Digitally signing an AIR file

This question was posted in response to the following article: http://help.adobe.com/en_US/air/build/WS5b3ccc516d4fbf351e63e3d118666ade46-7ff0.html

Hello,
this documentation page at the "Changing certificates" section says:
        In some circumstances, you must change the certificate you use to sign updates for your AIR application. Such circumstances include:
                1. Renewing the original signing certificate.
                2. Upgrading from a self-signed certificate to a certificate issued by a certification authority
                3. Changing from a self-signed certificate that is about to expire to another
                4. Changing from one commercial certificate to another, for example, when your corporate identity changes
What about "Downgrading from a certificate issued by a certification authority to a self-signed certificate" please ? e.g: the opposite of the second circumstance listed in this part of the documentation.
Considering that we respect the 180 days limit after certificate's expiration date:
Is it possible to move from certificate issued by a trusted CA to a self-signed certificate ?
And then move back from the self-signed certificate to a new certificate issued by the same trusted CA as the old one ?
I ask about this because :
Our application's certificate issued by Thawte has expired for 30 days.
Thawte can't provide us a new certificate before the 180 days limit is reached.
So we consider to move from the expired Thawte certificate to a self-singed one. And then move back from the self-signed certificate to the new Thawte certificate which they will give us in the future.
Since we have a big amount of users, we'd like to be sure that this will work and everybody will be able to update the application without any troubles related to the "old expired Thawte certifcate => self-signed certificate => new Thawte certificate" migration.
Thanks for your help

Similar Messages

  • Digitally sign multiple pdf files

    How to digitally sign multiple pdf files with adobe acrobat XI?

    Are you trying to apply certificate-based encryption or add a signature to a PDF form field?
    The first one is easy with Acrobat Pro; just create a new Action with the encryption task set to your requirements, then run the Action against a folder of files.

  • Digitally sign a jar file for distribution?

    I recently got a jar of mine hosted for client use though a web page.
    The problem is that the jar needs to access the internet for several functions. JWS prompts the user for security reasons every time it makes a connection to a new url endpoint. Since one operation alone can hit 56 url's i thought this could be a bit of a hassle to the users.
    The solution, as I understand it to be, is to digitally sign the jar file, so the user is prompted once on download.
    I found a site ascertia which offers free certificates, but for the life of me I canb not get this to work.n I have seen keytool generate numerous errors, none of which mean anything to me. (too long >59, cant read chain from reply, invalid cert)
    Does someone know a clear and thorough tutorial on digital code signing and certs? Or a CA that provides certs for free, and has some instructions to go along?
    Thanks so much.
    The step i have trouble on is turning the CSR into a cert, and importing the returned cert back into the keystore.

    Masterkeedu wrote: !! It worked.
    Congratulations. :-)
    Masterkeedu wrote: So it's not certified, but is signed.
    So as I understand this, it means the end-user has no way to know it was me that truly signed it. But relies on their common sense I suppose.
    That is correct. The CA has verified, and is certifying, that you are who you claim to be. If you or I use a 'self signed' certificate, it does not carry the same level of trust. As you might understand already, the dialogs are different between the two certificate types, and some users cannot accept trusted code from an unverified (self-signed) certificate.
    I have been meaning to write a page on the differences between the two certificates. It is well worth looking into getting a cert. from a CA.
    There was a stage when one of the major CAs were offering 'freemail' certificates that came emblazoned not with your name, but 'free mail' itself. I did not like them because of that, and continue to use a self-signed certificate.

  • Digitally Signing Flex/AIR Application

    I am looking for some help with updating an AIR application with a renewed certificate.
    The way that Adobe AIR handles digitally signed certificates is fairly confusing. I think it has changed with the release of AIR 1.5.3 and this change has caught us off guard and has resulted in some problems.
    According to the Adobe website: Prior to AIR 1.5.3, signing an AIR application with a renewed certificate did not always require a migration signature. Starting with AIR 1.5.3, a migration signature is always required for renewed certificates.
    Furthermore: The certificate must be changed before the original certificate expires. If you do not create an update signed with a migration signature before your certificate expires, users will have to uninstall their existing version of your application before installing a new version. As of AIR 1.5.3, an expired certificate can be used to apply a migration signature within a 180 day grace period after the certificate has expired. (You cannot use the expired certificate to apply the main application signature.).
    See:
    http://help.adobe.com/en_US/AIR/1.5/devappsflex/WS5b3ccc516d4fbf351e63e3d118666ade46-7ff0. html#WS5b3ccc516d4fbf351e63e3d118666ade46-7cca
    http://help.adobe.com/en_US/AIR/1.5/devappsflex/WS13ACB483-1711-43c0-9049-0A7251630A7D.htm l
    BOTTOM LINE:
    We did not create a "migration signature" within the 180 grace period because we had no updates (bug fixes or enhancements) to our application during this time. When I finally did prepare a new release of our application and signed it with our new certificate, the Adobe installer is not recognizing the new application as an UPDATE of the old application so when you try to install it, the user gets an error message that an application that the same name is already installed. In the past, the installer recognizes the new application as an update and it replaces the old app. I think there may be a way for me to handle this properly, but all of my attempts so far have not produced the results I am looking for.
    The issues may be related to specifying a Publisher ID. We may need to specify the publisherId in the descriptor.xml file, which we have never had to do in the past. However, the publisherId property may only be available in 1.5.3. I have been having trouble specifying the 1.5.3 name space (<application xmlns="http://ns.adobe.com/air/application/1.5.3">). I think that must only be available for newer versions of the compiler. I am currently using 3.5.
    Are there any experts on this topic that can explain How I can package my updated app so that the installer recognizes it as an UPDATE and not a NEW APP with the same name (which doesn't work)?

    Any ideas on this?

  • Is it possible to digitally sign a jar file that will be used to install CF in WebSphere?

    I am currently working for a contractor for the DoD. We are maintaining a project that uses CF installed as an application through WebSphere. We are currently going through a security checklist and being asked to provide evidence that the CF application has a digital signature. From what we can gather they are looking to see that the jar file installed into WebSphere is digitally signed. We have reached out to IBM, and have received a response that digital signatures are recognized by WebSphere.
    Unfortunately, it seems that those that are looking for the evidence do not know much more than what the checklist requirement states. They cannot provide more details or expand on what they need. Any assistance or advice in this matter would be appreciated.
    Thanks,

    Masterkeedu wrote: !! It worked.
    Congratulations. :-)
    Masterkeedu wrote: So it's not certified, but is signed.
    So as I understand this, it means the end-user has no way to know it was me that truly signed it. But relies on their common sense I suppose.
    That is correct. The CA has verified, and is certifying, that you are who you claim to be. If you or I use a 'self signed' certificate, it does not carry the same level of trust. As you might understand already, the dialogs are different between the two certificate types, and some users cannot accept trusted code from an unverified (self-signed) certificate.
    I have been meaning to write a page on the differences between the two certificates. It is well worth looking into getting a cert. from a CA.
    There was a stage when one of the major CAs were offering 'freemail' certificates that came emblazoned not with your name, but 'free mail' itself. I did not like them because of that, and continue to use a self-signed certificate.

  • Can no longer digitally sign PDF's with Adobe Reader 9

    On our government network some of us have been upgraded to Adobe Reader 9 but now we can no longer digitally sign some PDF files.
    People with Adobe Reader or Pro 8 can. Here is a link to one of the documents:
    www.unl.edu/nrotc/Nc3065.pdf
    I'm also attaching the document.
    The document security shows as "Digital signing allowed" in Adobe Reader 8 but "Not allowed" in Adobe Reader 9.
    Is there something wrong with Adobe Reader 9 or something we need to change?
    Any constructive advice would be appreciated.

    I cannot say for sure, but some of the technology the government uses (like the IRS) uses older technology that is no longer support in version 9. For example the IRS tax forms cannot be fillied in and saved using Reader 9. My bet your seeing a similar problem. There is no workaround. You will need to go back to Reader 8 or get Acrobat 9 Pro or Standard.

  • Creating a visible signature on multiple pages when digitally signing a PDF

    When I digitally sign a PDF file, is there a way to make the visible signature appear on every page of the PDF at once, instead of just the current page?  Specifically, I'd like to place a scan of a professional engineer's seal on every sheet of a PDF containing MEP drawings, in one step, as I digitally sign the file with Adobe Acrobat.  I've done some research and haven't found any relevant information for this particular question, so maybe it's not possible?  I'd like to know for sure, one way or the other.
    Thanks much.
    Robert

    The appearance of a signature is something of no importance at all, so just stamp the pages first, then sign withou an appearance.

  • How to digitally sign a PDF?

    How can I digitally sign a PDF file received by email?

    Please see this video from Acrobatusers.com's Donna Baker (there is no audio)

  • Digitally signing AIR apps for the client

    How does a developer digitally sign a client's application
    without requiring the client to have to purchase the certificate?
    We want to do this for them. Are there any options for the
    developer?

    What happens when a certificate applied to an AIR app.
    expires? Does anyone know the technical details of the process? Is
    the expiration date embedded in the cerficate? Will the installer
    just revert to an UNKNOWN publisher or present another message,
    such as certificate expired? Will the installer still work?
    My Web guy thinks we can purchase the certificate for our
    client after discussing this process with them, by being listed as
    the technical contact and getting their contact info (like we can
    with SSL certificates). We do NOT want to put the customer through
    the below steps. There is a document though on Thawte's website
    that says the business and technical contacts must be from the same
    company though. This document
    (https://www.thawte.com/guides/pdf/enroll_codesign_eng.pdf) says
    nothing about AIR though.
    Here's some text Thawte sent me:
    ENROLLING:
    1. Visit
    https://www.thawte.com/process/retail/new_devel?language=en&productInfo.productType=devel 2
    2 Select the Adobe AIR Developer Certificate
    3. Enter the required information in the enrollment process
    "step 1 Configure your enrollment"
    Note: As part of this process a private/public key pair will
    be generated by thawte. The private key will be automatically
    stored within the Firefox keystore.
    4. Click Submit to complete your enrollment.
    5. Click Accept after confirming that all information entered
    on the enrollment page is correct.
    6. After the certificate is issued, log into the status page
    using the link provided in the confirmation email to download the
    certificate.
    7. Click on "Fetch Certificate" and the certificate will
    automatically be saved to the Firefox keystore.
    8. Export the private key and certificate from the Firefox
    keystore.
    The exported file can now be used to sign the Adobe Air
    application.
    FIREFOX INFO:
    You must use FireFox to initiate the Adobe AIR developer
    certificate browser and to obtain the certificate.
    1. Visit
    https://www.thawte.com/process/retail/new_devel?language=en&productInfo.productType=devel 2
    2 Select the Adobe AIR Developer Certificate
    3. Enter the required information in the enrollment process
    "step 1 Configure your enrollment"
    Note: As part of this process a private/public key pair will
    be generated by thawte. The private key will be automatically
    stored within the Firefox keystore.
    4. Click Submit to complete your enrollment.
    5. Click Accept after confirming that all information entered
    on the enrollment page is correct.
    6. After the certificate is issued, log into the status page
    using the link provided in the confirmation email to download the
    certificate.
    7. Click on "Fetch Certificate" and the certificate will
    automatically be saved to the Firefox keystore.
    8. Export the private key and certificate from the Firefox
    keystore with this solution: SO6899
    The exported file can now be used to sign the Adobe Air
    application.
    The a guide to signing the application can be found in SO6896
    Note: When exporting the private key and certificate from
    Firefox, it ill be exported in a .p12 (pfx) format which ADT, Flex,
    Flash Authoring, Dreamweaver, and Apatana tools can consume.
    Thawte will perform an Identity verification process, which
    may take 2-5 working days, and may need additional information.
    https://www.thawte.com/ssl-digital-certificates/free-guides-whitepapers/pdf/enroll_codesig n_eng.pdf
    After verification is complete, Thawte will email you
    instructions on how to retrieve the certificate.
    Please make sure that you retrieve the certificate using
    Firefox.
    How to export the private key and certificate from Firefox to
    sign Adobe®AIR™applications
    Solution ID: SO6899
    Adobe®AIR™ Developer Certificates can use a .pfx
    or a .p12 file to sign applications. Please follow the steps below
    to export the certificate with the private key from Firefox:
    1. A. Start Firefox
    B. Select Tools
    C. Select Options
    D. Select Advanced
    E. Select Certificates
    F. Select Manage Certificates
    Note: On a MAC OS go to Firefox > Preferences >
    Advanced > Certificates > Manage Certificates
    2. Select your signing certificate you retrieved from the
    status page and click the Backup button.
    3. Enter the file name and location to export the certificate
    and private key to and click Save.
    4. If you are using the Firefox Master Password, you will be
    prompted for your master password for the software security device.
    5. From the "Choose a certificate backup" password dialog
    box, enter a password to create/export the certificate.
    6. Enter the password twice and click OK. You should receive
    a successful backup password message.
    7. Use this .p12 (pfx) file within ADT, Flex, Flash
    Authoring, Dreamweaver, or Apatana tool.
    When prompted for a password, use the password for the .p12
    file export in step 5.
    8. Sign the application.
    Follow the steps below to sign Adobe®AIR™
    applications:
    1. Open AIR Application and Installer Settings from the Adobe
    Air application
    2. Click Set button under Installer settings, next to Digital
    signature
    3. In the Digital Signature dialog box, click Browse.
    4. Select the certificate.
    5. Enter a password.
    6. Click OK
    The application now has the digital signature applied.

  • How to automate digital signing PDF Files in batch

    I am trying to find a way to automate as much as possible the placing of a digital signature on a set of PDF documents.  We have Adobe Acrobat Pro 8.1 and the machine has MS Office 2003 with Vista Business.  Here's a scenario:  A set of documents exist in a TO-BE-SIGNED folder, each unsigned.  The user uses MS Access 2003 form with a button with VBA code to open and show the first document in the folder.  The AcroExch.App, AcroExch.AVDoc, and AcroApp.Show APIs are used to do this.  I found code on the internet to do that.  Rather than having my client now have to go through all the manual steps to place a digital signature on the document, I want to streamline it to a single click if possible.  Right now he has to click Advanced > Sign and Certify > Place Signature > then click and drag > then enter his password > then click sign > then save and close the doc.  Can all this be automated?  An added bonus would be automatically saving or moving the signed doc to a different folder when it is signed.
    I have created a stamp that allows me to add a stamp with just two clicks.  Can such be done to add a digital signature?  Is it possible to add a button to the toolbar to do this?  Can it be done in Access VBA using some Acrobat API calls?  Another feature I want to include is moving quickly from one document to the next in the TO-BE-SIGNED folder.  Like the arrow buttons take you from page to page, can a button be added to the Acrobat toolbar to take you from doc to doc in a particular folder?  Or can that be done using VBA and some Acrobat API calls?  To maintain the security of the password protection and yet cut down on clicks and keystrokes, I would like to input the password just once at the beginning of the session and have it remembered or applied to all the docs that get signed as long as that session is open.
    I've found some software that purports to do much of the above, but they are all very expensive and assume a big business with big bucks.  If anyone knows of inexpensive software that will REALLY do this, I'm open to that as well, though I'd like to control the process myself if possible.  I consider myself a beginner with Acrobat and using API calls and would appreciate any help anyone can give.  Is the above clear and even possible?
    PS:  I'm new to this site and using SDK.  I posted this under Security (thinking digital signatures) and was asked to post it here, which I'm glad to do.
    Thanks much!

    Our workflow is such that on infrequent occasions, we have a digitally signed PDF file and the doctor wants to append a scanned note to it.  In the past, we could do this, but not now.  In the past, when we added the scanned doc, we received a message saying that the doc is already signed and asking if we want to overrwrite the doc.  If we respond Yes, then Acrobat would allow it and the signature would indicate that the original part of the document was not modified, but that something had been changed--namely, a doc had been appended.  The signature indicated that something had changed since it was added, but it still allowed the append.  The signature would have an exclamation point in a yellow triangle indicating the doc had been updated since signed.  For our purposes, that was okay because we know what the change is based on the original doc and we know what is appended.  Now, however, we cannot append at all.  The only thing that is different that I know of is that the doc was signed with software that is not Adobe Acrobat, even though the other software uses an Adobe Acrobat self-created digital signature.
        I hope I've explained that clearly enough.
    Thanks for your help.

  • Adobe PDF iFilter 9 for 64-bit platforms does not index my PDF files with Digital Sign

    Adobe PDF iFilter 9 for 64-bit platforms does not index my PDF files with Digital Sign, why?

    hi  Phillip
    i am not sure what you mean
    I downloaded the ifilter and installed it
    then configured everything as shown in the pdf file
    I tried indexing from scratch exactly as i did successfully in the other computer
    and got some errors in the log file
    i checked the sql server log and the event viewer logs and got :
    Error '0x80004005' occurred during full-text index population for table or indexed view '[Pirsumim_ext_ck].[dbo].[T_PUBLICATIONS]' (table or indexed view ID '2073058421', database ID '14'), full-text key value 0x0000027A. Attempt will be made to reindex it.    
    The component 'PDFFilter.dll' reported error while indexing. Component path 'C:\Program Files\Adobe\Adobe PDF iFilter 9 for 64-bit platforms\bin\PDFFilter.dll'.   
    Informational: Full-text retry pass of Full population completed for table or indexed view '[Pirsumim_ext_ck].[dbo].[T_PUBLICATIONS]' (table or indexed view ID '2073058421', database ID '14'). Number of retry documents processed: 1. Number of documents failed: 1.
    Changing the status to MERGE for full-text catalog "Pirsumim_ext_catalog_ck" (5) in database "Pirsumim_ext_ck" (14). This is an informational message only. No user action is required.
    Informational: Full-text Auto population initialized for table or indexed view '[Pirsumim_ext_ck].[dbo].[T_PUBLICATIONS]' (table or indexed view ID '2073058421', database ID '14'). Population sub-tasks: 1
    the same dll worked fine in another computer...
    how can i see more details what is wrong with this dll  ?
    meidad

  • Cannot save file after it is digitally signed

    Hello, I work for the IT Dept at my company and one of our employees is having trouble saving PDF files after digitally signing them.  He received the error message:
    The document could not be saved.  Can not save to this file name.  Please save the document with a different name or in a different folder.
    After each signature, Acrobat asks to save the file, which he does.  The strange thing is that he may sign the same document 4 times, and the error might only occur on the last attempt to save.  It will successfully perform it the first three times.  I cannot find a pattern to the errors.  The times he gets the error messages don't necessarily all happen on the last attempt, it might be the first or the middle.  I have tried updating the program and searching around through the options to find any setting which may be applicable, but have had no luck.  I have been trying to solve this problem for a few days now and I can't make any progress.
    Does anyone eles have this problem or have a solution?

    I don't have an answer as I have never seen the problem. However, for those that might be able to answer the question they will likely want to replicate the problem. It would be helpful to know what OS (and if 32 or 64-bit) and what version (include subversion) of Acrobat -- latest 10.1.4. If you can create a sample document that has the problem, then folks may have an easier time to repeat it. A document can be posted either at one of your sites, Acrobat.com, or maybe dropbox.

  • Files encrypted and digital signed with cFolders

    Dear all,
    Currently I'm involved on a PPS project with cFolders. This project has legal requirements that consist in implementing encryption and digital signature in files which will be uploaded to cFolders. I've been searching on SAP Help, SDN and Service Marketplace about APIs to work with cFolders with encryption and digital signatures, but I didn't find related documents. It seems there is no documentation regarding such scenarios...
    Anyone has experience in cFolders with files encrypted and digital signed?
    Thanks in advance & regards,
    Ricardo.

    Hi Federico
    If I understood your solution you are signing your documents in a Webservice provided from a CA. For that youu2019ve created an RFC dest type G over ssl (https) and used the class CL_HTTP_CLIENT. So your requirement is only to sign documents, right?
    Well my scenario seems a little bit different as Iu2019ve to encrypt the file and also sign it. The signature is done on useru2019s laptop trough a smartcard (hardware device connected via USB that reads the chip the certificate assigned to our identity card) and cannot be signed from other entity than the user itself.
    Did you explore the PGP alternative? cFolders supports this kind of files (*.pgp). The PGP (Pretty Good Privacy) is a popular program used to encrypt and decrypt files, e-mails, etc.
    Today I installed a trial version of a PGP tool. I tested the encryption/signature with files on my desktop and it works fine. I tested a Public Key scenario where the owner publishes his PK in cFolders and the requester gets this PK in cFolders as well. The requester now can encrypt documents and upload them to cFolders with the public key provided by the owner; the owner itself has the private key to open the encrypted file (extension .pgp) after upload. But over the encrypted file the requester must sign it with his private key (another certificate) provided by a CA and here starts the second challenge...
    In cFolders after the file upload the system should gets the requester digital signature and sends it to CA for validation, only after that we know if the requester is a trusted partner or not. To do this we are thinking to use a Webservice provided by the CA, however I don't know how to extract/get the signature in the file encrypted/signed from PGP and uploaded to cFolders.
    Do you have any idea?
    Thanks & regards,
    Ricardo.

  • Error creating AIR file: Unable to build a valid certificate chain for the signer.

    Hi, My boss got a certificate from Thawte, and I'm getting this error message when building my AIR app.
    Error creating AIR file: Unable to build a valid certificate chain for the signer.
    I'm on windows XP.
    thanks,
    steve

    To manage your code signing certificate, please see
    http://www.adobe.com/devnet/air/articles/signing_air_applications_print.html
    The error you are seeing is typically caused by exporting a cert without the trust chain.   On Windows, in IE, you can manage your keystore by going to
    Internet Options > Content > Certificates
    When you export the certificate needed for signing your app, be sure to check “Include all certificates in the certificate path, if possible”.

  • Where should the Green Tick get displayed in digitally signed pdf files in whom the Signature has been validated ?

    I have Windows 7 & Adobe 11 installed on my P.C (Apart from other Software) . Recently I downloaded Digitally Signed .pdf files & validated the Signature with Trust Certificates . However , the Green Tick Mark is coming on the left-hand side of a blue panel situated in-between the menu bar & the document . Shouldn't it be coming at the bottom right side of the document (Just above the name of the signatory) ? Is there anyway I can get the green tick to display at the bottom right side of the document or is this just the way the green tick gets displayed in current versions of adobe reader ?
    This is the way it gets displayed on the top - left portion of the screen :
    However , it does not get displayed in the below manner :

    First of all, you need an app on the iPad that can read those files that you want to transfer. Adobe Reader and iBooks are two free apps that will read PDF files. Adobe Reader is much more robust than iBooks as it offers so many more features like renaming files, creating folders, annotating, highlights, etc.
    Download Adobe Reader in the App Store. Then read this about file sharing with iTunes.
    iOS: About File Sharing - Support - Apple
    There are other ways to get files to the iPad, like email, DropBox and some other apps that let you mount your iPad like a flash drive.
    This should be helpful as well.
    iTunes 11 for Mac: Set up syncing for iPod, iPhone, or iPad

Maybe you are looking for