Document signing requires code signing certificate
Prior to applying update 11.0.9 we could use more certificates to sign Reader Document. Now only Code signing certificates or ones with All Purposes work.
Our users do not have Code Signing certificates or ones with all purposes.
What changed? And how do I get my original certifcates working again for signing?
Hello Jeff,
The behavior change you've noticed with your certificates in version 11.0.9 is not a bug.
In version 11.0.9, Adobe introduced changes in the way digital certificates are filtered for signing.
The changes were made in order to align certificate use more closely with the spec, RFC 5280.
Starting in version 11.0.9, Acrobat/Reader filter off of the extended key usage (EKU) extensions in addition to the Key Usage (KU) extensions.
The certificate you mention with the EKU extension OID (1.3.6.1.4.1.311.10.3.12) is purposely filtered out.
Starting in version 11.0.9, certificates that are available for signing must have a Key Usage extension of digitalSignature or nonRepudiation. Or no KU extension.
If an EKU extension is present, it must have a value of emailProtection or codeSigning or anyExtendedKeyUsage (OID 2.5.29.37.0).
These changes are not present in the current release of Acrobat/Reader X 10.1.12.
Documentation on this topic is not yet available.
Regards,
Charlene
Similar Messages
-
Required code signing error.....
Hi i have a blackberry application that is developed with out any locked APIs. when i attempt to run that application in my blackberry curve mobile iam getting an error "module must be signed with the RIM Runtime Code Signing Key(RRT)".
Please advice me to get out from this problem
Thank you....Seems that you have used signed RIM api.
You need to sign your application.
Go to the page: https://www.blackberry.com/SignedKeys/
and purchase signature keys. It costs 20 USD for unlimited qty of signatures and unlimited time frame.
Message Edited by tbilisoft on 08-12-2008 06:57 AM -
Hi,
I created several OS X Apps using Adobe Air. That worked quite well before. Now I have do update my OS X Apps - therefore I also needed update my certificates. [ I'm using Flash CC 2014 on OS X Yosemite 10.10 ]. But whatever I do it doesn’t work anymore. I always get this Message saying:
Unable to build a valid certificate chain for the signer.
I googled a lot and the only "guide" I found is this post (from April 2013) about code singing - http://scottgaertner.com/code_signing/
I’m not used to deal with this kind of stuff (CA etc.) - so it's quite confusing to me.
Would anybody please be so kind and tell me what I have to do?
Is there any instruction from Adobe? (I didn't find one yet)
A step by step instruction for absolute dummies would be great!
Best regards and thank you in advance
JanHi Mukesh,
I installed the Flash CC 2014 update and added some Certificates from Apple to my Keychain. Now EVERYTHING works fine again!! :-)
Thank you very much for the Update! :-) Good job!
Best regards
Jan -
Code signing from cli in 10.6
Hello,
I'm new to code signing on OS 10.6 and I assumed it works the same way as 10.5. I installed my Mac pk12 Thawte certificate into my login keychain.
No matter how I try to sign with codesign on either an unsigned code or previously signed by another party, I get the same error: code object is not signed
$ codesign –sign ‘My code signing certificate" --force --verify file.dmg
File.dmg: code object is not signed
$ codesign –d –v --verbose file.dmg
File.dmg: code object is not signed
Any suggestions on how to resolve this?
Thanks,
-SeanWell, a few weeks ago this site used a .dmg as an example, but since have changed the example to be for .app:
http://www.digicert.com/code-signing/mac-os-codesign-tool.htm
And I misunderstood the development team I support. I thought they were signing their .dmg with a self-signed test certificate during development but it turns out they were not.
Can someone from Apple Support please list the file types that codesign in OS 10.6.7 will sign? -
Code signing with 3rd-party certificate fails
Hello everybody !
I'm about to sign an app written in Xojo on OS X 10.10 with a class-2 code object certificate issued by StartSSL. On Windows this is working fine, but signing on OS X leads to the "app from an unknown developer" message.
For signing I'm using the codesign utility:
codesign -s "Mario Hammer" -f -v "My App.app"
or codesign -s "Mario Hammer" --deep -f -v "My App.app"
It returns "signed bundle with Mach-O thin (i386) [com.mariohammer.testapp]".
Signature checking with spctl --verbose=4 --assess --type execute "My App.app" returns 'My App.app: rejected'.
And codesign -dv "My App.app" returns this:
Executable=/Users/mario/Desktop/Test/My App.app/Contents/MacOS/My App
Identifier=com.mariohammer.testapp
Format=bundle with Mach-O thin (i386)
CodeDirectory v=20100 size=67752 flags=0x0(none) hashes=3381+3 location=embedded
Signature size=5893
Signed Time=05.11.2014 15:51:59
Info.plist entries=13
TeamIdentifier=not set
Sealed Resources version=2 rules=12 files=22
Internal requirements count=1 size=100
I have also tried to manually sign each file within "My App.app", but same result.
I'm not sure where to look at fixing this. Any help is highly appreciated.
Looking at my key chain, I have a key chain "Anmeldung" (not sure how this is labelled in English) that contains my private key and my certificate (as two separate entries, key is listed first). Clicking "Information" shows my cert with "Certificate is valid" and a green sign.
Using the certificate assistant to verify my certificate, it shows "Checking state: No root certificate found" and "Certificate condition: Good".
The root certificate however is there (the intermediate certificate "StartCom Class 2 Primary Intermediate Object CA" is in my "Anmeldung" keychain and the root certificate "StartCom Certification Authority" is on my "Anmeldung" key chain as well as on "System" pre-installed (cannot change anything there).
Any help you can provide me with is highly appreciated.
Sincerely,
Marco.There is no special reason. But since I don't intend to sell over the AppStore and I already have that membership at StartSSL (server and e-mail certificates), I thought I can save $99 registration fee for the Apple Developer Program.
So I appreciate any help. :-) Even it just means that I need to buy the Apple membership, too... but I want to get rid off this annoying and trust-stealing "app not from a certified developer" message. -
Code-signing Certificate Renew issue
We recently renewed our Verisign code-signing certificate, only to discover that it breaks the auto-update process with the notorious error "This application cannot be installed because this installer has been mis-configured." We were able to make it work by using the ADT -migrate command. That is all well and wonderful. But there are two issues I see. First, there is a 180 day cut-off, beyond which users can no longer be updated. Then, when our certificate gets renewed again next year we might be stuck in a situation where we have to choose which users get to be updated and which are orphaned and are forced to uninstall/re-install.
Furthermore, how much of this pain we have to live with becomes a function of how long a certificate we are willing to pay for. If we're a small company forking out the money for a 3 year certificate might be kind of painful. Why should this be a factor? Why is it not straight-forward to renew the same certificate and have installations back to the beginning of time be alright with it?
It could be there is something about the renewal process that is not right. However, when I renewed my Verisign cert their process pretty much forced me to keep everything about the renewed cert the same as the original, otherwise it would not be a 'renewal'.
If there is an arcane trick we are missing I would be most appreciate to know what it is. This should not be this difficult.
Thanks
KevinHi Kevin,
I've asked around and learned that the process as you describe is "as designed". However, there are stratigies for minimizing the downsides.
For more information, please see the following documents:
AIR 2.6 Extended Migration Signature Grace Periods
Update Strategies for Changing Certificates
Update Your Applications Regularly
Code Singing in Adobe AIR
Hope this helps,
Chris -
What does this mean and how do I fix it? Error ITMS-9000 "Invalid Code Signing The executable ´viwer.app/ viewer´ must be signed with the certificate that is contained in the provisioning profile"
If you had Firefox save your Yahoo password, first try deleting that here:
orange Firefox button ''or'' classic Tools menu > Options > Security > "Saved Passwords"
The "signed out" message seems to be related to how Yahoo authenticates you. Some users have reported that disabling automatic proxy detection solves the problem, and it also resolves an issue of getting logged out every few minutes, if you have ever experienced that.
To make the change:
orange Firefox button ''or'' classic Tools menu > Options > Advanced
On the "Network" mini-tab, click the "Settings" button, then choose "No Proxy" and OK your way back out.
If your work connection requires you to use a proxy server, try the "Use system settings" option instead.
Does that help? -
Windows Code Signing Certificate
How to convert Windows Code Signing Certificate from p7s format to AET format
Where did you get this 'p7s' file? Did someone try to send you an AET in an SMIME encoded message?
File extension: p7s, is usually associated with a file containing PKCS #7 signed data and 'AET' usually refers to an 'Application Enrollment Token', which is associated with Windows Phone Enterprise application management.
To create an AET for Windows Phone you need to have a proper code signing certificate from Symantec. (...you can't use just any code signing certificate.)
When you obtain a code signing certificate from Symantec it should be installed into your computers certificate store. You can then export the certificate and private key to a *.pfx file to use for signing apps or if you need to move it to a different
computer.
see:
Windows Phone 8: Steps to acquire an Enterprise Mobile Code Signing Certificate required to sign LOB or company apps
and:
Frequently asked questions about Windows Phone Company Hub apps
Eric Fleck, Windows Store and Windows Phone Developer Support. If you would like to provide feedback or suggestions for future improvements to the Windows Phone SDK please go to http://wpdev.uservoice.com/ where you can post your suggestions and/or cast
your votes for existing suggestions. -
Managing Windows Phone's and Symantec Code Signing certificate
Hi,
We need to renew the code signing certificate from Symantec. However, we only use it to manage the Windows Phone devices and don't publish apps. Do we still need to spend $300 on renewing this cert? Can't I manage them for free like our iOS and Android devices?You REQUIRE the Symantec Code Signing Certificate to manage Windows Phones via Windows Intune. This is a requirement of the device rather than the management solution.
You CAN manage Windows Phones without this cert using only Exchange active sync management in Intune. However this management is very basic and has no advanced features (basically the features provided by Exchange rather than Intune).
Gerry Hampson | Blog:
www.gerryhampsoncm.blogspot.ie | LinkedIn:
Gerry Hampson | Twitter:
@gerryhampson -
Code Signing Certificate Renewal for Profile Manager
Currently we have around 800 ipods/iphones around the globe that were all enrolled into our Profile Manager in the past year. In one month our Code Signing Certificate will expire on ALL of those devices. I have updated the certificate on our Profile Manager server and installed that into the Profile Manager.
How do I update all of the devices in the field with the new certificate? It is not possible for every one of those devices to be re-enrolled. These are systems that we give to our customers to use for a specific purpose and they have no clue how to do anything with the MDM or the profile manager. Apple - this wasn't well thought out...After loading the new certificates into the OS X Server box, the client devices will have to use the Profile Manager User Portal to load the updates.
Here is the Apple documentation on updating the Profile Manager certificate (HT5358), though you may well have found that document already.
Unfortunately, the users have to navigate to the portal for that, or you'll have to manage a short-notice device swap. (If it were even possible here, I'm not sure I'd want folks loading new certs via email, either...)
If the existing Profile Manager solution doesn't meet your particular needs, then there are alternative MDM solutions around from other vendors, and that are also compatible with the OS X Server and iOS provisioning mechanisms.
{FWIW, this is a user forum and the folks from Apple may or may not see your report. If you have acccess to it, the Apple bugreport tool is a common way to log an enhancement request that the folks from Apple will see.} -
Profile Manager Code Signing Certificate from GoDaddy .spc
Convert the .spc to .cer for Profile Manager compatability.
Thought I'd share how to convert a code signing certificate acquired from go daddy as it downloads as a .spc file that Profile manager will not accept.
When you download your code signing certificate from go daddy it will be a .spc file as stated above, and profile manager needs a .cer file.
Take your .zip file over to a Windows 7 or better PC and double-click the .zip file.
Then double-click the enclosed certificate.
This will open the windows certmgr.
Expand the certificate and locate your certificate (Should be the one with your company name )
Right-Click the desired certificate, select all tasks, then Export
Export the certificate as a DER .cer file.
Now copy the exported .cer certificate to your Server App/Certificates and import it into the Pending Certificate.
Once that's done also add the .cer certificate to your keychain.
Remember to replace the expiring certificate if applicable
LJSAfter loading the new certificates into the OS X Server box, the client devices will have to use the Profile Manager User Portal to load the updates.
Here is the Apple documentation on updating the Profile Manager certificate (HT5358), though you may well have found that document already.
Unfortunately, the users have to navigate to the portal for that, or you'll have to manage a short-notice device swap. (If it were even possible here, I'm not sure I'd want folks loading new certs via email, either...)
If the existing Profile Manager solution doesn't meet your particular needs, then there are alternative MDM solutions around from other vendors, and that are also compatible with the OS X Server and iOS provisioning mechanisms.
{FWIW, this is a user forum and the folks from Apple may or may not see your report. If you have acccess to it, the Apple bugreport tool is a common way to log an enhancement request that the folks from Apple will see.} -
GetAuthenticationInfo error publishing after adding new code signing certificate
I updated the certificate in the publishing wizard to use a new certificate (from GoDaddy) for my desktop app.
I checked "Specify a certificate" and selected my code signing PFX. I clicked "View Certificate" and the correct info came up.
The app built and seemed to publish okay.
Now when I publish my desktop app I just get a white screen.
I used Fiddler to get this info that is generated when trying to start the app:
Error in '/' Application
The resource cannot be found.
The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested URL: /client/Web/Microsoft-LightSwitch-Security-ServerGenerated-Implementation-AuthenticationService.svc/binary/GetAuthenticationInfo
Any ideas would be greatly appreciated.
Thanks,
MarkError in '/' Application
The resource cannot be found.
The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested URL: /client/Web/Microsoft-LightSwitch-Security-ServerGenerated-Implementation-AuthenticationService.svc/binary/GetAuthenticationInfo
Hi Mark,
A signed XAP file is required for an application that is hosted on Microsoft Azure. Please check whether you add your certificate properly.
You can add a certificate from the certificate store on your computer or from a network location that the network administrator provides.
To add a certificate
1.In the LightSwitch Publish Application Wizard, go to the
Security Settings page, choose the Digital Signature tab, and then choose
Browse.
2.In the Select File dialog box, browse to the location of the certificate that you want to use, and then choose the
Open button.
Basic information about the certificate appears. You can choose the View Certificate button to display more information about the certificate.
Best regards,
Angie
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
How to use Java code signing certificate in oracle 11i
Hello,
I am try to configure java code signing certificate in 11.5.10.2 application. we got java sign certificate from verisgin. SA's imported the certificate and created alias XXX_XXX with password and passphrase.
I am able to see the my certificate. keytool -list -v -keystore xxx_xxxx.jks -storepass Password.
how do I use it. I am using Enhance Jar Signing for EBS DOC ID 1591073.1.
could you please give me some advice on it?
Thanks
PrinceHussien,
I find out apps keystore keypassword and storepassword, I imported the java code sign certificate. I generated Jar files through adadmin, but I am getting warning error
adogif() unable to generate Jar Filers under JAVA_TOP.
executing /usr/jdk/jdk1.6.0_45/bin/java sun.security.tools.JarSigner keysotre **** -sigfile CUST Signer /apps/......
Error JarSigner subcommand Exited With status 1.
No standard output from jarsigner JarSigner error output: Exception in thread "main" java.lang.NoClassDefFoundError: sun/security/tools/JarSigner Caused by: java.lang.ClassNotFoundException: sun.security.tools.JarSigner at java.net.URLClassLoader$1.run(URLClassLoader.java:202) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:190) at java.lang.ClassLoader.loadClass(ClassLoader.java:306) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301) at java.lang.ClassLoader.loadClass(ClassLoader.java:247) Could not find the main class: sun.security.tools.JarSigner. Program will exit. WARNING: The following path(s), defined in /apps2/property/product/tst/appl/cz/11.5.0/java/make/czjar.dep as elements of the output: oracle/apps/cz/runtime/tag WARNING: Copying cztag.lst from the old fndlist.jar ... About to Analyze flmkbn.jar : Fri Nov 22 2013 10:45:51
Please let me know if you have any idea. Thanks Prince -
Adobe AIR 3 Performance Issues and Code Signing Certificate Problem
I recently updated to Adobe AIR 3.0 SDK (and runtime) doing HTML/Javascript development using Dreamweaver CS5.5 in a Windows 7 Home Premium (64 bit).
The AIR app I'm developing runs well from within Dreamweaver. But when I create/package the AIR app and install it on my machine:
1. The app literally CRAWLS running it in my Windows 7 12G RAM machine (especially when I use the mouse to mouse over a 19-by-21 set of hyperlinks on a grid) --- IT IS THAT SLOOOOWWWW...
2. The app runs fine in my Mac OS X 10.6.8 with 4G RAM, also using the Adobe AIR 3 runtime.
About the Code Signing Certificate problem:
When I try to package the AIR app with ADT using AIR's temporary certificate feature, I get the error message "Could not generate timestamp: handshake alert: unrecognized_name".
I found some discussions on this problem in an Adobe AIR Google Groups forum, but no one has yet offered any resolution to the issue. Someone said Adobe is using the Geotrust timestamping service --- located at https://timestamp.geotrust.com/tsa --- but going to this page produces a "404 --- Page not found" error.
The Google Groups Adobe AIR page is here:
http://groups.google.com/group/air-tight/browse_thread/thread/17cd38d71a385587
Any ideas about these issues?
Thanks!
OscarI recently updated to Adobe AIR 3.0 SDK (and runtime) doing HTML/Javascript development using Dreamweaver CS5.5 in a Windows 7 Home Premium (64 bit).
The AIR app I'm developing runs well from within Dreamweaver. But when I create/package the AIR app and install it on my machine:
1. The app literally CRAWLS running it in my Windows 7 12G RAM machine (especially when I use the mouse to mouse over a 19-by-21 set of hyperlinks on a grid) --- IT IS THAT SLOOOOWWWW...
2. The app runs fine in my Mac OS X 10.6.8 with 4G RAM, also using the Adobe AIR 3 runtime.
About the Code Signing Certificate problem:
When I try to package the AIR app with ADT using AIR's temporary certificate feature, I get the error message "Could not generate timestamp: handshake alert: unrecognized_name".
I found some discussions on this problem in an Adobe AIR Google Groups forum, but no one has yet offered any resolution to the issue. Someone said Adobe is using the Geotrust timestamping service --- located at https://timestamp.geotrust.com/tsa --- but going to this page produces a "404 --- Page not found" error.
The Google Groups Adobe AIR page is here:
http://groups.google.com/group/air-tight/browse_thread/thread/17cd38d71a385587
Any ideas about these issues?
Thanks!
Oscar -
Dear all,
This is a real issue in working. Our company provides office 365 mailbox and its lync for users.
Recently, many users meet such issue of " There was a problem acquiring a personal certificate required to sign in."
The lync version is 2010 and even I removed lync2010 cache for user's profile, that user still can't login lync.
See below picture.
Please give help and show advice.
Franklin hongHi,
The issue may be caused by that the user’s security credentials were corrupted or an RSA folder on the user’s computer may be blocking authentication.
Here is a similar case may help you:
http://community.office365.com/en-us/f/166/t/80399.aspx
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support
Maybe you are looking for
-
For home sharing do you have to use one apple ID? Im trying to make my own new account for all my devices (iphone, ipad, mac) , but i still want the music from my dads account.
-
How to set File Encoding to UTF-8 On Save action in JDeveloper 11G R2?
Hello, I am facing issue when I am modifying a File using JDeveloper 11G R2. JDeveloper is changing the Encoding of the File to System default Encoding (ANSI) instead of UTF-8. I have updated the Encoding to UTF-8 in "Tools | Preferences | Environmen
-
Why am i not able to find iPad documents in the iCloud on my imac
I believe that I have documents that are saved to the iCloud and then switched to the iCloud drive but I am unable to view those documents on the iCloud online or on my iMac. Why can i not find the documents.
-
I use a ticket sales site on safari that when you've finished a sale opens the ticket in pdf format. This used to work fine but recently the ticket is not being recognised as a pdf and instead the ticket is not selectable to save or use with other a
-
Rebooting from Mac OS 10.4.11 into Mac OS 9 results a "?" on a disc.
I normally use Mac OS 10.4.11. I wanted to boot up in Mac OS 9. Using the System Preferences pane "Startup DisK", I selected Mac OS 9.2.2 and clicked "restart". A message window opened and asked "are you sure you want to restart the computer?" I clic