Code Signing for MacOS 10.8+

Similar Messages

• Code Signing for 3rd Party DLLs in MPR certfication

  Dear Team,
  I am currently performing MPR test with my Web Application using Windows Server 2012 R2 platform.
  While verifiying test results, i got failed in the validating digital signature for 3rd party binaries(DLL).
  The DLLs are Ajaxcontroltoolkit.dll, interop.Excel.dll etc.,
  Whether Signed DLLs are exists for Ajax Libraries?? If Signed DLLs exists for Ajax Libraries, is it advisable to request Microsoft support team for getting Signed DLL through mail? (or)
  Can i include this point as a waiver in document during test results submission??
  Regarding Interop DLL's is it advisable to include DLL's in waiver request document??
  Kindly review and suggest comments

  Hello,
  When an MPR Test fails due only to 3rd party binaries, please create a Test Results Package, upload to MPR site, complete and send a waiver for review.
  List all failing binaries in the waiver, grouping by their respective owner.
  Thank you,

• Code Signing a Director 12 App for the AppStore

  I have seen a few discussions on this topic and signing and submitting to the AppStore while full of challenges was possible with Director 11.
  With Director 12, we have been unable to code sign the projector.
  We use the Terminal to do it:
  codesign -f -v -s "3rd Party Mac Developer Application: Developer's Name" [path to .app]
  We get the following error:
  /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/cod esign_allocate: the __LINKEDIT segment does not cover the end of the file (can't be processed) in: /Users/OurApp.app/Contents/MacOS/OurApp
  /Users/OurApp.app: code failed to satisfy specified code requirement(s)
  Any ideas would be welcome!
  Additionally:
  I have just discovered that unless Director is updated any submissions to the Apple App Store will be refused because of the use of the QuickTimes APIs
  Deprecated API Usage - Apple no longer accepts submissions of apps that use QuickTime APIs.

  There isn't a way to save as an earlier version, but my article from 13 years ago still holds true:
  http://www.director-online.com/buildArticle.php?id=1034
  The article tells you how to find two copies of a particular pair of numbers. For D7 those numbers would be 057E, D8 would be 0640, and D8.5 is 073A. Changing the two places where those number are will make the DIR open in older versions of Director.
  The numbers for D11.5 are 0782, and for D12 they are 079F. So, track down the two places where 079F are (which are 18 positions apart) and change them to 0782, and you'll be able to open the file in D11.5.
  One change since I wrote that article is that the identification sequence is now the Windows one on Mac too, most likely because it's an Intel app now. So, the number sequence to look for to get close to those two numbers is 46 43 52 44. In the file I checked there were three places where those numbers were, and it's the last of the places that followed by the two numbers, about 8 & 26 bytes later.

• "Invalid Provisioning Profile. The provisioning profile included in the bundle {BUNDLENAME} [{BUNDLENAME}.app] is invalid. [Missing code-signing certificate.]" for brand new, vanilla Mac App

  In OS X Maverick's XCode, I created a brand new Mac > "Cocoa Application", with Core Data and Spotlight Importerl; about as vanilla a Cocoa application I could muster. 
  Under Preferences > Accounts, I signed in to my Mac Developer Account.
  In Targets > Identity, I set Signing to "Mac App Store", and was able to select my Mac Developer Account for "Team".
  I then went to Product > Clean, and then Product > Build for... > Running, and then Produt > Archive.
  In the Organizer, I select the resulting .app and click "Validate", and hit the Mac App Store radio, and hit "Next", and it's able to log into my Mac Developer Account.
  I select my Provisioning Profile in the dropdown, and click "Validate".
  It comes back with several errors:
  1 - "Invalid Provisioning Profile. The provisioning profile included in the bundle {BUNDLENAME} [{BUNDLENAME}.app] is invalid. [Missing code-signing certificate.] For more information, visit the Mac OS Developer Portal."
  2 - "The bundle identifier cannot be changed from the current value, '{DIFFERENT-BUNDLE-FROM-OTHER-PROJECT}'.  If you want to change your bundle identifier, you will need to create a new application in iTunes Connect.
  3 - Invalid Code Signing Entitlements.  The entitlements in your app bundle signature do not match the ones that are contained in the provision profile.  The bundle contains a key that is not included in the provisioning profile: 'com.apple.applications-identifier' in '{BUNDLENAME}.app/Contents/MacOS/{BUNDLENAME}'
  I was able to do the same process before, for a vanilla app, before Mavericks.  I'm not sure if this is a Mavericks error, or a fact that now I have multiple app projects.  Particularly odd is that DIFFERENT-BUNDLE-FROM-OTHER-PROJECT in error (2) is not the same bundle name as the current project's bundle.
  Would love any help you can provide!  Thank you!

  Seen this thread?
  New codesign behavior, --deep option 
  "Code signing has some interesting changes in Mavericks (that apparently haven't made it into the release notes yet...). Note that this is a change to the operating system, not to the devtools."

• No option in project info window for code signing Provising profile.

  Dear Developer forum,
  I have one issue wth my application regarding provisional Profile.
  I have installed Distribution certificate.After that I have entered all information regarding distribution provisional profile in program portal
  I have got provisional certificate from portal.I have installed it
  And I have also seen its entry in home/library/mobiledevices/.
  But Now problem is arising at place when I am opening my project or target info window on that time in BUild->code signing option, I have only code signing endity but no code signing provisioning profile.
  where I can give my distribution provising profile name
  So anybody tell me howz it come????
  Thanks

  Looking at this page:
  http://developer.apple.com/iphone/manage/distribution/index.action
  Make sure that you've done all the steps... "Generating a Certificate Signing Request", "Submitting a Certificate Signing Request for Approval", "Downloading and Installing iPhone Distribution Certificates", "Create and download your iphone distribution provisioning profile"...
  When I went through this process, I think I forgot to do the step "Downloading and Installing iPhone Distribution Certificates"... (skipping straight to "create and download your iphone disbritution profile") as a result the provisioning profile name wasn't appearing for me to select... When I completed that step, then the provisioning profile name appeared...
  Message was edited by: iphonemediaman

• Windows 7 Comparability for SHA-256 (Code Signing)

  Dear All
     I want to know when the update for windows 7 (SHA-256 Code Signing Comparability -- for Kernel driver) will be available?

  Hi,
  I'm not sure whether you know this update KB 2949927, Microsoft is announcing the availability of an update for all supported editions of Windows 7 and Windows Server 2008 R2 to add support for SHA-2 signing and verification functionality.
  http://support.microsoft.com/kb/2949927
  Microsoft Security Advisory 2949927
  https://technet.microsoft.com/en-us/library/security/2949927.aspx
  This blog can also be helpful
  Microsoft Security Advisory 2949927
  http://blogs.technet.com/b/pki/archive/2010/09/30/sha2-and-windows.aspx
  Yolanda Zhu
  TechNet Community Support

• Code Signing Cert for AIR and MSI

  If a Code Signing Certificate for AIR is purchased, can that same certificate be used when distributing the package using MSI?
  Or does it not matter as long as the AIR app is signed?

  No, this was a different problem that created similar symptoms.
  I just found out that, since Director 11.5, we can put the Xtras folder inside a projector. I was relying on outdated documentation, both online and in my mind, which said the xtras had to be next to the projector.
  Weirdly, putting the Xtras folder inside the Contents folder (inside the bare stub projector) solved the problem I was having: my sound was not functioning after I code signed the xtra that enables sound. Now it works fine.
  I also created an error when my projector's INI file set Movie01 to a Director movie in the same folder as the projector. Now I have it instead point to a movie in the Resources folder of the projector. So maybe I will just throw all my movies and supporting files in the Resources folder.
  I too am thinking of documenting the process, once I know customers are buying my app and using it successfully. Maybe I'll use screen recording to create a set of YouTube tutorials. That can spare others from this confusion and aggravation, and encourage people to buy the latest version of Director and update their old products. The more money that Adobe earns from Director, the more they will be encouraged to invest in developing Director further.
  If Apple will accept apps without receipt validation, that will certainly simplify things. I saw an Apple web page that stated it was mandatory, but that page has been changed. Maybe validation is optional but no longer required.
  For details, check this:
  https://developer.apple.com/library/mac/releasenotes/General/ValidateAppStoreReceipt/Intro duction.html
  but luckily there is source code out there that can be used to handle those technical details.
  I'm wondering how you applied your set of icons to your bare stub projector. Did you simply replace the projector.icns file? I created an error when I tried that.

• No binaries found for Verification issue in MPR Code Signing Test case

  Hi,
  We are trying to certify our WebSite Application as Gold Certified and to become Gold Certified Partner. We have run a MPR Test and while verifying the Code Signing test case, it shows that
  "No binaries found for verification". But the test case result is
  passed. Below I have placed screen shot for the same. We have signed all our Application related DLL's(Page related DLL's. Please let us know about this issue.
  Shankar S

  Hi Shankar,
  To the MPR Tool, it does not appear that you have installed any binaries.
  As you mention that your website contains DLLs, these have either not been installed via your MSI package or have already been installed before the test began.
  The tool will prompt when to Install, when to perform Primary Functionality, and when to Uninstall.
  If your website was already installed prior to beginnign test, you must retest.
  As you are applying for Gold level, assure you are testing on Server Core.
  Hope this helps,
  -Logo

• How to generate csr for third party code signing cert?

  I've been reading about code signing, but can't see how to generate a csr to use with a third party CA. Does someone have a tutorial, link, suggestion?

  Hi,
  Here is an document which discussed on how to implement code signing with using third party certificate for you reference:
  http://download.microsoft.com/download/a/f/7/af7777e5-7dcd-4800-8a0a-b18336565f5b/best_practices.doc
  For further suggestions, it is recommend you to get further support in the MSDN Forum so that you can get the most qualified pool of respondents.
  http://social.msdn.microsoft.com/forums/en-US/categories/
  Thanks
  Tiger Li 
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Code signing cert error using Digicert - Unable to build a valid certificate chain for the signer

  Steps to fix this error on code signing adobe air using .p12 cert from Digicert - Unable to build a valid certificate chain for the signer
  a. Open Firefox and browse to https://www.digicert.com/digicert-root-certificates.htm
  b. On the middle of the page, download -
  DigiCert Assured ID Code Signing CA-1
  Valid until: 10/Feb/2026
  Serial #: 07:F4:73:6F:AF:EF:40:8A:1F:66:40:F2:65:D1:0A:C1
  Thumbprint: B170A10819BEA936905D719E643399783E1F4567
  Download
  c. Install the cert in Firefox
  d. Once done, export again the code signing cert from digicert, through (click Firefox -> Preferences -> View Certificates -> HIghlight the digicert code signing cert -> click Backup)
  e. Done, the newly exported file should now have the valid certificate chain and that should fix the error "Unable to build a valid certificate chain for the signer"
  Even though this is from Digicert, this should also work for other Certificate Authority providers assuming you download your provider's root cert for code signing.
  Regards,
  Reigner S. Yrastorza

  Are you talking about AIR Help produced by RoboHelp or an AIR application that you are creating?
  If the latter, please see the notice at http://forums.adobe.com/community/robohelp/airhelp
  If you are using RoboHelp, which version?
  See www.grainge.org for RoboHelp and Authoring tips
  @petergrainge

• What code signing certificate has to be added for Adobe Air Native Installer?

  Hi,
  I'm developing Adobe Air application. I need to digitally verify the application to add the publisher's name with the product. I did a little research and came to know that Symantec, Thawte, Comodo, Comodo-Tucows, Digicert, Godaddy and couple of others are doing this.
  Yes. I'm talking about the Code Signing Certificate. My question is, What code signing certificate has to be added for Adobe Air Native Installer? The reason is, The native installer will have an extension .exe ( Windows ) and .dmg ( MAC OS X ).
  These guys are providing certificate for Adobe Air. For instance, If the application is exported using Native Installer in Windows, The application will have an .exe extension. For this, Can I use the same Adobe Air code signing certificate or Should I go for Microsoft Autheticode ( for .exe ) certificate?
  Thanks in advance.

  I think comodo code signing certificate is one of the nice option to be added for Adobe Air, as i have seen comodo code signing certificate in other adobe programs. Recently i bought comodo code signing from https://cheapsslsecurity.com/comodo/codesigningcertificate.html, to sign one of my adobe application and it works fine, you can use microsoft authenticode technology with comodo code signing.

• Adt code sign GateKeeper rejection for OS X AIR app

  I'm having a problem getting a signed OS X AIR captive runtime bundle app to pass the GateKeeper signature smell test.
  Here are the digestible facts, in list format:
  - App is multi-platform OS X, Windows, iOS, Android, but let's just focus on OS X for now.
  - Application is a standalone captive runtime bundle app.
  - Dev machine running OS X 10.9.5 (with Xcode 6.0.1).
  - Built with AIR 15.0.0.258 Beta.
  - The certificate is a certificate from comodo.com guaranteed to work with AIR and OS X Digital Code Signing, Code Signing Certificates - COMODO
  - Tried compiling/packing with IntelliJ IDEA 14 beta and adt command line, both with same fail results.
  - Manual packaging method used: Adobe AIR * Packaging a captive runtime bundle for desktop computers
  The adt command fires without a hitch, the command asks for the p12 password, I can see the certificate authorities get pinged as the packaging progresses. The resulting app seems fine and runs well with GateKeeper disabled. However, GateKeeper does not like the resulting app. I need this app to launch flawlessly on all user's systems (that's why I bought a certificate).
  Here's the disappointing results from Terminal:
  spctl -a -t exec -vv myPrettyPony.app
  rejected
  source=no usable signature

  I would suggest that those interested take a look at thread Tutorial on publishing Flex/Air app for Mac App Store or just using Developer ID for general distribution
  However, since that thread is marked as answered, I want to leave this thread open until I find an answer to my particular question: What are the exact steps to properly package and codesign an OS X AIR app for independent distribution to OS X 10.9.5?

• SDK 3.0 : code signing error : more than one certificate for my profile ?!

  Hi all,
  Since I installed the SDK3 with OS3.0, I'm not able to develop on the device because of a provisionning profile issue.
  So, I've revoked all my certificates, created properly a new dev certificate, associated to a developer provisioning profile. Every-thing's fine at this step.
  But in my app, when a assign this profile (also added in the iPhone), and I build, i get a code signing error which indicates that the associated certificate for the iPhone Developer: xxxx is more than once in my keychain !!??
  I've checked the keychain and there is only ONE iphone certificate. So, i really don't understand !
  I've redone this step few times, to be sure... But still the same issue !
  Any clue ?

  Same here.
  I installed SDK 3.0 yesterday and was about to remove and re-install certificate today, until I found this thread.
  SDK 3.0 seems to have problems with handling provisioning profiles. If you use Xcode in Japanese, the provisioning profiles are shown as "?" in the popup menu, while if you start Xcode in English, the correct provisioning profiles are selectable.
  First, I had the "?" issue, then after I switched the language to English, I faced this "more than one certificate in the keychain" problem ...

• How to generate single signature for code signing and timestamp

  Hi we are developing Win 7 VC++ app using Crypto APIs.
  Here code signing is done using Cryptsignhash() method, that generates the signature. Later for time stamping CryptRetriveTimestamp() method is used which also generate the time stamp signature. Thus we wanted to know
  whether there is any single Crypto API available that can do code signing and timestamping together and shall generate single signature. At verification side it should be also possible to separate code signing and timestamp signatures prior to verification.
  Any help is highly appreciated. Thanks.

  On 4/17/2015 1:21 AM, Babu12345 wrote:
  *Hi we are developing Win 7 VC++ app using Crypto APIs. *
  *Here code signing is done using Cryptsignhash() method, that generates the signature. Later for time stamping CryptRetriveTimestamp() method is used which also generate the time stamp signature. Thus we wanted to know whether there is any single Crypto API
  available that can do code signing and timestamping together and shall generate single signature.
  No. Normally, you don't counter-sign the actual data - you counter-sign and time stamp your signature. You don't want to transmit the whole data (which could be a) large and b) confidential) to a third party. This is why it's a two step process.
  Igor Tandetnik

• Using Apple Mac Developer account for code signing

  Has anyone been using their Apple Mac Developer account for code signing and Adobe Air desktop App?
  Any hints, tips comments appreciated!

  Why would I do that?  I simply want to know, is the binary file I downloaded signed by with MY cert?  I can determine this within reasonable doubt by answering two simple questions:
  1.  Is the cert that this file signed with valid (chain of trust and all that).
  2.  What is the name of the cert (the identity).
  If the Identity is the right one (in our case, the name of our company) and it is valid, then I will trust that this binary is ours.
  Maybe this will clarify my question. I guess I could rephrase this question as:
  "How do I write a simple tool that will verify a file has a valid signature and will give me the signer's identity"?