Code-signing

We are having some issues with our C Sharp .NET 4 Application
We are using Visual Studio 2010 to build a Click Once Installation
In addition, we use our code-signing certificate (.pfx) to sign the package
However when attempting to install the application it is blocked by
Windows 8 Smart Screen with an “unknown Publisher” message.
We sign our package twice once on the actual files and afterward
The manifest is resigned.

Hi Rene,
>>“unknown Publisher” .
Please check whether you sign file in the correct directory.
Reference:
http://stackoverflow.com/questions/10392201/clickonce-de-signs-our-executable-and-says-unknown-publisher?rq=1
A document shared us the detailed steps for "Certificate Expiration in ClickOnce Deployment".
http://msdn.microsoft.com/en-us/library/ff369721.aspx
In addition, since this issue is related to the Clickonce, I suggest you post a new case in this forum:
http://social.msdn.microsoft.com/Forums/windows/en-US/home?forum=winformssetup , and there you would get dedicated support.
Best Regards,
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. <br/> Click <a
href="http://support.microsoft.com/common/survey.aspx?showpage=1&scid=sw%3Ben%3B3559&theme=tech"> HERE</a> to participate the survey.

Similar Messages

  • How to use Java code signing certificate in oracle 11i

    Hello,
    I am try to configure java code signing certificate in 11.5.10.2 application. we got java sign certificate from verisgin. SA's imported the certificate and created alias XXX_XXX with password and passphrase.
    I am able to see the my certificate. keytool -list -v -keystore xxx_xxxx.jks -storepass Password.
    how do I use it. I am using Enhance Jar Signing for EBS DOC ID 1591073.1.
    could you please give me some advice on it?
    Thanks
    Prince

    Hussien,
    I find out apps keystore keypassword and storepassword, I imported the java code sign certificate. I generated Jar files through adadmin, but I am getting  warning error
    adogif() unable to generate Jar Filers under JAVA_TOP.
    executing /usr/jdk/jdk1.6.0_45/bin/java sun.security.tools.JarSigner keysotre **** -sigfile CUST Signer /apps/......
    Error JarSigner subcommand Exited With status 1.
    No standard output from jarsigner JarSigner error output: Exception in thread "main" java.lang.NoClassDefFoundError: sun/security/tools/JarSigner Caused by: java.lang.ClassNotFoundException: sun.security.tools.JarSigner         at java.net.URLClassLoader$1.run(URLClassLoader.java:202)         at java.security.AccessController.doPrivileged(Native Method)         at java.net.URLClassLoader.findClass(URLClassLoader.java:190)         at java.lang.ClassLoader.loadClass(ClassLoader.java:306)         at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)         at java.lang.ClassLoader.loadClass(ClassLoader.java:247) Could not find the main class: sun.security.tools.JarSigner.  Program will exit. WARNING: The following path(s), defined in /apps2/property/product/tst/appl/cz/11.5.0/java/make/czjar.dep as elements of the output:   oracle/apps/cz/runtime/tag WARNING: Copying cztag.lst from the old fndlist.jar ...   About to Analyze flmkbn.jar : Fri Nov 22 2013 10:45:51
    Please let me know if you have any idea. Thanks Prince

  • Third party CA and SCUP code signing

    All of the documentation I have seen out there regarding using a code signing certificate with SCUP assumes you are using AD CS. My institution uses a 3rd party CA and I requested a code signing certificate from them (the file had no file name extension,
    FWIW). I imported it into the local computer certificate store (on SCUP server/CAS) and see four entries:
    The blocked out item is our company name.
    Here is what I have done:
    I have exported the one with our company name as as the .cer file for clients, and placed it in the Trusted Publishers and Trusted Root Certificate Authorities stores on the SCUP server/CAS.
    I have exported various combinations of the 4 to generate the *.pfx file and imported it into SCUP but it always gives me an error when I try to publish an update. I initially exported all 4 certificates to get my .pfx, then tried just the ones with the
    purpose of "code signing." In both cases I get an error stating "Signature verification exception during publish, verify the WSUS certificates and advanced timestamp setting are properly configured."
    I am not getting an option to export the private key no matter what combo I choose. This is the biggest red flag I am seeing.
    Does anyone have any experience in this scenario? I am at a loss at this point. The server is 2008 R2 and I know I could use a self-signed one but I thought I would do it the "right" way since it is no longer supported.

    It turns out that after the code signing certificate was downloaded, the private key was somehow lost or damaged or not associated with it in the first place. That is why I was not seeing the option to export the key. We needed to use certutil to repair
    the key association.
    I suspect this is because the request was made from a web form and handled by the 3rd party CA as opposed to being done with certreq. Am I off base?
    Anyway, running this command on the code signed certificate allowed me to export it as needed for SCUP:
    certutil -repairstore my "SerialNumberofCert"
    There are some how tos here:
    http://support.microsoft.com/kb/889651
    http://blogs.msmvps.com/ivansanders/2011/07/26/restoring-a-certificates-private-key-without-the-certreq/

  • Adobe AIR 3 Performance Issues and Code Signing Certificate Problem

    I recently updated to Adobe AIR 3.0 SDK (and runtime) doing HTML/Javascript development using Dreamweaver CS5.5 in a Windows 7 Home Premium (64 bit).
    The AIR app I'm developing runs well from within Dreamweaver. But when I create/package the AIR app and install it on my machine:
    1. The app literally CRAWLS running it in my Windows 7 12G RAM machine (especially when I use the mouse to mouse over a 19-by-21 set of hyperlinks on a grid) --- IT IS THAT SLOOOOWWWW...
    2. The app runs fine in my Mac OS X 10.6.8 with 4G RAM, also using the Adobe AIR 3 runtime.
    About the Code Signing Certificate problem:
    When I try to package the AIR app with ADT using AIR's temporary certificate feature, I get the error message "Could not generate timestamp: handshake alert: unrecognized_name".
    I found some discussions on this problem in an Adobe AIR Google Groups forum, but no one has yet offered any resolution to the issue. Someone said Adobe is using the Geotrust timestamping service --- located at https://timestamp.geotrust.com/tsa --- but going to this page produces a "404 --- Page not found" error.
    The Google Groups Adobe AIR page is here:
    http://groups.google.com/group/air-tight/browse_thread/thread/17cd38d71a385587
    Any ideas about these issues?
    Thanks!
    Oscar

    I recently updated to Adobe AIR 3.0 SDK (and runtime) doing HTML/Javascript development using Dreamweaver CS5.5 in a Windows 7 Home Premium (64 bit).
    The AIR app I'm developing runs well from within Dreamweaver. But when I create/package the AIR app and install it on my machine:
    1. The app literally CRAWLS running it in my Windows 7 12G RAM machine (especially when I use the mouse to mouse over a 19-by-21 set of hyperlinks on a grid) --- IT IS THAT SLOOOOWWWW...
    2. The app runs fine in my Mac OS X 10.6.8 with 4G RAM, also using the Adobe AIR 3 runtime.
    About the Code Signing Certificate problem:
    When I try to package the AIR app with ADT using AIR's temporary certificate feature, I get the error message "Could not generate timestamp: handshake alert: unrecognized_name".
    I found some discussions on this problem in an Adobe AIR Google Groups forum, but no one has yet offered any resolution to the issue. Someone said Adobe is using the Geotrust timestamping service --- located at https://timestamp.geotrust.com/tsa --- but going to this page produces a "404 --- Page not found" error.
    The Google Groups Adobe AIR page is here:
    http://groups.google.com/group/air-tight/browse_thread/thread/17cd38d71a385587
    Any ideas about these issues?
    Thanks!
    Oscar

  • InCommon Code Signing Cert not working in Profile Manager

    We acquired a Code Signing Certificate from InCommon for signing profiles, and it doesn't want to work with Profile Manager.
    In the Certificates section we have our working SSL cert for the web server, and self-signed SSL and Code Signing certs.
    When I try to import the p7s file it lists four non-identity certificates and then says that it can't be used as a code signing certificate. 
    Has anyone ever managed to get an InCommon code signing cert to work with OSX Server?

    Hello,
    In RFC SAP-OSS, i maintained my S-user id and its password.
    As already told my router connectivity and   SAPOSS rfc working fine.
    regards
    Vinayag.K.C

  • My Distribution Profile is grayed out in Code Signing Provisioning Profile

    Fellow developers, has anyone experienced this problem when you tried to compile your app for distribution:
    Did everything as suggested in this forum, including:
    - copying a distribution profile to the right folder and also draging over the Xcode icon
    - Adding a "Distribution" configuration
    - specifying the identity as "iPhone Distribution: My Name"
    However, in the "Code Signing Provisioning Profile" picker, when "Any iPhone OS" is selected, the only enabled choice is "Default ..." and the actual profile with my name is grayed out.
    More over, the moment I select "Distribution" and then select "Device" in the "Active Configuration" picker, Xcode closes. This behavior can be reproduced all the time.
    Any suggestions?
    Eugene

    It is normal that it is grayed out ( don't ask me why ). To activate the distribution build, duplicate your Release in Distribution, install all the required certificates ( please apple stop those, they're a nightmare to deal with ) , then in the build settings in the code signing you have to TYPE ( there is no drop down box as seen in some screenshots ) "iPhone Distribution" ( instead of "iPhone Developer" ) and tada a few lines below you should see your drop down modified with some distributions entries.
    Patricia.

  • ERROR ITMS-9000: Missing Code Signing Entitlements when adding app to Apple App Store

    My client is getting the following error when sending my app (compiled in Flash Pro CC 2014 with AIR SDK 15.0.0.356) to the Apple app store:
    ERROR ITMS-9000: "Missing Code Signing Entitlements. No entitlements found in bundle
    'com.xxxxxx.xx.xxx' for excutable 'payload/xxxxx.app./xxxx'.""
    He is saying that I need to send them the entitlements file.
    I can't find out any information about this with regards to Adobe Air compiled iOS apps, apart from this old post:
    Adding iOS entitlements to AIR apps
    which states that 'the packager configures the entitlements file '
    Can anyone explain what might be missing here?
    Thanks,
    Alan.

    It looks as if this problem is solved by doing step 2 from here:
    http://dev.mlsdigital.net/posts/how-to-resign-an-ios-app-from-external-developers/
    It basically states that the client needs to produce the entitlements file and lists the following that the client will provide themselves:
    A “Mobile Provisioning Profile”
    An “Entitlements.plist”
    An “iOS Distribution Certificate”
    iReSign OS X app (or you could use command line)
    Hope this helps someone. We've run into quite a few problems trying to get the Flash Air compiled App to both enterprise and Apple Store as it can't come from us (the developers) it has to be signed and delivered from the client.

  • No option in project info window for code signing Provising profile.

    Dear Developer forum,
    I have one issue wth my application regarding provisional Profile.
    I have installed Distribution certificate.After that I have entered all information regarding distribution provisional profile in program portal
    I have got provisional certificate from portal.I have installed it
    And I have also seen its entry in home/library/mobiledevices/.
    But Now problem is arising at place when I am opening my project or target info window on that time in BUild->code signing option, I have only code signing endity but no code signing provisioning profile.
    where I can give my distribution provising profile name
    So anybody tell me howz it come????
    Thanks

    Looking at this page:
    http://developer.apple.com/iphone/manage/distribution/index.action
    Make sure that you've done all the steps... "Generating a Certificate Signing Request", "Submitting a Certificate Signing Request for Approval", "Downloading and Installing iPhone Distribution Certificates", "Create and download your iphone distribution provisioning profile"...
    When I went through this process, I think I forgot to do the step "Downloading and Installing iPhone Distribution Certificates"... (skipping straight to "create and download your iphone disbritution profile") as a result the provisioning profile name wasn't appearing for me to select... When I completed that step, then the provisioning profile name appeared...
    Message was edited by: iphonemediaman

  • Windows 7 Comparability for SHA-256 (Code Signing)

    Dear All
       I want to know when the update for windows 7 (SHA-256 Code Signing Comparability -- for Kernel driver) will be available?

    Hi,
    I'm not sure whether you know this update KB 2949927, Microsoft is announcing the availability of an update for all supported editions of Windows 7 and Windows Server 2008 R2 to add support for SHA-2 signing and verification functionality.
    http://support.microsoft.com/kb/2949927
    Microsoft Security Advisory 2949927
    https://technet.microsoft.com/en-us/library/security/2949927.aspx
    This blog can also be helpful
    Microsoft Security Advisory 2949927
    http://blogs.technet.com/b/pki/archive/2010/09/30/sha2-and-windows.aspx
    Yolanda Zhu
    TechNet Community Support

  • Differences between SSL and Code-Signing Certificates

    Hello,
    I unsuccessfully tried to use a SSL - certificate for signing an applet (converting from X.509 to PKCS12 prior to signing) and learned, that SSL certificates and code-signing certificates are different things (after seeking the web for ours). Can somebody point out some source of information about this topic ? What are these differences ? Can I convert my SSL certificate into a code-signing certificate ?
    Things got even more confusing for me, since my first attempt with an wrongly converted SSL cetificate (I used my public and private key for conversion only, omitting the complete chain) at least worked partly: the certificate was accepted, but marked as coming from some untrustworthy organisation. After making a correct conversion (with the complete chain) the java plugin rejected the certificate completely ...
    Ulf

    yep, looks like it.
    keytool can be used with v3 x509 stores:
    Using keytool, it is possible to display, import, and export X.509 v1, v2, and v3 certificates stored as files, and to generate new self-signed v1 certificates. For examples, see the "EXAMPLES" section of the keytool documentation ( for Solaris ) ( for Windows ).
    jarsigner needs a keystore so I would assume public and private key pair.
    you could list the keys from your store:
    C:\temp>keytool -list -keystore serverkeys.key
    Enter keystore password: storepass
    Keystore type: jks
    Keystore provider: SUN
    Your keystore contains 2 entries
    client, Jul 5, 2005, trustedCertEntry,
    Certificate fingerprint (MD5): 13:50:77:64:94:36:2E:18:00:4B:90:65:D0:26:22:C8
    server, Jul 5, 2005, keyEntry,
    Certificate fingerprint (MD5): 20:90:49:6F:46:BA:AB:11:75:39:9F:6F:29:1F:AB:58
    The server is the private key, this can be used with jarsigner (alias option).
    C:\temp>jarsigner -keystore serverkeys.key -storepass storepass -keypass keypass
    -signedjar sTest.jar test.jar client
    jarsigner: Certificate chain not found for: client. client must reference a val
    id KeyStore key entry containing a private key and corresponding public key cert
    ificate chain.
    C:\temp>jarsigner -keystore serverkeys.key -storepass storepass -keypass keypass
    -signedjar sTest.jar test.jar server

  • Which type of code sign should I buy? simple of EV one?

    Hi,
    I have a desktop application which I need to publish to windows store. I have signed for developer account but now I need to sign my desktop app and for this I need to buy code sign certificate. I have decided to buy digicert one, but my question is which type
    of code sign will I require? There is two types, one simple and one EV code sign. 
    Will simple code sign serve my purpose of submitting my current desktop app to windows store?
    Also can I use the same simple code sign certificate (not EV code sign) to sign my metro style apps created by me later?
    Thanks.

    Some will say none. That they have never used a screen protector and never will. Others always use them. I'm one of the latter. I have a Zagg screen protector on my iPad. They are expensive but they come with a lifetime warranty, so if it gets damaged protecting your device they exchange it for free.
    I have found that you get what you pay for with screen protectors. Buy a cheap thing off amazon, you'll get a cheap thing that probably won't stay on your device.

  • Code Signing certificate expired

    Hello,
    I please need an information about SGDEE 4.1 login applet: it seems
    applet code signing certificate was expired on September 2, 2005.
    I have no problem (after I deleted all expired root certificates from
    local client repository) with Internet Explorer 6SP1, but Mozilla Firefox
    always prompt me a warning with this contents:
    Serial:     
    [62374265099632433790334794162326322759]
    Issuer:
    N=VeriSign Class 3 Code Signing 2001 CA,
    OU=Terms of use at https://www.verisign.com/rpa (c)01,
    OU=VeriSign Trust Network,
    O="VeriSign, Inc."
    Valid From: Wed Sep 01 02:00:00 CEST 2004,
    To: Fri Sep 02 01:59:59 CEST 2005
    Subject:
    CN="Tarantella, Inc.",
    OU=Digital ID Class 3 - Netscape Object Signing,
    O="Tarantella, Inc.",
    L=Santa Cruz,
    ST=California,
    C=US
    Thank you very much in advance,
    Best Regards,
    Valerio Morozzo

    I know this is an older post, but it helped me find out how to make the migration procedure for native installer. I tried it with self signed certificate created by ADT tool and everything went fine.
    But now, we obtained a commercial AIR signing certificate from Thawte and the process failes in step 3) ADT saying
    'Certificate in PATH_TO_P12 could not be used to sign setup.msi' on Windows.
    On mac, it says that signing native installer on OSX is not supported, so I skipped the signing option in step 3) and it worked fine.
    I can skip the signing option on Windows as well and the process succeeds, but running the installer on machines with previous versions of application results in "Installer mis-configured' error message - the same error as if the migration process was not applied.
    I already contacted Thawte if it is a certificate issue, reply from them was 'AIR certificate can only sign .air applications'. But when I build a native application directly from FlashBuilder and sign it with the Thawte certificate the whole process seem to succeed. The application can be installed on machines without previous version of the application. Those who already have the older version get the 'Installer mis-configured' error message.
    I want to mark out again, that the same process but with a self signed certificate created with ADT, is successfull and the application can be installer as an update on machines with older version of the app. So I assume the workflow is correct.
    Any ideas? Or somebody having the same issue?
    Thanks

  • Ad Hoc provisioning - code sign error...

    I have a bit of a problem creating the ad hoc build for the app....
    Here's what I did so far:
    1. Created the AdHoc provisioning profile on the portal
    2. Downloaded and installed it in Xcode
    3. Copied the Release configuration as AdHoc
    4. As suggested by some blogs, added the Entitlement.plist file - however, the recommended entries are not to be found in the plist file! That line is "get-task-allow" in the xcode window
    The link below points to a screen capture that shows what's happening:
    http://www.mediafire.com/imageview.php?quickkey=43endcalxt7jde4
    top_left: blog that suggest the line to be present in Entitlements.plist file
    top right: xcode window that shows the code sign error and the .plist file
    bottom left: the build parameters for the Ad Hoc build
    bottom right: info about Ad Hoc profile in the organizer. Note the App Identifier.
    The code sign error mentions AppID that is different from the one shown in the Organizer window.
    Help!!
    -S-

    I had to create new profile and that fixed it. Originally, I had used the Bundle name for the current app in the store.
    I was able to make the AdHoc build and distribute it.....

  • Code Signing Cert for AIR and MSI

    If a Code Signing Certificate for AIR is purchased, can that same certificate be used when distributing the package using MSI?
    Or does it not matter as long as the AIR app is signed?

    No, this was a different problem that created similar symptoms.
    I just found out that, since Director 11.5, we can put the Xtras folder inside a projector. I was relying on outdated documentation, both online and in my mind, which said the xtras had to be next to the projector.
    Weirdly, putting the Xtras folder inside the Contents folder (inside the bare stub projector) solved the problem I was having: my sound was not functioning after I code signed the xtra that enables sound. Now it works fine.
    I also created an error when my projector's INI file set Movie01 to a Director movie in the same folder as the projector. Now I have it instead point to a movie in the Resources folder of the projector. So maybe I will just throw all my movies and supporting files in the Resources folder.
    I too am thinking of documenting the process, once I know customers are buying my app and using it successfully. Maybe I'll use screen recording to create a set of YouTube tutorials. That can spare others from this confusion and aggravation, and encourage people to buy the latest version of Director and update their old products. The more money that Adobe earns from Director, the more they will be encouraged to invest in developing Director further.
    If Apple will accept apps without receipt validation, that will certainly simplify things. I saw an Apple web page that stated it was mandatory, but that page has been changed. Maybe validation is optional but no longer required.
    For details, check this:
    https://developer.apple.com/library/mac/releasenotes/General/ValidateAppStoreReceipt/Intro duction.html
    but luckily there is source code out there that can be used to handle those technical details.
    I'm wondering how you applied your set of icons to your bare stub projector. Did you simply replace the projector.icns file? I created an error when I tried that.

  • Code signing certification

    hi,
    It's a mystery to me exactly what's required here. There are companies in the listing provider in the documentation for the Exchange (https://www.adobeexchange.com/resources) which provide certificates for Adobe AIR software:
    https://www.globalsign.com/code-signing/adobe-air.html
    http://www.thawte.com/code-signing/index.html
    and there are others that do the same thing but are not listed:
    http://www.digicert.com/code-signing/adobe-air.htm
    Does anyone have any guidance on whether the certifcates provided by these companies are exactly what is needed for Configurator? Will such a certification be in the "p12" format?
    (It might be quite expensive to make a mistake here!)
    thanks for any advice,
    John

    ... an update ...
    The key (joke!) to this appears to be in this recently issued document: http://www.adobe.com/devnet/creativesuite/sdk/eula_cs6-signing-toolkit.html
    The kit to be downloaded is at a link all the way at the very bottom, beyond item 16.16 of the legalese.
    John

Maybe you are looking for

  • Filling in an InDesign Template with Applescript

    I also posted this in an InDesign scripting forum, but I thought I'd see if anyone here had any ideas. I'm working on a script to fill in an InDesign template I've created. The template consists of 8 text frames, each with a logo placed as an in-line

  • Whats the best way to HTTP post a CLOB from your DB to someones servlet?

    So, I basically need to send an http request (post), in MIME format with a few parameters and an attached "file" (the CLOB), out of our database. Using UTL_HTTP seems like it would be a lot of work because it would require use to build the MIME conte

  • Document Number range autmatically getting updated

    Hi, I m in SAP ECC 6.0 and new GL concept is activated. I am posting a document. Document number is generated. But the update error is given. When i saw the document number range status in document number in general ledger view, the document number i

  • Divorced and need to move stuff to my ex's account

    Hello all, I am sorry if this is somewhere else, but I have searched high and low and can't get a straight answer. I have an appleid that my wife and I have always used. Now we are getting divorced and I want her to keep all of the content for hersel

  • I am getting an ITunes.exe system error MSVCR80.dll how can I fix this?

    I am trying to sync my phone to my laptop. ITunes was installed and has been working. All of a sudden I am gettingan ITUNES.EXE system error MSVCR80.dll is missing. I have removed the ITunes from my computer and reinstalled it ... It did not install