GetAuthenticationInfo error publishing after adding new code signing certificate

I updated the certificate in the publishing wizard to use a new certificate (from GoDaddy) for my desktop app.
I checked "Specify a certificate" and selected my code signing PFX.  I clicked "View Certificate" and the correct info came up.
The app built and seemed to publish okay.
Now when I publish my desktop app I just get a white screen.
I used Fiddler to get this info that is generated when trying to start the app:
Error in '/' Application
The resource cannot be found.
The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested URL: /client/Web/Microsoft-LightSwitch-Security-ServerGenerated-Implementation-AuthenticationService.svc/binary/GetAuthenticationInfo
Any ideas would be greatly appreciated.
Thanks,
Mark

Error in '/' Application
The resource cannot be found.
The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested URL: /client/Web/Microsoft-LightSwitch-Security-ServerGenerated-Implementation-AuthenticationService.svc/binary/GetAuthenticationInfo
Hi Mark,
A signed XAP file is required for an application that is hosted on Microsoft Azure. Please check whether you add your certificate properly.
You can add a certificate from the certificate store on your computer or from a network location that the network administrator provides.
To add a certificate
1.In the LightSwitch Publish Application Wizard, go to the
Security Settings page, choose the Digital Signature tab, and then choose
Browse.
2.In the Select File dialog box, browse to the location of the certificate that you want to use, and then choose the
Open button.
Basic information about the certificate appears. You can choose the View Certificate button to display more information about the certificate.
Best regards,
Angie
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey.

Similar Messages

  • Java security error after 8u31 (Timestamped Jarsigned Applet within valid period of Code Signing certificate)

    Hello,
      I have an applet running in embeddad systems. This program runs without any problem since 8u31 update! After this update it starts to give java security warning and stops running.
    Here is the warning message:
      "Your security settings have blocked an application signed with an expired or not-yet-valid certificate from running"
    What it says is true; my Code Signing Certificate (CSC) is valid between 24 Jan 2014 and 25 Jan 2015. And it expired! However, while i was signing my applet with this certificate i used "timestamp". The authority i choosed was DigiCert. My signing date was 26 Jan 2014 (when my CSC was valid).
    When i started to have this Java Security Error, first i thought i mis-timestamped my code, and check by using the jarsigner -verify command. Here is a partial result:
    s      19607 Mon Jan 27 13:17:34 EET 2014 META-INF/MANIFEST.MF
          [entry was signed on 27.01.2014 13:19]
          X.509, CN=TELESIS TELECOMMUNICATION SYSTEMS, OU=ARGE, O=TELESIS TELECOMMUNICATION SYSTEMS, STREET=TURGUT OZAL BLV.NO:68, L=ANKARA, ST=ANKARA, OID.2.5.4.17=06060, C=TR
          [certificate is valid from 24.01.2014 02:00 to 25.01.2015 01:59]
          X.509, CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
          [certificate is valid from 24.08.2011 03:00 to 30.05.2020 13:48]
          X.509, CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
          [certificate is valid from 07.06.2005 11:09 to 30.05.2020 13:48]
          X.509, CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
          [certificate is valid from 30.05.2000 13:48 to 30.05.2020 13:48]
    sm       495 Thu Jan 23 14:55:22 EET 2014 telesis/WebPhone$1.class
    As you may see the timestamp was correctly done. And it is in the valid period of CSC.
    Than i started to check how Java confirms the Certificate, and found some flowcharts.
    Here is an example from DigiCert:
    Code Signature Verification Process
    After the Web browser downloads the Applet or Web Start application, it checks for a timestamp, authenticates the publisher and Certificate Authority (CA), and checks to see if the code has been altered/corrupted.
    The timestamp is used to identify the validation period for the code signature. If a timestamp is discovered, then the code signature is valid until the end of time, as long as the code remains unchanged. If a timestamp is not discovered, then the code signature is valid as long as the code remains unchanged but only until the Code Signing Certificate expires. The signature is used to authenticate the publisher and the CA, and as long as the publisher (author or developer) has not been blacklisted, the code signature is valid. Finally, the code is checked to make sure that it has not been changed or corrupted.
    If the timestamp (or Code Signature Certificate expiration date) is verified, the signature is validated, and the code is unchanged, then the Web browser admits the Applet or Web Start application. If any of these items do not check out, then the Web browser acts accordingly, with actions dependent on its level of security.
    So according to this scheme, my applet had to work properly, and without security warning.
    However i also found that from Oracle, which also includes the timestamping authorities Certification validity period??? :
    The optional timestamping provides a notary-like capability of identifying
    when the signature was applied.
        If a certificate passes its natural expiration date without revocation,
    trust is extended for the length of the timestamp.
        Timestamps are not considered for certificates that have been revoked,
    as the actual date of compromise could have been before the timestamp
    occurred.
    source:  https://blogs.oracle.com/java-platform-group/entry/signing_code_for_the_long
    So, could anyone please explain why Java gives security error when someone tries to reach that applet?
    Here is a link of applet: http://85.105.68.11/home.asp?dd_056
    I know the situation seems a bit complicated, but i tried to explain as simple as i can.
    waiting for your help,
    regards,
    Anıl

    Hello,
      I have an applet running in embeddad systems. This program runs without any problem since 8u31 update! After this update it starts to give java security warning and stops running.
    Here is the warning message:
      "Your security settings have blocked an application signed with an expired or not-yet-valid certificate from running"
    What it says is true; my Code Signing Certificate (CSC) is valid between 24 Jan 2014 and 25 Jan 2015. And it expired! However, while i was signing my applet with this certificate i used "timestamp". The authority i choosed was DigiCert. My signing date was 26 Jan 2014 (when my CSC was valid).
    When i started to have this Java Security Error, first i thought i mis-timestamped my code, and check by using the jarsigner -verify command. Here is a partial result:
    s      19607 Mon Jan 27 13:17:34 EET 2014 META-INF/MANIFEST.MF
          [entry was signed on 27.01.2014 13:19]
          X.509, CN=TELESIS TELECOMMUNICATION SYSTEMS, OU=ARGE, O=TELESIS TELECOMMUNICATION SYSTEMS, STREET=TURGUT OZAL BLV.NO:68, L=ANKARA, ST=ANKARA, OID.2.5.4.17=06060, C=TR
          [certificate is valid from 24.01.2014 02:00 to 25.01.2015 01:59]
          X.509, CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
          [certificate is valid from 24.08.2011 03:00 to 30.05.2020 13:48]
          X.509, CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
          [certificate is valid from 07.06.2005 11:09 to 30.05.2020 13:48]
          X.509, CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
          [certificate is valid from 30.05.2000 13:48 to 30.05.2020 13:48]
    sm       495 Thu Jan 23 14:55:22 EET 2014 telesis/WebPhone$1.class
    As you may see the timestamp was correctly done. And it is in the valid period of CSC.
    Than i started to check how Java confirms the Certificate, and found some flowcharts.
    Here is an example from DigiCert:
    Code Signature Verification Process
    After the Web browser downloads the Applet or Web Start application, it checks for a timestamp, authenticates the publisher and Certificate Authority (CA), and checks to see if the code has been altered/corrupted.
    The timestamp is used to identify the validation period for the code signature. If a timestamp is discovered, then the code signature is valid until the end of time, as long as the code remains unchanged. If a timestamp is not discovered, then the code signature is valid as long as the code remains unchanged but only until the Code Signing Certificate expires. The signature is used to authenticate the publisher and the CA, and as long as the publisher (author or developer) has not been blacklisted, the code signature is valid. Finally, the code is checked to make sure that it has not been changed or corrupted.
    If the timestamp (or Code Signature Certificate expiration date) is verified, the signature is validated, and the code is unchanged, then the Web browser admits the Applet or Web Start application. If any of these items do not check out, then the Web browser acts accordingly, with actions dependent on its level of security.
    So according to this scheme, my applet had to work properly, and without security warning.
    However i also found that from Oracle, which also includes the timestamping authorities Certification validity period??? :
    The optional timestamping provides a notary-like capability of identifying
    when the signature was applied.
        If a certificate passes its natural expiration date without revocation,
    trust is extended for the length of the timestamp.
        Timestamps are not considered for certificates that have been revoked,
    as the actual date of compromise could have been before the timestamp
    occurred.
    source:  https://blogs.oracle.com/java-platform-group/entry/signing_code_for_the_long
    So, could anyone please explain why Java gives security error when someone tries to reach that applet?
    Here is a link of applet: http://85.105.68.11/home.asp?dd_056
    I know the situation seems a bit complicated, but i tried to explain as simple as i can.
    waiting for your help,
    regards,
    Anıl

  • This sign appeared in my account: "Your payment method was declined. Update your biiling info'. After adding new information about my others cards I see the same sign. Can't understand what the problem is and what should I do. Need help!!!

    This sign appeared in my account: "Your payment method was declined. Update your biiling info'. After adding new information about my others cards I see the same sign. Can't understand what the problem is and what should I do. Everything used to be good before.
    Do anyone know what I supposed to do in that situation?
    Really need help!
    Thanks in advance.

    Contact iTunes Customer Service and request assistance
    Use this Link  >  Apple  Support  iTunes Store  Contact

  • What code signing certificate has to be added for Adobe Air Native Installer?

    Hi,
    I'm developing Adobe Air application. I need to digitally verify the application to add the publisher's name with the product. I did a little research and came to know that Symantec, Thawte, Comodo, Comodo-Tucows, Digicert, Godaddy and couple of others are doing this.
    Yes. I'm talking about the Code Signing Certificate. My question is, What code signing certificate has to be added for Adobe Air Native Installer? The reason is, The native installer will have an extension .exe ( Windows ) and .dmg ( MAC OS X ).
    These guys are providing certificate for Adobe Air. For instance, If the application is exported using Native Installer in Windows, The application will have an .exe extension. For this, Can I use the same Adobe Air code signing certificate or Should I go for Microsoft Autheticode ( for .exe ) certificate?
    Thanks in advance.

    I think comodo code signing certificate is one of the nice option to be added for Adobe Air, as i have seen comodo code signing certificate in other adobe programs. Recently i bought comodo code signing from https://cheapsslsecurity.com/comodo/codesigningcertificate.html, to sign one of my adobe application and it works fine, you can use microsoft authenticode technology with comodo code signing.

  • "Invalid Provisioning Profile. The provisioning profile included in the bundle {BUNDLENAME} [{BUNDLENAME}.app] is invalid. [Missing code-signing certificate.]" for brand new, vanilla Mac App

    In OS X Maverick's XCode, I created a brand new Mac > "Cocoa Application", with Core Data and Spotlight Importerl; about as vanilla a Cocoa application I could muster. 
    Under Preferences > Accounts, I signed in to my Mac Developer Account.
    In Targets > Identity, I set Signing to "Mac App Store", and was able to select my Mac Developer Account for "Team".
    I then went to Product > Clean, and then Product > Build for... > Running, and then Produt > Archive.
    In the Organizer, I select the resulting .app and click "Validate", and hit the Mac App Store radio, and hit "Next", and it's able to log into my Mac Developer Account.
    I select my Provisioning Profile in the dropdown, and click "Validate".
    It comes back with several errors:
    1 - "Invalid Provisioning Profile. The provisioning profile included in the bundle {BUNDLENAME} [{BUNDLENAME}.app] is invalid. [Missing code-signing certificate.] For more information, visit the Mac OS Developer Portal."
    2 - "The bundle identifier cannot be changed from the current value, '{DIFFERENT-BUNDLE-FROM-OTHER-PROJECT}'.  If you want to change your bundle identifier, you will need to create a new application in iTunes Connect.
    3 - Invalid Code Signing Entitlements.  The entitlements in your app bundle signature do not match the ones that are contained in the provision profile.  The bundle contains a key that is not included in the provisioning profile: 'com.apple.applications-identifier' in '{BUNDLENAME}.app/Contents/MacOS/{BUNDLENAME}'
    I was able to do the same process before, for a vanilla app, before Mavericks.  I'm not sure if this is a Mavericks error, or a fact that now I have multiple app projects.  Particularly odd is that DIFFERENT-BUNDLE-FROM-OTHER-PROJECT in error (2) is not the same bundle name as the current project's bundle.
    Would love any help you can provide!  Thank you!

    Seen this thread?
    New codesign behavior, --deep option 
    "Code signing has some interesting changes in Mavericks (that apparently haven't made it into the release notes yet...). Note that this is a change to the operating system, not to the devtools."

  • Sorry, something went wrong --- I got an error message after a new webapp was built and a new site collection was created

    Sorry, something went wrong --- I got an error message after a new webapp was built and a new site collection was created.
    This in SharePoint 2013 Farm.
    What should I do?
    1- I did a DisableLoopBack and set the value to "1".
    For hostname do I have to do : 111.111.111.111 (sample) and serversp2013?
    P.S. I fixed this issue once, long time ago and I forgot how it ... be done.

    Hi,
    For troubleshooting your issue, please take steps as below:
    1.Go to IIS, make sure the web application is actived.
    2.Go to IIS -> Applicaiton Pools, make sure the application pool related to your web application is started.
    Reference:
    http://support.microsoft.com/en-us/kb/926642/en-us
    http://www.techrepublic.com/forums/questions/cannot-browse-created-web-application-site-in-sharepoint-services-30/
    Best Regards,
    Eric
    TechNet Community Support
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
    [email protected]

  • Errors processing after adding Computed Column to Time.

    Errors in the high-level relational engine. The 'Time' table is based on a named query, and contains one or more computed columns. A table based on a named query cannot contain computed columns. If the computed columns are necessary, add them to the query
    expression.
    Help me, pls! Thanks!

    Hi CUONGNV0207,
    According to your description, you get this error when processing cube. Right?
    As the error message mentioned, a table based on a named query cannot contain computed columns. If you create a computed column in this table, it will throw this error. In this scenario, please go to the DSV and check if that table is set up with named query.
    You can replace it with a DimTable in your database.
    Reference:
    cryptic error when processing cube
    Errors processing after adding Computed
    Column to Time
    If you have any question, please feel free to ask.
    Simon Hou
    TechNet Community Support

  • EDIT method doesn't work after adding new row

    I would like to start editing after adding new row into TableView.
    I copied example from Oracle website: [Using JavaFX UI Controls - 13 Table View|http://docs.oracle.com/javafx/2/ui_controls/table-view.htm#CJAGDAHE]. Then I put additional button for adding new row and define action for the button.
        final Button addButton = new Button("Add");
        addButton.setOnAction(new EventHandler<ActionEvent>() {
            @Override
            public void handle(ActionEvent arg0) {
                Person p = new Person("", "", "");
                table.getItems().add(p);               
                table.getSelectionModel().select(p);
                table.edit(table.getSelectionModel().getSelectedIndex(), table.getColumns().get(2));
        });In result I can see selected new row but the table doesn't start edditing in the third column.
    I have similar method for editing existing rows and it works properly.
        final Button editButton = new Button("Edit");
        editButton.setOnAction(new EventHandler<ActionEvent>() {
            @Override
            public void handle(ActionEvent arg0) {
                table.edit(table.getSelectionModel().getSelectedIndex(), table.getColumns().get(2));
        });Could you help me what I do wrong?

    Try wrapping the setCaretPosition(...) method in a SwingUtilities.invokeLater(...)
    caret=outputArea.getDocument().getText(0,outputArea.getDocument().getLength()).length();Should be:
    caret = outputArea.getDocument().getLength();

  • The name ("common name") of a valid code-signing certificate in a keychain within your keychain path.   A missing or invalid certificate will cause a build error.  [CODE_SIGN_IDENTITY]

    The name ("common name") of a valid code-signing certificate in a keychain within your keychain path.   A missing or invalid certificate will cause a build error.  [CODE_SIGN_IDENTITY]

    If you could ask a coherent question, maybe...
    Perhaps you should be posting in the developers forums...

  • NSUserDefaults stopped working after installing code sign certificates (?)

    The following code has worked fine in the iPhone simulator.
    NSUserDefaults *userDefaults = [NSUserDefaults standardUserDefaults];
    myFloat = [userDefaults floatForKey:@"myFloat"];
    myString = [userDefaults stringForKey:@"myString"];
    Today I installed the code signing certificates and all the updates necessary to deploy my code to a device. That part works fine, and I'm able to install and run my apps on the iPhone device.
    The problem is that the above code has stopped working. myFloat is now always 0.0 and myString is now always nil. If I go into the Settings app, my preferences UI is still there and I can change and persist the preference values. But my app no longer sees those values.
    I'm assuming this broke because of the changes related to code signing and device deployment, but I'm not sure since there is no way (?) to roll back those changes.
    Has anyone else encountered this problem?
    Thanks,
    Nick

    I have the same issue with SDK Beta 7, I can't get my preferences to persist (although in my case I'm not using the Settings app to alter settings). This is what I am doing:
    +(void) initialize
    NSUserDefaults *defaults = [NSUserDefaults standardUserDefaults];
    NSDictionary *appDefaults = [NSDictionary dictionaryWithObject:@"YES" forKey:@"SomeValue"];
    [defaults registerDefaults:appDefaults];
    in initwithFrame:
    if ([[NSUserDefaults standardUserDefaults] boolForKey:@"SomeValue"]) {
    [[NSUserDefaults standardUserDefaults] setObject:@"NO" forKey:@"SomeValue"];
    } else {
    [[NSUserDefaults standardUserDefaults] setObject:@"YES" forKey:@"SomeValue"];
    and I synchronize in applicationWillTerminate. Settings just don't persist.

  • A PKI Code Signing Certificate question.

    Hello,
    Can someone please help me with the following question.
    I have created and used a code Signing certificate from our Microsoft Enterprise CA before which works OK, but I am not sure I did it correctly, and have a few related questions please.
    what I did.
    1: Logged on the CA directly, went to the CertSvc web site, requested a code signing cert, issued it and exported it along with the private key.
    2: Imported the above certificate into CurrentUser/My store on PC and used it to sign code
    3: Took the came certificate (along with the private key, and this is where perhaps I made at least one mistake) and imported it into the 'Trusted Publishers' store the PC that will be running the signed code. This step was done so the user does not receive
    a message asking if they want to run the code signed by "AAnotherUser" as it were, as although the code is signed by a trusted CA, the user still gets this warning message as the 'Publisher' is not in the 'Trusted Publishers' list. Therefore the
    way I sorted this at the time was to take the whole certificate as above and import to this store.
    The first mistake I made (as far as I can see as I am new to this area) I think I should have not imported the certificate 'along with its private key' into the trusted publishers store? in other words should I have imported the certificate 'minus its
    private key' into the trusted publishers store?
    Also, I understand you have to have the certificate along with is private key to sign code. I am 'assuming' a Hash of the code is taken and this is signed (encrypted) with the private key (in the same way a CA signs a CSR for a WEBServer cert for example),
    is that correct i.e. is that what it mean to sign code?
    if the above is correct then I assume you only need the 'public' key of the code signed cert in the 'Trusted Publishers Store' to verify the code was signed by a trusted CA and it has not been altered e.g. the Hash code still computes to the same value.
    Is this correct?
    My next question is regarding the private key. As I need to 'Login' to AD in order to request a code signing cert, can the 'private key' not be stored securely in AD along with my AD User account?
    if the above is possible (which would make good sense to me I think) then I do not have to worry about looking after the safety of the private key as the system 'AD' can do this for me. It would also mean which every computer I logon to in the domain I would
    have access to the private key (but no other user) and therefore be able to sign code I assume. Does this last paragraph make sense can this be done/is this done?
    Basically I need to understand the above, in order to understand more about Crypto.
    I also need create a code signing cert for a 'department' of about 10 people. Therefore I was thinking about creating and AD account called 'XYZCorpCodeSigning' or what ever, and issuing a code singing cert to this entity. If the private key could be stored
    in AD then accessed used once signed in as this account (these 10 people would need to know the password for the account) this would make life easier/more secure, I think.
    I know there are several question above, but it would be great it they would be answered as I would help me understand more about how it all works and to solve a problem too
    Thanks very much
    AAnotherUser__
    AAnotherUser__

    > The first mistake I made (as far as I can see as I am new to this area) I think I should have not imported the certificate 'along with its private key' into the trusted publishers store
    yes, it is not correct. Only public part should be imported to a Trusted Publishers container.
    >  is that correct i.e. is that what it mean to sign code
    exactly. Encryption with private key and decrypting with public key is called "digital signature".
    > if the above is correct then I assume you only need the 'public' key of the code signed cert in the 'Trusted Publishers Store' to verify the code was signed by a trusted CA and it has not been altered e.g. the Hash code still computes to the same
    value. Is this correct?
    yes. Client uses only public part of the certificate to validate the signature.
    > As I need to 'Login' to AD in order to request a code signing cert, can the 'private key' not be stored securely in AD along with my AD User account?
    normally code signing certificates are not stored in Active Directory and should not be there, because signing certificate is included in the signature field.
    > I do not have to worry about looking after the safety of the private key as the system 'AD' can do this for me.
    this is wrong assumption. A user is responsible to protect signing private key from unauthorized use.
    > If the private key could be stored in AD then accessed used once signed in as this account (these 10 people would need to know the password for the account) this would make life easier/more secure
    wouldn't, because if something happens -- you will never know who compromised the key.
    as a general practice, we recommend to purchase at least few smart cards to store signing keys. Depending on a particular code development practice, there might be a dedicated employee (for example, manager of devs) who the only has access to a smart card
    (and PIN) and signs the code upon dev request. Or issue a dedicated smart card with unique signing certificate to each developer. However this will add a complexity in signing certificate trust management.
    My weblog: en-us.sysadmins.lv
    PowerShell PKI Module: pspki.codeplex.com
    PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
    Check out new: SSL Certificate Verifier
    Check out new:
    PowerShell FCIV tool.

  • Error MSB3323: Unable to find manifest signing certificate in the certificate store.

    Problems began when I received the MSDN Final VS 2005 v8.0.50727.42 and uninstalled the RC build which I had worked with without issue and replaced it with the previously mentioned.
    After four or so installs/uninstalls I got past the Invalid license data. Reinstall is required. http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=162712&SiteID=1
    I have tested C++ project builds for managed and unmanaged code and both work without a problem. My C# projects however fail to build, the error I get is:
    ------ Rebuild All started: Project: D And P, Configuration: Release Any CPU ------
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Common.targets(1718,7): error MSB3323: Unable to find manifest signing certificate in the certificate store.
    Done building project "D And P.csproj" -- FAILED.
    ========== Rebuild All: 0 succeeded, 1 failed, 0 skipped ==========
    If anyone has any idea of what a next step is please let me know.

    I got the same problem but I was tring to strong name my application.  I was able to solve the problem by opening the XXX.csproj file in a text editor (notepad.exe) and remove the following tags from the XML.
    <ManifestCertificateThumbprint>...</ManifestCertificateThumbprint>
    <ManifestKeyFile>...</ManifestKeyFile>
    <GenerateManifests>...</GenerateManifests>
    <SignManifests>...</SignManifests>
    It seem that someone (another member of my team) was playing with the OneClick stuff, but didn't check in the strong name key files he used.  But did check in the project file.
    Then when I created the new strong name key file and signed the EXE, something was out-of-sync with the above tags in the probject file and the new key file.
    Removing these tags may be a bad thing (someone from MS will need to comment) but it worked for me.

  • Differences between SSL and Code-Signing Certificates

    Hello,
    I unsuccessfully tried to use a SSL - certificate for signing an applet (converting from X.509 to PKCS12 prior to signing) and learned, that SSL certificates and code-signing certificates are different things (after seeking the web for ours). Can somebody point out some source of information about this topic ? What are these differences ? Can I convert my SSL certificate into a code-signing certificate ?
    Things got even more confusing for me, since my first attempt with an wrongly converted SSL cetificate (I used my public and private key for conversion only, omitting the complete chain) at least worked partly: the certificate was accepted, but marked as coming from some untrustworthy organisation. After making a correct conversion (with the complete chain) the java plugin rejected the certificate completely ...
    Ulf

    yep, looks like it.
    keytool can be used with v3 x509 stores:
    Using keytool, it is possible to display, import, and export X.509 v1, v2, and v3 certificates stored as files, and to generate new self-signed v1 certificates. For examples, see the "EXAMPLES" section of the keytool documentation ( for Solaris ) ( for Windows ).
    jarsigner needs a keystore so I would assume public and private key pair.
    you could list the keys from your store:
    C:\temp>keytool -list -keystore serverkeys.key
    Enter keystore password: storepass
    Keystore type: jks
    Keystore provider: SUN
    Your keystore contains 2 entries
    client, Jul 5, 2005, trustedCertEntry,
    Certificate fingerprint (MD5): 13:50:77:64:94:36:2E:18:00:4B:90:65:D0:26:22:C8
    server, Jul 5, 2005, keyEntry,
    Certificate fingerprint (MD5): 20:90:49:6F:46:BA:AB:11:75:39:9F:6F:29:1F:AB:58
    The server is the private key, this can be used with jarsigner (alias option).
    C:\temp>jarsigner -keystore serverkeys.key -storepass storepass -keypass keypass
    -signedjar sTest.jar test.jar client
    jarsigner: Certificate chain not found for: client. client must reference a val
    id KeyStore key entry containing a private key and corresponding public key cert
    ificate chain.
    C:\temp>jarsigner -keystore serverkeys.key -storepass storepass -keypass keypass
    -signedjar sTest.jar test.jar server

  • Code Signing certificate expired

    Hello,
    I please need an information about SGDEE 4.1 login applet: it seems
    applet code signing certificate was expired on September 2, 2005.
    I have no problem (after I deleted all expired root certificates from
    local client repository) with Internet Explorer 6SP1, but Mozilla Firefox
    always prompt me a warning with this contents:
    Serial:     
    [62374265099632433790334794162326322759]
    Issuer:
    N=VeriSign Class 3 Code Signing 2001 CA,
    OU=Terms of use at https://www.verisign.com/rpa (c)01,
    OU=VeriSign Trust Network,
    O="VeriSign, Inc."
    Valid From: Wed Sep 01 02:00:00 CEST 2004,
    To: Fri Sep 02 01:59:59 CEST 2005
    Subject:
    CN="Tarantella, Inc.",
    OU=Digital ID Class 3 - Netscape Object Signing,
    O="Tarantella, Inc.",
    L=Santa Cruz,
    ST=California,
    C=US
    Thank you very much in advance,
    Best Regards,
    Valerio Morozzo

    I know this is an older post, but it helped me find out how to make the migration procedure for native installer. I tried it with self signed certificate created by ADT tool and everything went fine.
    But now, we obtained a commercial AIR signing certificate from Thawte and the process failes in step 3) ADT saying
    'Certificate in PATH_TO_P12 could not be used to sign setup.msi' on Windows.
    On mac, it says that signing native installer on OSX is not supported, so I skipped the signing option in step 3) and it worked fine.
    I can skip the signing option on Windows as well and the process succeeds, but running the installer on machines with previous versions of application results in "Installer mis-configured' error message - the same error as if the migration process was not applied.
    I already contacted Thawte if it is a certificate issue, reply from them was 'AIR certificate can only sign .air applications'. But when I build a native application directly from FlashBuilder and sign it with the Thawte certificate the whole process seem to succeed. The application can be installed on machines without previous version of the application. Those who already have the older version get the 'Installer mis-configured' error message.
    I want to mark out again, that the same process but with a self signed certificate created with ADT, is successfull and the application can be installer as an update on machines with older version of the app. So I assume the workflow is correct.
    Any ideas? Or somebody having the same issue?
    Thanks

  • Using code signing certificate results in classnotfoundexception

    We are running a certificate authority on windows 2012. Our programming section developed a java application on linux and wanted to code sign it. They created a csr and sent it to me. I created a duplicate of the built in code signing template and used it
    to create a code signing certificate, which I sent back to the programmer. He used the certificate to sign the application jar file, and everything seemed ok. But when we try running the application we get a 'classnotfoundexception' for the main class of the
    program. Just to be sure it was not a fluke I wrote a small test applet and went through the same procedure of creating a csr, creating the certificate, and code signing the jar file, and ended up getting the same exact error.
    The programmer tried creating a self signed certificate on linux and using that to code sign the jar file, and the program runs successfully. Of course there is a warning that the certificate is untrusted, which is why we ant to use the windows created certificate
    to sign the application since the root certificate in on everyone's computer.
    Is there anything special needed to be done to get  the windows created certificate to successfully sign a java application?

    Hi David, did you ever get it to work signing the applet with an Active Directory Certificate Services certificate?
    We are exeperiencing the same issue.  The odd thing is that after we get the ClassNotFoundException error, we click on the error and then click reload and then it loads fine.  At this point we are probably going to try purchasing a certificate
    to see if ADCS was the problem.  Curious to see if you had any luck.  Thanks.

Maybe you are looking for

  • How do I add a close command to multiscreen layouts?

    I need to add a close command multiscreen HTML5 screen layouts that will work on multiple platforms and browsers. I have 3 screen layouts defined: Desktop, Tablet, Mobile. These are called by a responsive design web application and display based on t

  • How to best display/update images in gallery??

    I'm designing a site for my photography but I'm stuck. I'm new to this and trying to learn, so I'll try to explain clearly. Usually I have problems with things that sound like they should be really simple but end up with unbelievably complex answers,

  • Questions in relation to iPod nano

    Hi, I have a few questions in relation the 5th generation iPod nano and I was hoping to find answers to them here. *Voice Memo* 1. Are there any limitations imposed on the nano's voice memo functionality? For instance, does the nano record up to a pr

  • Test questions for cerfitication on SBO2007

    Hi all, i am a sbo consultant and have about 2 years experience.  I am currently studying the E-learning curriculum with view to the get the certification as a SBO 2007 implementation consultant.  There are some self-test questions available with the

  • D.click on dist/ name .jar is not working, why?

    Hi, After the project was build, i enter the project folder to run the jar in the dist/<name>.jar it doesn't work, therefore i can't run my html applet, please help, i am using : netbeans 5.5.