Code signing from cli in 10.6

Similar Messages

• What code signing certificate has to be added for Adobe Air Native Installer?

  Hi,
  I'm developing Adobe Air application. I need to digitally verify the application to add the publisher's name with the product. I did a little research and came to know that Symantec, Thawte, Comodo, Comodo-Tucows, Digicert, Godaddy and couple of others are doing this.
  Yes. I'm talking about the Code Signing Certificate. My question is, What code signing certificate has to be added for Adobe Air Native Installer? The reason is, The native installer will have an extension .exe ( Windows ) and .dmg ( MAC OS X ).
  These guys are providing certificate for Adobe Air. For instance, If the application is exported using Native Installer in Windows, The application will have an .exe extension. For this, Can I use the same Adobe Air code signing certificate or Should I go for Microsoft Autheticode ( for .exe ) certificate?
  Thanks in advance.

  I think comodo code signing certificate is one of the nice option to be added for Adobe Air, as i have seen comodo code signing certificate in other adobe programs. Recently i bought comodo code signing from https://cheapsslsecurity.com/comodo/codesigningcertificate.html, to sign one of my adobe application and it works fine, you can use microsoft authenticode technology with comodo code signing.

• Xcode 4.5 Code Signing Identities say "from '(null)'"

  I've recently upgraded to Xcode 4.5, and now all my identities say "from '(null)'" in them when I try to sign for adhoc or enterprise distribution from Organizer:
  There is an option to refresh code signing identity which osme times works, but I need to run this every time. The problem I have is I have more than on iOS Team Provisioning profiles from different developer accounts and some times I cannot identify which one is which in terms to sign an adhoc version properly.
  Thanks for any help.

  No, I updated to latest XCode version and still having the same issue. Only solution is to refresh code signing identity every time.

• Signing with Code Certificate from COMODO ?

  Hi,
  does anyone have some experience with a Code Signing Certificate from COMODO ?
  I exported the certificate from Chrome or IE and tried the signing for a ja file,
  but get:
  jar signed.
  Warning:
  The signer's certificate chain is not validated.
  Can anyone help me ?
  Many thanks.

  According to tzengs suggestion I tried to export the certificate again from firefox using "backup all" instead of "backup" with no effect.
  One thing which I am still not sure of:
  Can my client give me a p12 certificate which I can use as it is to sign my application using the provided password or do I have to process this certificate first?
  Depending on the answer to this question I need to take different action:
  YES: I need to tell my client to export the certificate in a different manner in order to "create the complete chain"
  NO: The certificate from my client is fine but I still need to figure out how to change the certificate so that I don't get the error.
  Thanks for your help.

• Profile Manager Code Signing Certificate from GoDaddy .spc

  Convert the .spc to .cer for Profile Manager compatability.
  Thought I'd share how to convert a code signing certificate acquired from go daddy as it downloads as a .spc file that Profile manager will not accept.
  When you download your code signing certificate from go daddy it will be a .spc file as stated above, and profile manager needs a .cer file.
  Take your .zip file over to a Windows 7 or better PC and double-click the .zip file.
  Then double-click the enclosed certificate.
  This will open the windows certmgr.
  Expand the certificate and locate your certificate (Should be the one with your company name )
  Right-Click the desired certificate, select all tasks, then Export
  Export the certificate as a DER .cer file.
  Now copy the exported .cer certificate to your Server App/Certificates and import it into the Pending Certificate.
  Once that's done also add the .cer certificate to your keychain.
  Remember to replace the expiring certificate if applicable
  LJS

  After loading the new certificates into the OS X Server box, the client devices will have to use the Profile Manager User Portal to load the updates.
  Here is the Apple documentation on updating the Profile Manager certificate (HT5358), though you may well have found that document already. 
  Unfortunately, the users have to navigate to the portal for that, or you'll have to manage a short-notice device swap.  (If it were even possible here, I'm not sure I'd want folks loading new certs via email, either...)
  If the existing Profile Manager solution doesn't meet your particular needs, then there are alternative MDM solutions around from other vendors, and that are also compatible with the OS X Server and iOS provisioning mechanisms.
  {FWIW, this is a user forum and the folks from Apple may or may not see your report.  If you have acccess to it, the Apple bugreport tool is a common way to log an enhancement request that the folks from Apple will see.}

• How to use Java code signing certificate in oracle 11i

  Hello,
  I am try to configure java code signing certificate in 11.5.10.2 application. we got java sign certificate from verisgin. SA's imported the certificate and created alias XXX_XXX with password and passphrase.
  I am able to see the my certificate. keytool -list -v -keystore xxx_xxxx.jks -storepass Password.
  how do I use it. I am using Enhance Jar Signing for EBS DOC ID 1591073.1.
  could you please give me some advice on it?
  Thanks
  Prince

  Hussien,
  I find out apps keystore keypassword and storepassword, I imported the java code sign certificate. I generated Jar files through adadmin, but I am getting  warning error
  adogif() unable to generate Jar Filers under JAVA_TOP.
  executing /usr/jdk/jdk1.6.0_45/bin/java sun.security.tools.JarSigner keysotre **** -sigfile CUST Signer /apps/......
  Error JarSigner subcommand Exited With status 1.
  No standard output from jarsigner JarSigner error output: Exception in thread "main" java.lang.NoClassDefFoundError: sun/security/tools/JarSigner Caused by: java.lang.ClassNotFoundException: sun.security.tools.JarSigner         at java.net.URLClassLoader$1.run(URLClassLoader.java:202)         at java.security.AccessController.doPrivileged(Native Method)         at java.net.URLClassLoader.findClass(URLClassLoader.java:190)         at java.lang.ClassLoader.loadClass(ClassLoader.java:306)         at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)         at java.lang.ClassLoader.loadClass(ClassLoader.java:247) Could not find the main class: sun.security.tools.JarSigner.  Program will exit. WARNING: The following path(s), defined in /apps2/property/product/tst/appl/cz/11.5.0/java/make/czjar.dep as elements of the output:   oracle/apps/cz/runtime/tag WARNING: Copying cztag.lst from the old fndlist.jar ...   About to Analyze flmkbn.jar : Fri Nov 22 2013 10:45:51
  Please let me know if you have any idea. Thanks Prince

• Third party CA and SCUP code signing

  All of the documentation I have seen out there regarding using a code signing certificate with SCUP assumes you are using AD CS. My institution uses a 3rd party CA and I requested a code signing certificate from them (the file had no file name extension,
  FWIW). I imported it into the local computer certificate store (on SCUP server/CAS) and see four entries:
  The blocked out item is our company name.
  Here is what I have done:
  I have exported the one with our company name as as the .cer file for clients, and placed it in the Trusted Publishers and Trusted Root Certificate Authorities stores on the SCUP server/CAS.
  I have exported various combinations of the 4 to generate the *.pfx file and imported it into SCUP but it always gives me an error when I try to publish an update. I initially exported all 4 certificates to get my .pfx, then tried just the ones with the
  purpose of "code signing." In both cases I get an error stating "Signature verification exception during publish, verify the WSUS certificates and advanced timestamp setting are properly configured."
  I am not getting an option to export the private key no matter what combo I choose. This is the biggest red flag I am seeing.
  Does anyone have any experience in this scenario? I am at a loss at this point. The server is 2008 R2 and I know I could use a self-signed one but I thought I would do it the "right" way since it is no longer supported.

  It turns out that after the code signing certificate was downloaded, the private key was somehow lost or damaged or not associated with it in the first place. That is why I was not seeing the option to export the key. We needed to use certutil to repair
  the key association.
  I suspect this is because the request was made from a web form and handled by the 3rd party CA as opposed to being done with certreq. Am I off base?
  Anyway, running this command on the code signed certificate allowed me to export it as needed for SCUP:
  certutil -repairstore my "SerialNumberofCert"
  There are some how tos here:
  http://support.microsoft.com/kb/889651
  http://blogs.msmvps.com/ivansanders/2011/07/26/restoring-a-certificates-private-key-without-the-certreq/

• Adobe AIR 3 Performance Issues and Code Signing Certificate Problem

  I recently updated to Adobe AIR 3.0 SDK (and runtime) doing HTML/Javascript development using Dreamweaver CS5.5 in a Windows 7 Home Premium (64 bit).
  The AIR app I'm developing runs well from within Dreamweaver. But when I create/package the AIR app and install it on my machine:
  1. The app literally CRAWLS running it in my Windows 7 12G RAM machine (especially when I use the mouse to mouse over a 19-by-21 set of hyperlinks on a grid) --- IT IS THAT SLOOOOWWWW...
  2. The app runs fine in my Mac OS X 10.6.8 with 4G RAM, also using the Adobe AIR 3 runtime.
  About the Code Signing Certificate problem:
  When I try to package the AIR app with ADT using AIR's temporary certificate feature, I get the error message "Could not generate timestamp: handshake alert: unrecognized_name".
  I found some discussions on this problem in an Adobe AIR Google Groups forum, but no one has yet offered any resolution to the issue. Someone said Adobe is using the Geotrust timestamping service --- located at https://timestamp.geotrust.com/tsa --- but going to this page produces a "404 --- Page not found" error.
  The Google Groups Adobe AIR page is here:
  http://groups.google.com/group/air-tight/browse_thread/thread/17cd38d71a385587
  Any ideas about these issues?
  Thanks!
  Oscar

  I recently updated to Adobe AIR 3.0 SDK (and runtime) doing HTML/Javascript development using Dreamweaver CS5.5 in a Windows 7 Home Premium (64 bit).
  The AIR app I'm developing runs well from within Dreamweaver. But when I create/package the AIR app and install it on my machine:
  1. The app literally CRAWLS running it in my Windows 7 12G RAM machine (especially when I use the mouse to mouse over a 19-by-21 set of hyperlinks on a grid) --- IT IS THAT SLOOOOWWWW...
  2. The app runs fine in my Mac OS X 10.6.8 with 4G RAM, also using the Adobe AIR 3 runtime.
  About the Code Signing Certificate problem:
  When I try to package the AIR app with ADT using AIR's temporary certificate feature, I get the error message "Could not generate timestamp: handshake alert: unrecognized_name".
  I found some discussions on this problem in an Adobe AIR Google Groups forum, but no one has yet offered any resolution to the issue. Someone said Adobe is using the Geotrust timestamping service --- located at https://timestamp.geotrust.com/tsa --- but going to this page produces a "404 --- Page not found" error.
  The Google Groups Adobe AIR page is here:
  http://groups.google.com/group/air-tight/browse_thread/thread/17cd38d71a385587
  Any ideas about these issues?
  Thanks!
  Oscar

• InCommon Code Signing Cert not working in Profile Manager

  We acquired a Code Signing Certificate from InCommon for signing profiles, and it doesn't want to work with Profile Manager.
  In the Certificates section we have our working SSL cert for the web server, and self-signed SSL and Code Signing certs.
  When I try to import the p7s file it lists four non-identity certificates and then says that it can't be used as a code signing certificate. 
  Has anyone ever managed to get an InCommon code signing cert to work with OSX Server?

  Hello,
  In RFC SAP-OSS, i maintained my S-user id and its password.
  As already told my router connectivity and   SAPOSS rfc working fine.
  regards
  Vinayag.K.C

• ERROR ITMS-9000: Missing Code Signing Entitlements when adding app to Apple App Store

  My client is getting the following error when sending my app (compiled in Flash Pro CC 2014 with AIR SDK 15.0.0.356) to the Apple app store:
  ERROR ITMS-9000: "Missing Code Signing Entitlements. No entitlements found in bundle
  'com.xxxxxx.xx.xxx' for excutable 'payload/xxxxx.app./xxxx'.""
  He is saying that I need to send them the entitlements file.
  I can't find out any information about this with regards to Adobe Air compiled iOS apps, apart from this old post:
  Adding iOS entitlements to AIR apps
  which states that 'the packager configures the entitlements file '
  Can anyone explain what might be missing here?
  Thanks,
  Alan.

  It looks as if this problem is solved by doing step 2 from here:
  http://dev.mlsdigital.net/posts/how-to-resign-an-ios-app-from-external-developers/
  It basically states that the client needs to produce the entitlements file and lists the following that the client will provide themselves:
  A “Mobile Provisioning Profile”
  An “Entitlements.plist”
  An “iOS Distribution Certificate”
  iReSign OS X app (or you could use command line)
  Hope this helps someone. We've run into quite a few problems trying to get the Flash Air compiled App to both enterprise and Apple Store as it can't come from us (the developers) it has to be signed and delivered from the client.

• No option in project info window for code signing Provising profile.

  Dear Developer forum,
  I have one issue wth my application regarding provisional Profile.
  I have installed Distribution certificate.After that I have entered all information regarding distribution provisional profile in program portal
  I have got provisional certificate from portal.I have installed it
  And I have also seen its entry in home/library/mobiledevices/.
  But Now problem is arising at place when I am opening my project or target info window on that time in BUild->code signing option, I have only code signing endity but no code signing provisioning profile.
  where I can give my distribution provising profile name
  So anybody tell me howz it come????
  Thanks

  Looking at this page:
  http://developer.apple.com/iphone/manage/distribution/index.action
  Make sure that you've done all the steps... "Generating a Certificate Signing Request", "Submitting a Certificate Signing Request for Approval", "Downloading and Installing iPhone Distribution Certificates", "Create and download your iphone distribution provisioning profile"...
  When I went through this process, I think I forgot to do the step "Downloading and Installing iPhone Distribution Certificates"... (skipping straight to "create and download your iphone disbritution profile") as a result the provisioning profile name wasn't appearing for me to select... When I completed that step, then the provisioning profile name appeared...
  Message was edited by: iphonemediaman

• Differences between SSL and Code-Signing Certificates

  Hello,
  I unsuccessfully tried to use a SSL - certificate for signing an applet (converting from X.509 to PKCS12 prior to signing) and learned, that SSL certificates and code-signing certificates are different things (after seeking the web for ours). Can somebody point out some source of information about this topic ? What are these differences ? Can I convert my SSL certificate into a code-signing certificate ?
  Things got even more confusing for me, since my first attempt with an wrongly converted SSL cetificate (I used my public and private key for conversion only, omitting the complete chain) at least worked partly: the certificate was accepted, but marked as coming from some untrustworthy organisation. After making a correct conversion (with the complete chain) the java plugin rejected the certificate completely ...
  Ulf

  yep, looks like it.
  keytool can be used with v3 x509 stores:
  Using keytool, it is possible to display, import, and export X.509 v1, v2, and v3 certificates stored as files, and to generate new self-signed v1 certificates. For examples, see the "EXAMPLES" section of the keytool documentation ( for Solaris ) ( for Windows ).
  jarsigner needs a keystore so I would assume public and private key pair.
  you could list the keys from your store:
  C:\temp>keytool -list -keystore serverkeys.key
  Enter keystore password: storepass
  Keystore type: jks
  Keystore provider: SUN
  Your keystore contains 2 entries
  client, Jul 5, 2005, trustedCertEntry,
  Certificate fingerprint (MD5): 13:50:77:64:94:36:2E:18:00:4B:90:65:D0:26:22:C8
  server, Jul 5, 2005, keyEntry,
  Certificate fingerprint (MD5): 20:90:49:6F:46:BA:AB:11:75:39:9F:6F:29:1F:AB:58
  The server is the private key, this can be used with jarsigner (alias option).
  C:\temp>jarsigner -keystore serverkeys.key -storepass storepass -keypass keypass
  -signedjar sTest.jar test.jar client
  jarsigner: Certificate chain not found for: client. client must reference a val
  id KeyStore key entry containing a private key and corresponding public key cert
  ificate chain.
  C:\temp>jarsigner -keystore serverkeys.key -storepass storepass -keypass keypass
  -signedjar sTest.jar test.jar server

• Code Signing certificate expired

  Hello,
  I please need an information about SGDEE 4.1 login applet: it seems
  applet code signing certificate was expired on September 2, 2005.
  I have no problem (after I deleted all expired root certificates from
  local client repository) with Internet Explorer 6SP1, but Mozilla Firefox
  always prompt me a warning with this contents:
  Serial:     
  [62374265099632433790334794162326322759]
  Issuer:
  N=VeriSign Class 3 Code Signing 2001 CA,
  OU=Terms of use at https://www.verisign.com/rpa (c)01,
  OU=VeriSign Trust Network,
  O="VeriSign, Inc."
  Valid From: Wed Sep 01 02:00:00 CEST 2004,
  To: Fri Sep 02 01:59:59 CEST 2005
  Subject:
  CN="Tarantella, Inc.",
  OU=Digital ID Class 3 - Netscape Object Signing,
  O="Tarantella, Inc.",
  L=Santa Cruz,
  ST=California,
  C=US
  Thank you very much in advance,
  Best Regards,
  Valerio Morozzo

  I know this is an older post, but it helped me find out how to make the migration procedure for native installer. I tried it with self signed certificate created by ADT tool and everything went fine.
  But now, we obtained a commercial AIR signing certificate from Thawte and the process failes in step 3) ADT saying
  'Certificate in PATH_TO_P12 could not be used to sign setup.msi' on Windows.
  On mac, it says that signing native installer on OSX is not supported, so I skipped the signing option in step 3) and it worked fine.
  I can skip the signing option on Windows as well and the process succeeds, but running the installer on machines with previous versions of application results in "Installer mis-configured' error message - the same error as if the migration process was not applied.
  I already contacted Thawte if it is a certificate issue, reply from them was 'AIR certificate can only sign .air applications'. But when I build a native application directly from FlashBuilder and sign it with the Thawte certificate the whole process seem to succeed. The application can be installed on machines without previous version of the application. Those who already have the older version get the 'Installer mis-configured' error message.
  I want to mark out again, that the same process but with a self signed certificate created with ADT, is successfull and the application can be installer as an update on machines with older version of the app. So I assume the workflow is correct.
  Any ideas? Or somebody having the same issue?
  Thanks

• Ad Hoc provisioning - code sign error...

  I have a bit of a problem creating the ad hoc build for the app....
  Here's what I did so far:
  1. Created the AdHoc provisioning profile on the portal
  2. Downloaded and installed it in Xcode
  3. Copied the Release configuration as AdHoc
  4. As suggested by some blogs, added the Entitlement.plist file - however, the recommended entries are not to be found in the plist file! That line is "get-task-allow" in the xcode window
  The link below points to a screen capture that shows what's happening:
  http://www.mediafire.com/imageview.php?quickkey=43endcalxt7jde4
  top_left: blog that suggest the line to be present in Entitlements.plist file
  top right: xcode window that shows the code sign error and the .plist file
  bottom left: the build parameters for the Ad Hoc build
  bottom right: info about Ad Hoc profile in the organizer. Note the App Identifier.
  The code sign error mentions AppID that is different from the one shown in the Organizer window.
  Help!!
  -S-

  I had to create new profile and that fixed it. Originally, I had used the Bundle name for the current app in the store.
  I was able to make the AdHoc build and distribute it.....

• Code Signing Cert for AIR and MSI

  If a Code Signing Certificate for AIR is purchased, can that same certificate be used when distributing the package using MSI?
  Or does it not matter as long as the AIR app is signed?

  No, this was a different problem that created similar symptoms.
  I just found out that, since Director 11.5, we can put the Xtras folder inside a projector. I was relying on outdated documentation, both online and in my mind, which said the xtras had to be next to the projector.
  Weirdly, putting the Xtras folder inside the Contents folder (inside the bare stub projector) solved the problem I was having: my sound was not functioning after I code signed the xtra that enables sound. Now it works fine.
  I also created an error when my projector's INI file set Movie01 to a Director movie in the same folder as the projector. Now I have it instead point to a movie in the Resources folder of the projector. So maybe I will just throw all my movies and supporting files in the Resources folder.
  I too am thinking of documenting the process, once I know customers are buying my app and using it successfully. Maybe I'll use screen recording to create a set of YouTube tutorials. That can spare others from this confusion and aggravation, and encourage people to buy the latest version of Director and update their old products. The more money that Adobe earns from Director, the more they will be encouraged to invest in developing Director further.
  If Apple will accept apps without receipt validation, that will certainly simplify things. I saw an Apple web page that stated it was mandatory, but that page has been changed. Maybe validation is optional but no longer required.
  For details, check this:
  https://developer.apple.com/library/mac/releasenotes/General/ValidateAppStoreReceipt/Intro duction.html
  but luckily there is source code out there that can be used to handle those technical details.
  I'm wondering how you applied your set of icons to your bare stub projector. Did you simply replace the projector.icns file? I created an error when I tried that.