CustomIdentityKeyStoreFileName=identity.jks -Dweblogic.security.CustomIdentityKeyStorePassPhrase=password -Dweblogic.security.Identity.KeyStoreType=JKS -Dweblogic.security.TrustKeyStore=CustomTrust -Dweblogic.security.CustomTrustKeyStoreFileName=trust.jks -Dweblogic.security.CustomTrustKeyStoreType=JKS -Dweblogic.security.CustomTrustKeyStorePassPhrase=password -Dweblogic.security.IgnoreHostNameVerification=true -Dweblogic.security.SSL.ignoreHostnameVerification=true
  Regards,
  Kal

• Videos/Audios for Adobe AIR App

  Hi there,
  I'm new to Adobe AIR and I would like to find out if I'm building an app that sells videos/musics . Do I need to store all the video/music samples in the user's computer (part of the app) in order to be viewed offline?
  Thanks in advance!
  cheers.

  You need to store the music and videos somewhere on the user's computer, but not in the application install directory. (The documents directory is possibly a good place for them.)

• How to filter list of digital certificates for signing PDF

  Is it possible to change the configuration of Reader installation to filter the list of installed certificates that can be used for digitally signing documents?
  The filtered list will appear when users attempt to select a certificate for digitally signing a document.
  Thanks.

  Hi Carla,
  Unfortunately, Extended Key Usage is not one of the properties you can enforce.
  The things you can set are:
  appearanceFilter (i.e. enforce the use of a custom signature appearance)
  certspec(i.e. the signing certificate must meet some specific criteria)  <<<----- This is what you are more interested in, more below
  digestMethod(i.e. enforce the use of a specific cryptographic hashing algorithm)
  filter (i.e. enforce the use of a specific security handler if you want to use something other than the one built into Acrobat)
  legalAttestations (i.e. enforce the reason or purpose of the certifying signature)
  lockDocument (i.e. enforce any further changes to the document after the signature is applied)
  mdp (i.e. the rules for changing the document applied as part of a certifying signature)
  reasons (i.e. a list of one or more reasons the signer can use, as opposed to them adding their own)
  shouldAddRevInfo (i.e. force the inclusion on the revocation information (CRL or OCSP response) in the PDF file)
  subFilter (i.e. require the use of a specific signature format. This is very arcane)
  timeStampspec (i.e. require the use of a specific time stamp server)
  version (i.e the minimum version of Acrobat that can decipher the signature. the only two options are versions 6 or 8)
  The second item is the certspec, and this is what I've been pointing you towards. For the sake of discussion, think of everything you can read in a certificate as an extension. The serial number is an extension, the subject is an extension, the valid from date is an extension, etc. When a certificate is created, some of these extensions are required, other optional, and you can even add in extension that are not publicly defined, and only you will know about.
  Acrobat has the ability to enforce the signer to use a certificate that contains some, but not all of the known extensions. The extensions it can enforce are:
  issuer (i.e. require the use of a certificate that is issued by a specific Certificate Authority)
  keyUsage (i.e. require the signers certificate contain one or more of the nine possible values that can be included)
  oid (i.e. require that the Certificate Policy extension contain a specific value)
  subject (i.e. require that the document is signed by one specific person using one specific digital ID)
  subjectDN (i.e. require that the document is signed by one specific person, but they get to choose which digital ID to use)
  url (i.e. if a required digital ID is not available, where the signer can procure an acceptable digital ID)
  urlType (i.e. if the user is directed to the URL, should it be a web server where they can download a digital ID or a remote signing server where the digital ID stays on the remote server)
  That's it. If it's not one of these items then Acrobat cannot enforce that the item is available. Extended Key Usage is not on the list.
  Steve