Code sign certifecate problem

Similar Messages

• Adobe AIR 3 Performance Issues and Code Signing Certificate Problem

  I recently updated to Adobe AIR 3.0 SDK (and runtime) doing HTML/Javascript development using Dreamweaver CS5.5 in a Windows 7 Home Premium (64 bit).
  The AIR app I'm developing runs well from within Dreamweaver. But when I create/package the AIR app and install it on my machine:
  1. The app literally CRAWLS running it in my Windows 7 12G RAM machine (especially when I use the mouse to mouse over a 19-by-21 set of hyperlinks on a grid) --- IT IS THAT SLOOOOWWWW...
  2. The app runs fine in my Mac OS X 10.6.8 with 4G RAM, also using the Adobe AIR 3 runtime.
  About the Code Signing Certificate problem:
  When I try to package the AIR app with ADT using AIR's temporary certificate feature, I get the error message "Could not generate timestamp: handshake alert: unrecognized_name".
  I found some discussions on this problem in an Adobe AIR Google Groups forum, but no one has yet offered any resolution to the issue. Someone said Adobe is using the Geotrust timestamping service --- located at https://timestamp.geotrust.com/tsa --- but going to this page produces a "404 --- Page not found" error.
  The Google Groups Adobe AIR page is here:
  http://groups.google.com/group/air-tight/browse_thread/thread/17cd38d71a385587
  Any ideas about these issues?
  Thanks!
  Oscar

  I recently updated to Adobe AIR 3.0 SDK (and runtime) doing HTML/Javascript development using Dreamweaver CS5.5 in a Windows 7 Home Premium (64 bit).
  The AIR app I'm developing runs well from within Dreamweaver. But when I create/package the AIR app and install it on my machine:
  1. The app literally CRAWLS running it in my Windows 7 12G RAM machine (especially when I use the mouse to mouse over a 19-by-21 set of hyperlinks on a grid) --- IT IS THAT SLOOOOWWWW...
  2. The app runs fine in my Mac OS X 10.6.8 with 4G RAM, also using the Adobe AIR 3 runtime.
  About the Code Signing Certificate problem:
  When I try to package the AIR app with ADT using AIR's temporary certificate feature, I get the error message "Could not generate timestamp: handshake alert: unrecognized_name".
  I found some discussions on this problem in an Adobe AIR Google Groups forum, but no one has yet offered any resolution to the issue. Someone said Adobe is using the Geotrust timestamping service --- located at https://timestamp.geotrust.com/tsa --- but going to this page produces a "404 --- Page not found" error.
  The Google Groups Adobe AIR page is here:
  http://groups.google.com/group/air-tight/browse_thread/thread/17cd38d71a385587
  Any ideas about these issues?
  Thanks!
  Oscar

• Thawte code signing certificate problem

  Hi everyone!
  I wonder if someone here could help me out a little bit?
  I just received a code signing certificate from Thawte, but nobody mentioned that I should have enrolled it with Firefox (I have mac). So I used my default browser Safari. And now I can´t find any instructions how to change that certificate to a file that I can use in my Flex 3 when I export an AIR installer. All the instructions tell me to use Firefox, but it´s too late. I have to use same browser I have used earlier.
  I send this answer to Thawte too, but I´m not sure when they answer...

  Well, yes, apparently Keychain Access doesn't let you export the entire certificate chain.
  See http://forums.adobe.com/thread/234000 for a post on essentially the same issue.
  I haven't tried it, but maybe you can import the certificate into Firefox and then re-exported it with the entire certificate chain. Or do the same with the Java keytool utility. You could also set the ADT command line parameters to access the Mac Keychain directly, but then you couldn't use the built-in Flash/Flex Builder export. Those are the only options I can think of if you can't get help from Thawte.

• Code sign...revoking certificate... problem

  Hi,
  I am having a breake down. I had the folowing problem:
  Code Sign error: The identity 'iPhone Developer' doesn't match any valid, non-expired certificate/private key pair in your keychains
  So i folowd the steps to solve this problem:
  1) Open up Keychain Access app within /Applications/Utilities and click "All Items" under the Category sidebar. Type "iPhone" into the top-right search bar.
  If you are replacing your Developer Certificate, delete your "iPhone Developer: <your_name>" Certificate by right-clicking and choosing "Delete"; if you have multiple "iPhone Developer: <your_name>" certificates, delete them all.
  If you are replacing your Distribution Certificate, delete your "iPhone Distribution: <your_name>" Certificate by right-clicking and choosing "Delete"; if you have multiple "iPhone Distribution: <your_name>" certificates, delete them all.
  2) Clean out your profile library according to the steps in section: Keep Your Profile Library Clean.
  3) Log into the iOS Provisioning Portal. Click the Certificates sidebar. Click the DEVELOPMENT tab if you are replacing your Developer Certificate, and pick the the DISTRIBUTION tab if you are replacing your Distribution Certificate. Click Revoke in the Action column.
  4) Perform the steps in section Provisioning Profile Refresh. Xcode will prompt to create the new certificates; choose "Submit Request" to allow Xcode to create the certificates.
  After step 4:
  I folowd this steps:
  "To invoke Provisioning Profile Refresh, open Xcode's "Window" menu > Organizer > Devices tab > "Provisioning Profile" sidebar under Library and click the Refresh button. The first time refresh is pressed, a prompt appears requesting your team member credentials. It is important to answer positively when asked to create your signing certificates if they are needed. To do that, click "Submit Request" when you are prompted and Xcode will create, download and install the certificate(s)."
  I had no button "Refresh" so i clickt "add device to Profsioning Portal" and get a device with this muber already exists. When i login to Portal, i dont see my developer Certificate>Development anymore. Before revoke i downloaded the certificate!!!.
  How do i get it back? How do i solve this problem?
  alix

  Crap, TN2250 seems to be gone. 
  You may have used an outdated link or typed the address (URL) incorrectly. If you came to this page via a bookmark, please update it accordingly.
  The page you requested: http://developer.apple.com/library/ios/technotes/tn2250/_index.html
  The page to which you will be redirected: http://developer.apple.com/library/ios/index.html
  Has it been replaced?  I'm having a code signing issue and this seems to be the doc i need.

• My Distribution Profile is grayed out in Code Signing Provisioning Profile

  Fellow developers, has anyone experienced this problem when you tried to compile your app for distribution:
  Did everything as suggested in this forum, including:
  - copying a distribution profile to the right folder and also draging over the Xcode icon
  - Adding a "Distribution" configuration
  - specifying the identity as "iPhone Distribution: My Name"
  However, in the "Code Signing Provisioning Profile" picker, when "Any iPhone OS" is selected, the only enabled choice is "Default ..." and the actual profile with my name is grayed out.
  More over, the moment I select "Distribution" and then select "Device" in the "Active Configuration" picker, Xcode closes. This behavior can be reproduced all the time.
  Any suggestions?
  Eugene

  It is normal that it is grayed out ( don't ask me why ). To activate the distribution build, duplicate your Release in Distribution, install all the required certificates ( please apple stop those, they're a nightmare to deal with ) , then in the build settings in the code signing you have to TYPE ( there is no drop down box as seen in some screenshots ) "iPhone Distribution" ( instead of "iPhone Developer" ) and tada a few lines below you should see your drop down modified with some distributions entries.
  Patricia.

• ERROR ITMS-9000: Missing Code Signing Entitlements when adding app to Apple App Store

  My client is getting the following error when sending my app (compiled in Flash Pro CC 2014 with AIR SDK 15.0.0.356) to the Apple app store:
  ERROR ITMS-9000: "Missing Code Signing Entitlements. No entitlements found in bundle
  'com.xxxxxx.xx.xxx' for excutable 'payload/xxxxx.app./xxxx'.""
  He is saying that I need to send them the entitlements file.
  I can't find out any information about this with regards to Adobe Air compiled iOS apps, apart from this old post:
  Adding iOS entitlements to AIR apps
  which states that 'the packager configures the entitlements file '
  Can anyone explain what might be missing here?
  Thanks,
  Alan.

  It looks as if this problem is solved by doing step 2 from here:
  http://dev.mlsdigital.net/posts/how-to-resign-an-ios-app-from-external-developers/
  It basically states that the client needs to produce the entitlements file and lists the following that the client will provide themselves:
  A “Mobile Provisioning Profile”
  An “Entitlements.plist”
  An “iOS Distribution Certificate”
  iReSign OS X app (or you could use command line)
  Hope this helps someone. We've run into quite a few problems trying to get the Flash Air compiled App to both enterprise and Apple Store as it can't come from us (the developers) it has to be signed and delivered from the client.

• No option in project info window for code signing Provising profile.

  Dear Developer forum,
  I have one issue wth my application regarding provisional Profile.
  I have installed Distribution certificate.After that I have entered all information regarding distribution provisional profile in program portal
  I have got provisional certificate from portal.I have installed it
  And I have also seen its entry in home/library/mobiledevices/.
  But Now problem is arising at place when I am opening my project or target info window on that time in BUild->code signing option, I have only code signing endity but no code signing provisioning profile.
  where I can give my distribution provising profile name
  So anybody tell me howz it come????
  Thanks

  Looking at this page:
  http://developer.apple.com/iphone/manage/distribution/index.action
  Make sure that you've done all the steps... "Generating a Certificate Signing Request", "Submitting a Certificate Signing Request for Approval", "Downloading and Installing iPhone Distribution Certificates", "Create and download your iphone distribution provisioning profile"...
  When I went through this process, I think I forgot to do the step "Downloading and Installing iPhone Distribution Certificates"... (skipping straight to "create and download your iphone disbritution profile") as a result the provisioning profile name wasn't appearing for me to select... When I completed that step, then the provisioning profile name appeared...
  Message was edited by: iphonemediaman

• Code Signing certificate expired

  Hello,
  I please need an information about SGDEE 4.1 login applet: it seems
  applet code signing certificate was expired on September 2, 2005.
  I have no problem (after I deleted all expired root certificates from
  local client repository) with Internet Explorer 6SP1, but Mozilla Firefox
  always prompt me a warning with this contents:
  Serial:     
  [62374265099632433790334794162326322759]
  Issuer:
  N=VeriSign Class 3 Code Signing 2001 CA,
  OU=Terms of use at https://www.verisign.com/rpa (c)01,
  OU=VeriSign Trust Network,
  O="VeriSign, Inc."
  Valid From: Wed Sep 01 02:00:00 CEST 2004,
  To: Fri Sep 02 01:59:59 CEST 2005
  Subject:
  CN="Tarantella, Inc.",
  OU=Digital ID Class 3 - Netscape Object Signing,
  O="Tarantella, Inc.",
  L=Santa Cruz,
  ST=California,
  C=US
  Thank you very much in advance,
  Best Regards,
  Valerio Morozzo

  I know this is an older post, but it helped me find out how to make the migration procedure for native installer. I tried it with self signed certificate created by ADT tool and everything went fine.
  But now, we obtained a commercial AIR signing certificate from Thawte and the process failes in step 3) ADT saying
  'Certificate in PATH_TO_P12 could not be used to sign setup.msi' on Windows.
  On mac, it says that signing native installer on OSX is not supported, so I skipped the signing option in step 3) and it worked fine.
  I can skip the signing option on Windows as well and the process succeeds, but running the installer on machines with previous versions of application results in "Installer mis-configured' error message - the same error as if the migration process was not applied.
  I already contacted Thawte if it is a certificate issue, reply from them was 'AIR certificate can only sign .air applications'. But when I build a native application directly from FlashBuilder and sign it with the Thawte certificate the whole process seem to succeed. The application can be installed on machines without previous version of the application. Those who already have the older version get the 'Installer mis-configured' error message.
  I want to mark out again, that the same process but with a self signed certificate created with ADT, is successfull and the application can be installer as an update on machines with older version of the app. So I assume the workflow is correct.
  Any ideas? Or somebody having the same issue?
  Thanks

• Ad Hoc provisioning - code sign error...

  I have a bit of a problem creating the ad hoc build for the app....
  Here's what I did so far:
  1. Created the AdHoc provisioning profile on the portal
  2. Downloaded and installed it in Xcode
  3. Copied the Release configuration as AdHoc
  4. As suggested by some blogs, added the Entitlement.plist file - however, the recommended entries are not to be found in the plist file! That line is "get-task-allow" in the xcode window
  The link below points to a screen capture that shows what's happening:
  http://www.mediafire.com/imageview.php?quickkey=43endcalxt7jde4
  top_left: blog that suggest the line to be present in Entitlements.plist file
  top right: xcode window that shows the code sign error and the .plist file
  bottom left: the build parameters for the Ad Hoc build
  bottom right: info about Ad Hoc profile in the organizer. Note the App Identifier.
  The code sign error mentions AppID that is different from the one shown in the Organizer window.
  Help!!
  -S-

  I had to create new profile and that fixed it. Originally, I had used the Bundle name for the current app in the store.
  I was able to make the AdHoc build and distribute it.....

• Code Signing Cert for AIR and MSI

  If a Code Signing Certificate for AIR is purchased, can that same certificate be used when distributing the package using MSI?
  Or does it not matter as long as the AIR app is signed?

  No, this was a different problem that created similar symptoms.
  I just found out that, since Director 11.5, we can put the Xtras folder inside a projector. I was relying on outdated documentation, both online and in my mind, which said the xtras had to be next to the projector.
  Weirdly, putting the Xtras folder inside the Contents folder (inside the bare stub projector) solved the problem I was having: my sound was not functioning after I code signed the xtra that enables sound. Now it works fine.
  I also created an error when my projector's INI file set Movie01 to a Director movie in the same folder as the projector. Now I have it instead point to a movie in the Resources folder of the projector. So maybe I will just throw all my movies and supporting files in the Resources folder.
  I too am thinking of documenting the process, once I know customers are buying my app and using it successfully. Maybe I'll use screen recording to create a set of YouTube tutorials. That can spare others from this confusion and aggravation, and encourage people to buy the latest version of Director and update their old products. The more money that Adobe earns from Director, the more they will be encouraged to invest in developing Director further.
  If Apple will accept apps without receipt validation, that will certainly simplify things. I saw an Apple web page that stated it was mandatory, but that page has been changed. Maybe validation is optional but no longer required.
  For details, check this:
  https://developer.apple.com/library/mac/releasenotes/General/ValidateAppStoreReceipt/Intro duction.html
  but luckily there is source code out there that can be used to handle those technical details.
  I'm wondering how you applied your set of icons to your bare stub projector. Did you simply replace the projector.icns file? I created an error when I tried that.

• Xcode 4.5 Code Signing Identities say "from '(null)'"

  I've recently upgraded to Xcode 4.5, and now all my identities say "from '(null)'" in them when I try to sign for adhoc or enterprise distribution from Organizer:
  There is an option to refresh code signing identity which osme times works, but I need to run this every time. The problem I have is I have more than on iOS Team Provisioning profiles from different developer accounts and some times I cannot identify which one is which in terms to sign an adhoc version properly.
  Thanks for any help.

  No, I updated to latest XCode version and still having the same issue. Only solution is to refresh code signing identity every time.

• Adt code sign GateKeeper rejection for OS X AIR app

  I'm having a problem getting a signed OS X AIR captive runtime bundle app to pass the GateKeeper signature smell test.
  Here are the digestible facts, in list format:
  - App is multi-platform OS X, Windows, iOS, Android, but let's just focus on OS X for now.
  - Application is a standalone captive runtime bundle app.
  - Dev machine running OS X 10.9.5 (with Xcode 6.0.1).
  - Built with AIR 15.0.0.258 Beta.
  - The certificate is a certificate from comodo.com guaranteed to work with AIR and OS X Digital Code Signing, Code Signing Certificates - COMODO
  - Tried compiling/packing with IntelliJ IDEA 14 beta and adt command line, both with same fail results.
  - Manual packaging method used: Adobe AIR * Packaging a captive runtime bundle for desktop computers
  The adt command fires without a hitch, the command asks for the p12 password, I can see the certificate authorities get pinged as the packaging progresses. The resulting app seems fine and runs well with GateKeeper disabled. However, GateKeeper does not like the resulting app. I need this app to launch flawlessly on all user's systems (that's why I bought a certificate).
  Here's the disappointing results from Terminal:
  spctl -a -t exec -vv myPrettyPony.app
  rejected
  source=no usable signature

  I would suggest that those interested take a look at thread Tutorial on publishing Flex/Air app for Mac App Store or just using Developer ID for general distribution
  However, since that thread is marked as answered, I want to leave this thread open until I find an answer to my particular question: What are the exact steps to properly package and codesign an OS X AIR app for independent distribution to OS X 10.9.5?

• Replacing the Java Code Signing Certificate on the ASA 55xx VPN/Firewall Appliance

  Hi,
  basically I am trying to achieve what's documented in
  http://www.cisco.com/en/US/docs/security/asa/asa80/release/notes/asarn80.html#wp242704
  (using ASDM: "crypto ca import" = Remote Access VPN -> Certificate Management ->  Code Signer -> Import)
  I give it a complete PKCS12 bundle (unencrypted private key + certificates up to the root CA) to the ASA.
  I can indeed verify that it has been imported correctly by exporting it again:
    crypto ca export CodeSignerBundle pkcs12 1234
  It shows me the private key and all the certificates.
  However, the jars used in WebVPN, while carrying the correct certificate, don't have a full certification chain at their disposal:
  Using jarsigner -verify I see on a random file from the jar:
  sm       905 Fri Nov 30 00:00:00 CET 1979 Java/lang/CpUtf8.class
        X.509, CN=COMMONNAME, O=ORGANIZATION, L=LOCATION, ST=STATE, C=COUNTRY
        [certificate is valid from 8/1/13 4:30 PM to 8/1/16 4:30 PM]
        X.509, CN=LuxTrust Qualified CA, O=LuxTrust S.A., C=LU
        [certificate is valid from 6/5/08 11:25 AM to 10/18/16 12:40 PM]
        [CertPath not validated: Path does not chain with any of the trust anchors]
  Indeed the certificate file inside the jar (META-INF/.....RSA) does not contain what I uploaded to the ASA. One of the intermediary certificates is missing (while another certificate is listed twice).
  What could be the problem here? (ASA v8.2(5))
  Thanks for any help,
  Marki

  It may be that a ip address pool is not assigned to the default webvpn group:
  tunnel-group DefaultWEBVPNGroup general-attributes
  address-pool testpool

• ADT error with comodo code signing certificate

  Hello,
  I'm trying to sign an AIR app with a Comodo code signing cert.
  - SHA-256 with RSA Encryption
  - Java 1.8 (same problem with 1.6)
  - AIR 15 (same problem with older versions)
  My command :
  java -jar -Xmx1024m /data/sdk/AIRSDK_Compiler15/lib/adt.jar  -sign -storetype pkcs12 -storepass ******* -keystore cert/air-distrib.p12 bin-release/TestCert.airi bin-release/TestCert.air
  I get the following error :
  Exception in thread "main" java.lang.OutOfMemoryError: Java heap space
      at java.util.Arrays.copyOf(Arrays.java:3181)
      at java.util.ArrayList.grow(ArrayList.java:261)
      at java.util.ArrayList.ensureExplicitCapacity(ArrayList.java:235)
      at java.util.ArrayList.ensureCapacityInternal(ArrayList.java:227)
      at java.util.ArrayList.add(ArrayList.java:458)
      at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2026)
      at java.security.KeyStore.load(KeyStore.java:1433)
      at com.adobe.ucf.UCF.processSigningOptions(UCF.java:313)
      at com.adobe.ucf.UCF.parseSigningOptions(UCF.java:298)
      at com.adobe.air.ADT.parseSign(ADT.java:1589)
      at com.adobe.air.ADT.parseArgsAndGo(ADT.java:598)
      at com.adobe.air.ADT.run(ADT.java:435)
      at com.adobe.air.ADT.main(ADT.java:485)
  When i increase java memory at 8go, java uses 6go and don't stop... (nothing after 20 minutes...)
  Any idea ?
  ADT or cert problem ? Other ?
  Thx.
  Jonas

  Yeah !
  The certificate was generated in firefox...
  Import it into IE and regenerate the certificate fixed the problem
  Jonas

• Argh! Profile Manager and Code-Signing of profiles

  I am setting up Profile Manager in Mavericks with Server.app 3.0.1.
  I have DNS correctly setup, I have created an OD Master for Profile Manager, Profile Manager is running and network users can login and I can setup profiles. I also have the https site working properly for clients although that needed some help.
  We have a self-signed root CA and off that we have two intermediate CAs, one for signing server SSL certificates, and one for signing codesigning certificates. On my server I have installed the rootCA, and the intermediate CAs and of course the server SSL certificate itself. As mentioned initially I had a problem with the https site on the server and what was happening was that the server was not sending the intermediate certificate along with the server certificate to clients. (The clients already have our rootCA certificate installed and trusted.)
  As a result the chain was incomplete and clients did not trust the http site. I tracked this down to the files in /etc/certificates it turned out that of the four files for the server certificate i.e. .key.pem, .chain.pem, .concat.pem and .cert.pem that the .chain.pem did not contain the intermediate CA. I replaced it with the intermediate CA pem file and restarted Apache and clients now get the full chain and can therefore trust the https site.
  My problem now is with the codesigning certificate, this also has been selfsigned this time by the intermediate codesigningCA. It is accepted by Profile Manager and it does sign the profiles. However when I download the Trust profile and try installing it, it comes back unverified. (If it was unsigned it would say unsigned instead.) This trust profile contains a copy of the server certificate and the rootCA certificate but does not contain the intermediate codesigningCA certificate.
  I tried the same trick of swapping out the codesigning .chain.pem file in /etc/certificates but this did not help. I am currently stuck, any suggestions from any one?
  Thanks.

  I would really appreciate being walked through these steps. I just upgraded to Yosemite and Server.app 4 and am dealing with all the brokenness.
  Profile Manager does not show a code signing certificate when I ask it to sign configuration profiles.
  I DO NOT have the Code Signing Certificate in my keychain created when OD was created.
  I DO have the four code signing certificate files:
  /etc/certificates/host.domain.tld.Code Signing Certificate.<UUID hash>.cert.pem
  /etc/certificates/host.domain.tld.Code Signing Certificate.<UUID hash>.chain.pem
  /etc/certificates/host.domain.tld.Code Signing Certificate.<UUID hash>.concat.pem
  /etc/certificates/host.domain.tld.Code Signing Certificate.<UUID hash>.key.pem
  Furthermore, when I search my System keychain passwords, for <UUID hash>, I see that have the password that decrypts these pem's, e.g. via the openssl command
  openssl rsa -outform der -in 'host.domain.tld.Code Signing Certificate.<UUID hash>.key.pem' -out 'host.domain.tld.Code Signing Certificate.<UUID hash>.key'
  What's the specific step-by-step to convert these four files into something that Profile Manager can use to sign configuration profiles?
  I am stuck.