Code sign failure for Safari 3.1

Similar Messages

• Code Signing Cert for AIR and MSI

  If a Code Signing Certificate for AIR is purchased, can that same certificate be used when distributing the package using MSI?
  Or does it not matter as long as the AIR app is signed?

  No, this was a different problem that created similar symptoms.
  I just found out that, since Director 11.5, we can put the Xtras folder inside a projector. I was relying on outdated documentation, both online and in my mind, which said the xtras had to be next to the projector.
  Weirdly, putting the Xtras folder inside the Contents folder (inside the bare stub projector) solved the problem I was having: my sound was not functioning after I code signed the xtra that enables sound. Now it works fine.
  I also created an error when my projector's INI file set Movie01 to a Director movie in the same folder as the projector. Now I have it instead point to a movie in the Resources folder of the projector. So maybe I will just throw all my movies and supporting files in the Resources folder.
  I too am thinking of documenting the process, once I know customers are buying my app and using it successfully. Maybe I'll use screen recording to create a set of YouTube tutorials. That can spare others from this confusion and aggravation, and encourage people to buy the latest version of Director and update their old products. The more money that Adobe earns from Director, the more they will be encouraged to invest in developing Director further.
  If Apple will accept apps without receipt validation, that will certainly simplify things. I saw an Apple web page that stated it was mandatory, but that page has been changed. Maybe validation is optional but no longer required.
  For details, check this:
  https://developer.apple.com/library/mac/releasenotes/General/ValidateAppStoreReceipt/Intro duction.html
  but luckily there is source code out there that can be used to handle those technical details.
  I'm wondering how you applied your set of icons to your bare stub projector. Did you simply replace the projector.icns file? I created an error when I tried that.

• Signing Up For Safari Extension Developer Program

  I am trying to sign up for the Safari Developer Program to write extensions, but i keep getting an error. This is the error: http://snapplr.com/nhrj
  Please help.

  Ok...
  From the Safari Menu Bar, click Safari / Empty Cache. When you are done with that, try accessing that page. If that didn't help...
  Go to the Safari Menu Bar, click Safari/Preferences. Make note of all the preferences under each tab. Quit Safari. Now go to ~/Library/Preferences and move this file com.apple.safari.plist to the Desktop.
  Relaunch Safari and see if that makes a difference. If not, move the .plist file back to the Preferences folder. If Safari functions as it should, move that .plist file to the Trash.
  Also, try restarting your Mac.

• Using a Code Signing Certificate for download on Azure

  Currently, I have a hosted web application and Web API on a VM that I use to allow users to download an executable file that is signed with a Code Signing certificate. My question is how would I do the same thing with a Web Role or Cloud Service?  The
  goal is to move to PAAS in Azure with our web application.
  Thanks for any help in advance.

  I appreciate the link to the article, but I don't need an SSL certificate, I need a code signing certificate.  I'm afraid this post does not help me at all.  What I need is a certificate to sign my downloadable applications with.  I have
  an .exe file that users can download, and I need those people to know my code can be trusted, which is why I need the code signing certificate.  My problem is how do I utilize this with a Web Role or Cloud Service?

• Viewer Builder signing failure for distribution viewer

  I'm having the following problem:
  I"m able to download the developer ipa from Viewer Builder with no problems, but when I try to download the distribution build, I get a VB error, "signing failure."
  this indicates to me that there is a problem perhaps with my p12 and mobile provisioning profile, but I've done all that correctly, as far as I know, and tried multiple times to reproduce from Apple's provisioning portal, but nothing works.
  is anyone else having this problem?

  Yes, I've been having this issue since last Friday. But, my ipa isn't working either....

• Code sign failures submitting iOS Air App

  Hi folks,
  I wondering if any of you might be able to point me in the right direction on this. I'm likewise having issues trying to submit an ipa file to iTunes Connect via Application Loader, and got as far as zipping the .app file and submitting. I get an error in Application Loader that: "Unable to run the lipo command: ... Can't map input file ..." and "Application failed codesign verification. The signature was invalid, contains disallowed entitlements, or was not signed with an iPhone Distribution Certificate.", and "Unable to extract codesigning entitlements from your application. Please make sure ... is a valid Mach executable that's properly codesigned".
  Now, before posting here, I have done the following to no avail:
  a) I've regenerated all certs and mobile provisions from the top, completely on the Mac once, and completely on Windows as well using openSSL. Both times, I started at the top, from the csr request.
  b) I'm able to install and run my ipa file just fine on the test iPhones using the distribution.p12 file and the associated ad_hoc distribution mobile provision. It's always only when I compile for 'app store release', using the distribution.p12 file and the app_store mobile provision that this happens.
  c) I'm using Adobe Flash Pro CS6 on Windows 7 64, with Adobe Air 3.3 SDK, and I am submitting on a real Macbook Air with OS X Mountain Lion.
  d) I've also gone as far as trying both sets of cert/provisions (generated on mac and windows), by publishing the ipa from within Flash Pro CS6, and also using the adt command line, but still same.. works fine as ad_hoc on the test iPhones, but will not submit through Application Loader. Same codesign verification errors.
  e) My app uses native extensions, but these compile and run perfectly fine on the ad_hoc builds.
  I'm pulling out my hair at this point as to what I could possibly be missing or doing wrong, or if there is a bona fide bug with the combination of technologies I'm using? I would appreciate any tips/hints/suggestions from anyone who know what I am describing here.
  If there is anyone at Adobe that can look at my ipa file build for the app_store submission, that would be wonderful as well.
  with kind regards,
  Alex

  @Marius,
  Here's a step by step (verbose) of what I do from the top when I setup for a new client (which I did just 3 days ago). If there's anything here that's different, I recommend you remove everything you have from before and start from scratch, as there are times when some ridiculously unforeseen item left over can affect your setup:
  (a) On a Mac, open Keychain Access tool. Go to 'Keychain Access' in the main menu, then 'Certificate Assistant' --> 'Request a Certificate from a Certificate Authority'. On the Certificate information form, enter the email address you used for your iOS Developer Program account, for Common Name, use the name you have associated to your iOS Developer account (i.e. mine was a personal account, so it's just 'Alex Yamane'), leave CA email address blank, and choose 'Saved to disk', and save the .certSigningRequest file generated somewhere handy.
  (b) Log into http://developer.apple.com/ with your iOS Developer account. Click on 'Member Center' at the top. Log in. Click 'iOS Provisioning Portal'.
  (c) First of all, make sure you remove everything before you start this process. You need to go backwards when you remove everything, so make sure first, you go to the 'Provisioning' section, and remove all Provisioning profiles first (both Development and Distribution). Devices, you can leave alone. Go to the 'Certificate' section and remove all Development and Distribution certificates.
  (d) Go to App ID, and create yourself a new AppID for your app, just to make sure so you're using everything fresh from the start.
  (e) Now go to 'Certificates', and use the .certSigningRequest file. Also create one for Development using the same .certSigningRequest file. Re-click the tabs for each and they should refresh with your new certs there. Download each one. After you do, I recommend you rename them so you know these are the newest ones you just generated (it usually has a default ios_development.cer and ios_distribution.cer file name. If you haven't yet, make sure you also download the WWDR intermediate certificate if you haven't already.
  (f) Go to 'Provisioning' section, and now create a new profile for 'Development'. Then go to the 'Distribution' tab and create one for the app_store and adhoc distributions. Save all 3 provisioning profiles.
  (g) On your Mac, open Keychain Access tool. First if you haven't already, go to 'File'->'Import item' and choose the WWDR intermediate cert. Then, do the same for your Distribution Certificate (not Development certificate), I've had tons of trouble in the past when I first was starting out, because Adobe's website keeps talking about the Development cert, but you only need the Distribution Certificate installed (and just use the adhoc provisioning profile to development/test and the appstore provisioning profile for iTunes submission).
  (h) Once you've imported your Distribution certificate, there should be an item under the 'login' section of the Keychains column on the left that looks like "iPhone Distribution: Marius Versteegen". Click the arrow next to that and expand it. When you do, you should see a little key icon and your name again. Right mouse on that, and choose "Export 'Marius Versteegen'". Choose file format .p12, and save this file somewhere.
  (i ) Now take all of those certs and provision files over to your Windows machine. Fire up Flash Pro. Open your project, and use the new .p12 file for your certificate, and use the new appstore Distribution certificate and compile. You should now have a .ipa file that's ready for iTunes submission.
  (j) For me, from this point on, I've described earlier in the thread how I get my .ipa file over to my Macbook Air and upload to iTunes.
  Hope this helps,
  Alex

• Up-Date Causes Launch Failure for Safari, Mail

  My mom has one of the older white "volley ball" iMacs, OS X 10.4. It had been working fine for her limited needs but recently when I performed a software update from Apple whe can no longer launch Safari or Mail. The Icons bounce a few times on launch, but nothing else happens. Click the icoms in the Dock again, and you only get one bounce and nothing else.
  Any suggestions would be appreciated.

  Hi Kyle,
  Could be many things, we should start with this...
  "Try Disk Utility
  1. Insert the Mac OS X Install disc, then restart the computer while holding the C key.
  2. When your computer finishes starting up from the disc, choose Disk Utility from the Installer menu. (In Mac OS X 10.4 or later, you must select your language first.)
  *Important: Do not click Continue in the first screen of the Installer. If you do, you must restart from the disc again to access Disk Utility.*
  3. Click the First Aid tab.
  4. Select your Mac OS X volume.
  5. Click Repair. Disk Utility checks and repairs the disk."
  http://docs.info.apple.com/article.html?artnum=106214
  Then try a Safe Boot, (holding Shift key down at bootup), run Disk Utility in Applications>Utilities, then highlight your drive, click on Repair Permissions, reboot when it completes.
  (Safe boot may stay on the gray radian for a long time, let it go, it's trying to repair the Hard Drive.)
  If perchance you can't find your install Disc, at least try it from the Safe Boot part onward.

• Windows 7 Comparability for SHA-256 (Code Signing)

  Dear All
     I want to know when the update for windows 7 (SHA-256 Code Signing Comparability -- for Kernel driver) will be available?

  Hi,
  I'm not sure whether you know this update KB 2949927, Microsoft is announcing the availability of an update for all supported editions of Windows 7 and Windows Server 2008 R2 to add support for SHA-2 signing and verification functionality.
  http://support.microsoft.com/kb/2949927
  Microsoft Security Advisory 2949927
  https://technet.microsoft.com/en-us/library/security/2949927.aspx
  This blog can also be helpful
  Microsoft Security Advisory 2949927
  http://blogs.technet.com/b/pki/archive/2010/09/30/sha2-and-windows.aspx
  Yolanda Zhu
  TechNet Community Support

• Code signing Windows Store Apps

  I can't get a very clear answer on the code signing requirement for deploying Windows Store Apps to the app store, even after searching the Internet for a couple of days. Specifically, my question is: are you required (not just recommended) to have a third
  party Code Signing Certificate to publish to the Windows App Store?
  I am not distributing the app to internal customers, but rather to external customers via the app store. If I'm missing this requirement documented in the documentation available on this site, can you point me to it?
  Michael

  All methods of deployment (Windows Store, PowerShell or System Center Configuration Manager) require the application to be signed using a certificate. The Windows Store channel requires a signing certificate
   from a publicly trusted CA because, well, the testers in the approval process won't have access to your internal PKI.
  Visual C++ MVP

• A PKI Code Signing Certificate question.

  Hello,
  Can someone please help me with the following question.
  I have created and used a code Signing certificate from our Microsoft Enterprise CA before which works OK, but I am not sure I did it correctly, and have a few related questions please.
  what I did.
  1: Logged on the CA directly, went to the CertSvc web site, requested a code signing cert, issued it and exported it along with the private key.
  2: Imported the above certificate into CurrentUser/My store on PC and used it to sign code
  3: Took the came certificate (along with the private key, and this is where perhaps I made at least one mistake) and imported it into the 'Trusted Publishers' store the PC that will be running the signed code. This step was done so the user does not receive
  a message asking if they want to run the code signed by "AAnotherUser" as it were, as although the code is signed by a trusted CA, the user still gets this warning message as the 'Publisher' is not in the 'Trusted Publishers' list. Therefore the
  way I sorted this at the time was to take the whole certificate as above and import to this store.
  The first mistake I made (as far as I can see as I am new to this area) I think I should have not imported the certificate 'along with its private key' into the trusted publishers store? in other words should I have imported the certificate 'minus its
  private key' into the trusted publishers store?
  Also, I understand you have to have the certificate along with is private key to sign code. I am 'assuming' a Hash of the code is taken and this is signed (encrypted) with the private key (in the same way a CA signs a CSR for a WEBServer cert for example),
  is that correct i.e. is that what it mean to sign code?
  if the above is correct then I assume you only need the 'public' key of the code signed cert in the 'Trusted Publishers Store' to verify the code was signed by a trusted CA and it has not been altered e.g. the Hash code still computes to the same value.
  Is this correct?
  My next question is regarding the private key. As I need to 'Login' to AD in order to request a code signing cert, can the 'private key' not be stored securely in AD along with my AD User account?
  if the above is possible (which would make good sense to me I think) then I do not have to worry about looking after the safety of the private key as the system 'AD' can do this for me. It would also mean which every computer I logon to in the domain I would
  have access to the private key (but no other user) and therefore be able to sign code I assume. Does this last paragraph make sense can this be done/is this done?
  Basically I need to understand the above, in order to understand more about Crypto.
  I also need create a code signing cert for a 'department' of about 10 people. Therefore I was thinking about creating and AD account called 'XYZCorpCodeSigning' or what ever, and issuing a code singing cert to this entity. If the private key could be stored
  in AD then accessed used once signed in as this account (these 10 people would need to know the password for the account) this would make life easier/more secure, I think.
  I know there are several question above, but it would be great it they would be answered as I would help me understand more about how it all works and to solve a problem too
  Thanks very much
  AAnotherUser__
  AAnotherUser__

  > The first mistake I made (as far as I can see as I am new to this area) I think I should have not imported the certificate 'along with its private key' into the trusted publishers store
  yes, it is not correct. Only public part should be imported to a Trusted Publishers container.
  >  is that correct i.e. is that what it mean to sign code
  exactly. Encryption with private key and decrypting with public key is called "digital signature".
  > if the above is correct then I assume you only need the 'public' key of the code signed cert in the 'Trusted Publishers Store' to verify the code was signed by a trusted CA and it has not been altered e.g. the Hash code still computes to the same
  value. Is this correct?
  yes. Client uses only public part of the certificate to validate the signature.
  > As I need to 'Login' to AD in order to request a code signing cert, can the 'private key' not be stored securely in AD along with my AD User account?
  normally code signing certificates are not stored in Active Directory and should not be there, because signing certificate is included in the signature field.
  > I do not have to worry about looking after the safety of the private key as the system 'AD' can do this for me.
  this is wrong assumption. A user is responsible to protect signing private key from unauthorized use.
  > If the private key could be stored in AD then accessed used once signed in as this account (these 10 people would need to know the password for the account) this would make life easier/more secure
  wouldn't, because if something happens -- you will never know who compromised the key.
  as a general practice, we recommend to purchase at least few smart cards to store signing keys. Depending on a particular code development practice, there might be a dedicated employee (for example, manager of devs) who the only has access to a smart card
  (and PIN) and signs the code upon dev request. Or issue a dedicated smart card with unique signing certificate to each developer. However this will add a complexity in signing certificate trust management.
  My weblog: en-us.sysadmins.lv
  PowerShell PKI Module: pspki.codeplex.com
  PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
  Check out new: SSL Certificate Verifier
  Check out new:
  PowerShell FCIV tool.

• Code Signing Certificate Options

  Hi Guys,
  Have just finished and Air application and need to sign it before distribution.  Anyone got any good advice on the pros and cons of the various Code Signing options for Adobe Air out there?
  Richard

  I have just created a self-signed code-signing certificate, I used XCA to generate it which is a front-end for openssl. Obviously being generated from a self-signed rootCA it is not going to be trusted by the outside world but it is good enough for an internal Profile Manager setup since the enrollment process will automatically trust your own self-signed rootCA.
  Anyway, when trying to install it I did come across a gotcha which might help you and others here. I found that if I imported the certificate in to Keychain Access e.g. by double-clicking on it, then Server.app did not list it as an available certificate for Profile Manager code-signing. However if instead I used the option in Server.app under Profile Manager to import the code-signing certificate it was accepted.
  In theory importing via Keychain Access should work as well but it did not, so if you have been doing it that way try importing via Server.app instead.
  If you have already imported it via Keychain Access just delete it from your Keychain and try again.
  With regards to the suggestion from ajm_from_WA for buying one from www.ssls.com I could not find any code-signing certificates listed on their website. These are different to ordinary website certificates.

• Applocker and expired code signing certificates

  Is it possible to allow applocker to use expired code signing certificates for old applications ? 
  Thanks, Magnus
  Magnus

  Hi Magnus,
  >>Is it possible to allow applocker to use expired code signing certificates for old applications ? 
  As far as I know, we should be unable to do this. If a certificate is expired, it is no longer considered an acceptable or usable credential.
  Regarding this question, the following thread can be referred to as reference.
  AppLocker Issue in Windows 7
  https://social.technet.microsoft.com/Forums/windows/en-US/2c78848d-2601-40d2-99c0-9b5c23b735e4/applocker-issue-in-windows-7?forum=w7itprosecurity
  Best regards,
  Frank Shen
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Code Sign .pkg file

  How to use Mac OS X Package Maker to code sign .pkg files for AppStore Submission? .pkg file is created too easily but how to code sign it for AppStore submission?

  You don't code sign a pkg installer.  You code sign the individual code bundles the installer installs.
  Code Signing Guide

• Renew code signing certificate mountain lion server

  Hello to all
  Can you please let me know if there is a way to renew the self code signing certificate for server WITHOUT re enroll all devices?
  We have 500 iPads enrolled and the code signing certificate expires in 2 weeks...
  So it's really critical not to re enroll all devices .
  Is there any way to do this?
  Thank you for you help.

  When I put this in I am just getting the following response
  Usage: certadmin
      --get-private-key-passphrase [path]    
        Retrieve the passphrase for the private key at [path] from the keychain
      --default-certificate-path
        Retrieve the full path for the default certificate
      --default-certificate-authority-chain-path
        Retrieve the full path for the default certificate authority chain
      --default-private-key-path
        Retrieve the full path for the default private key
      --default-concatenation-path
        Retrieve the full path for the default certificate + private key concatenation
      --create-default-self-signed-identity
        Creates a default self signed identity (certificate + private key) using the hostname
      --recreate-self-signed-certificate subject serial_number
        Recreate an existing self signed certificate
      --recreate-CA-signed-certificate subject issuer serial_number
        Recreate an existing certificate signed by an OpenDirectory CA
  where you have "192173c1c is this meant to be the serial number?

• Missing Code Signing Certificate in Profile Manager

  Hi everyone,
  Firstly, I'm not a professional and managing a server isn't in my skill set.  I have an old Mac mini running the Mavericks server to dabble with.
  Recently, the code-signing certificate (I assume self-signed) disappeared from Profile Manager for the option to "Sign configuration profiles" – no idea why, and I'm struggling to get it back, it just doesn't appear in the drop down.
  Under "Certificates" in Server.app, and within Keychain Access; it's still in the system and can be seen, where there are two of them.
  I've tried renewing both of these through Server.app to see if that would be a quick fix, but nothing.
  Could someone advise me on how to create a new verified code signing certificate for use with profile manager?
  Kind regards,
  Jamie

  Tried again.  Destroyed OD and recreated – code signing appears.  Reboot machine, code signing disappears.
  I tried exporting out the Code Signing Cert before rebooting the machine and reimporting after it disappears only to get "This profile cannot be used to sign profiles".
  Any idea what could be breaking the code-signing on reboot? Really bizarre.