IOS code signing fails only on AIR 3.4+

Similar Messages

• Code-signing Certificate Renew issue

  We recently renewed our Verisign code-signing certificate, only to discover that it breaks the auto-update process with the notorious error "This application cannot be installed because this installer has been mis-configured." We were able to make it work by using the ADT -migrate command. That is all well and wonderful. But there are two issues I see. First, there is a 180 day cut-off, beyond which users can no longer be updated. Then, when our certificate gets renewed again next year we might be stuck in a situation where we have to choose which users get to be updated and which are orphaned and are forced to uninstall/re-install.
  Furthermore, how much of this pain we have to live with becomes a function of how long a certificate we are willing to pay for. If we're a small company forking out the money for a 3 year certificate might be kind of painful. Why should this be a factor? Why is it not straight-forward to renew the same certificate and have installations back to the beginning of time be alright with it?
  It could be there is something about the renewal process that is not right. However, when I renewed my Verisign cert their process pretty much forced me to keep everything about the renewed cert the same as the original, otherwise it would not be a 'renewal'.
  If there is an arcane trick we are missing I would be most appreciate to know what it is. This should not be this difficult.
  Thanks
  Kevin

  Hi Kevin,
  I've asked around and learned that the process as you describe is "as designed".  However, there are stratigies for minimizing the downsides.
  For more information, please see the following documents:
  AIR 2.6 Extended Migration Signature Grace Periods
  Update Strategies for Changing Certificates
  Update Your Applications Regularly
  Code Singing in Adobe AIR
  Hope this helps,
  Chris

• Code Signing Certificate Options

  Hi Guys,
  Have just finished and Air application and need to sign it before distribution.  Anyone got any good advice on the pros and cons of the various Code Signing options for Adobe Air out there?
  Richard

  I have just created a self-signed code-signing certificate, I used XCA to generate it which is a front-end for openssl. Obviously being generated from a self-signed rootCA it is not going to be trusted by the outside world but it is good enough for an internal Profile Manager setup since the enrollment process will automatically trust your own self-signed rootCA.
  Anyway, when trying to install it I did come across a gotcha which might help you and others here. I found that if I imported the certificate in to Keychain Access e.g. by double-clicking on it, then Server.app did not list it as an available certificate for Profile Manager code-signing. However if instead I used the option in Server.app under Profile Manager to import the code-signing certificate it was accepted.
  In theory importing via Keychain Access should work as well but it did not, so if you have been doing it that way try importing via Server.app instead.
  If you have already imported it via Keychain Access just delete it from your Keychain and try again.
  With regards to the suggestion from ajm_from_WA for buying one from www.ssls.com I could not find any code-signing certificates listed on their website. These are different to ordinary website certificates.

• Flash Builder Code Signing

  Hi.
  I have question about Code Singing Certificate for Adobe Air.
  I renew Code Signing Certificate to Adobe Air program in 'Flash Builder'.
  But, In program install, popup error and not installed.
  The error message is 'The application cannot be installed due to a certificate problem.
  The certificate does not match the installed application certificate, does not support application upgrades, or is invalid.  Please contact the application author.'
  Why popup this error?
  If I want fix this error, what should I do?

  I should explain a little further to clarify.  If you have released an app to say, Google Play, but want to run an update to that app, then you'll have to use the exact Signing Certificate that you used to first compile the app.  Sometimes, developers forget the password that they used for the certificate, and think they can just issue another certificate under the same file name.  Unfortunately, it's not that easy.
  Now with that being said, you can still add another certificate to your app, and recompile it as normal....and everything will be fine again.  You just won't be able to upload that app to Google Play and "Update" the other app.  Make sense?

• Code Sign error

  I'm enrolled in the iUniversity program as a student and don't generate anything, I just download as far as I know once our Admin has everything correctly setup. In the portal I have access to:
  1. Intermediate AWDRCA Certificate
  2. iPhone Dev: My Name (Serial) Certificate
  3. Mobile Provisioning Profile
  I have downloaded and installed them (they show in Keychain).
  I receive the error:
  Code Sign error: There are no valid certificate/private key pairs in the default keychain
  When I click on Provisioning Profile in Organiser the status says "Valid signing Identity not Found".
  Suggestions?
  Regards,
  Sean.

  See
  Follow the walk-thru and links in TN 2250 ~ iOS Code Signing Setup, Process & Troubleshooting /Troubleshooting FAQ.

• Adt code sign GateKeeper rejection for OS X AIR app

  I'm having a problem getting a signed OS X AIR captive runtime bundle app to pass the GateKeeper signature smell test.
  Here are the digestible facts, in list format:
  - App is multi-platform OS X, Windows, iOS, Android, but let's just focus on OS X for now.
  - Application is a standalone captive runtime bundle app.
  - Dev machine running OS X 10.9.5 (with Xcode 6.0.1).
  - Built with AIR 15.0.0.258 Beta.
  - The certificate is a certificate from comodo.com guaranteed to work with AIR and OS X Digital Code Signing, Code Signing Certificates - COMODO
  - Tried compiling/packing with IntelliJ IDEA 14 beta and adt command line, both with same fail results.
  - Manual packaging method used: Adobe AIR * Packaging a captive runtime bundle for desktop computers
  The adt command fires without a hitch, the command asks for the p12 password, I can see the certificate authorities get pinged as the packaging progresses. The resulting app seems fine and runs well with GateKeeper disabled. However, GateKeeper does not like the resulting app. I need this app to launch flawlessly on all user's systems (that's why I bought a certificate).
  Here's the disappointing results from Terminal:
  spctl -a -t exec -vv myPrettyPony.app
  rejected
  source=no usable signature

  I would suggest that those interested take a look at thread Tutorial on publishing Flex/Air app for Mac App Store or just using Developer ID for general distribution
  However, since that thread is marked as answered, I want to leave this thread open until I find an answer to my particular question: What are the exact steps to properly package and codesign an OS X AIR app for independent distribution to OS X 10.9.5?

• Application failed code signing verification. The signature was invalid

  Hi,
  Earlier we have created iPhone app with adobe air and uploaded it to iOS store. Now we have updated the app and used a new .p12 file and it is generated from a new CSR file and created the build. But while uploading the build from application loader it is giving the following error.
  "Application failed code signing verification. The signature was invalid contains disallowed entitlements or it was not signed with an iPhone distribution Certificate"
  With the same certificate file we have uploaded two more apps developed in HTML5, jQueryMobile and Phonegap. These apps should not effect while we upload the Adobe air iPhone app.
  Please help us to fix the issue.

  I am fairly certain the issue is you are submitting an update to an existing app with a new cert. The other apps work just fine because they are not updates, but new submissions to the app store. You will need to use the same certs that you used with the initial submission.

• Code signing issue with iOS simulator during bot integration

  I am integrating bot to run on iOS simulator only not any device but still getting code signing error- No matching codesigning identity found: No codesigning identities(i.e. certificate and private key pairs) code signing is required for product type 'Application' in SDK 'iOS 7.0'
  I have selected only one simulator under specific devices at the time of creating bot.
  Why this is the problem for simulator too.
  I have also tried by checking don't code sign option. But integration still failed with error-
  CodeSign error:code signing is required for product type 'Application' in SDK 'iOS7'>
  How to fix it? Plz help...

  You should probably take this to the developers forum.

• JWS gives 'failed to parse certificate' error for VALID code sign cert

  Hi,
  For my application, After downloading jar files from web server, JWS (1.2.0_02) gives a Security Warning asking user to trust the Signer.
  However, after clicking Start, it gives another Security Warning which says this:
  Warning: Failed to verify authenticity of this certificate because there was an error parsing the certificate. No assertions can be made of the origin or validity of the code. It is highly recommended not to install and run this code.
  STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
  Sign App jar files with a VALID code signing certificate from Thawte or Verisign (don't use DST or RSA or any other CA as JWS supports only Versign/Thawte root CA entries by default).
  Download the app using JNLP, and you will see this warning.
  EXPECTED -
  It should not give the second security warning. First one is fine as user has to trust the signer.
  There are no logs anywhere to find out what error it encountered parsing the certificate.
  The certificate as such is valid, it was verified with keytool, openSSL and various other tools.
  ACTUAL -
  After downloading an application from web server, JWS gives a Security Warning asking user to trust the Signer.
  However, after clicking Start, it gives another Security Warning which says this:
  Warning: Failed to verify authenticity of this certificate because there was an error parsing the certificate. No assertions can be made of the origin or validity of the code. It is highly recommended not to install and run this code.
  ERROR MESSAGES/STACK TRACES THAT OCCUR :
  Warning: Failed to verify authenticity of this certificate because there was an error parsing the certificate. No assertions can be made of the origin or validity of the code. It is highly recommended not to install and run this code.

  Hello,
  I had the same problem. Here are some additional things to check:
  - every jar in your app MUST be signed by ONE and ONLY ONE certificate.
  - every jar which is presigned should be checked on its own. I had a bad bcprov.jar which nearly drove me nuts. Maybe there are more such 'presigned' jars around.
  One recipe aside:
  Try halfing down the jars in your jnlp file further and further, until it runs again, then you'll probably find the jar which causes this. I would bet a specific jar.
  There's another Bug already known which makes JWS fail on checking the certs on jars with classes which have national characters (even Inner ones!). So you might be checking that, too.
  Hope that helps...
  Patric

• AIR application code signing?

  I have a code signing certificate from StartSSL.com.
  After validation I only get a yellow question mark in the application installer.
  That is already better than the red exclamation mark with a self-signed certificate.
  Can someone give me an example of an AIR application out there that has ALL GREEN in the install dialog?
  What certification authority do I need to sign up with to get an ALL GREEN installation dialog?
  Thanks,
  David

  Hy David, this is an answer I got from StartSSL.
  Have you tried to install your application using the Adobe AIR 2.0 Runtime? It would be interesting to know, how your install dialog looks there.
  Hi Beat,
  On 05/10/2010 08:22 PM, From Beat Besmer:
  Dear Sir or Madam
  I have a rather simple question: Will I be able to sign an Adobe AIR Application with the “Start SSL Verified” Object Sign Feature? I have not found any information on this on your Website or the FAQs.
  It depends what the basis for the trust anchor is, but I suspect since Adobe doesn't support the StartCom root yet, there will be probably a warning for this type of application.
  So far Windows, Apple and Mozilla applications and extensions are supported.
  Regards
  Signer:
  Eddy Nigg, COO/CTO
  StartCom Ltd.
  Twitter:
  Follow StartSSL™
  XMPP:
  [email protected]
  Phone:
  +1.213.341.0390

• Adobe AIR 3 Performance Issues and Code Signing Certificate Problem

  I recently updated to Adobe AIR 3.0 SDK (and runtime) doing HTML/Javascript development using Dreamweaver CS5.5 in a Windows 7 Home Premium (64 bit).
  The AIR app I'm developing runs well from within Dreamweaver. But when I create/package the AIR app and install it on my machine:
  1. The app literally CRAWLS running it in my Windows 7 12G RAM machine (especially when I use the mouse to mouse over a 19-by-21 set of hyperlinks on a grid) --- IT IS THAT SLOOOOWWWW...
  2. The app runs fine in my Mac OS X 10.6.8 with 4G RAM, also using the Adobe AIR 3 runtime.
  About the Code Signing Certificate problem:
  When I try to package the AIR app with ADT using AIR's temporary certificate feature, I get the error message "Could not generate timestamp: handshake alert: unrecognized_name".
  I found some discussions on this problem in an Adobe AIR Google Groups forum, but no one has yet offered any resolution to the issue. Someone said Adobe is using the Geotrust timestamping service --- located at https://timestamp.geotrust.com/tsa --- but going to this page produces a "404 --- Page not found" error.
  The Google Groups Adobe AIR page is here:
  http://groups.google.com/group/air-tight/browse_thread/thread/17cd38d71a385587
  Any ideas about these issues?
  Thanks!
  Oscar

  I recently updated to Adobe AIR 3.0 SDK (and runtime) doing HTML/Javascript development using Dreamweaver CS5.5 in a Windows 7 Home Premium (64 bit).
  The AIR app I'm developing runs well from within Dreamweaver. But when I create/package the AIR app and install it on my machine:
  1. The app literally CRAWLS running it in my Windows 7 12G RAM machine (especially when I use the mouse to mouse over a 19-by-21 set of hyperlinks on a grid) --- IT IS THAT SLOOOOWWWW...
  2. The app runs fine in my Mac OS X 10.6.8 with 4G RAM, also using the Adobe AIR 3 runtime.
  About the Code Signing Certificate problem:
  When I try to package the AIR app with ADT using AIR's temporary certificate feature, I get the error message "Could not generate timestamp: handshake alert: unrecognized_name".
  I found some discussions on this problem in an Adobe AIR Google Groups forum, but no one has yet offered any resolution to the issue. Someone said Adobe is using the Geotrust timestamping service --- located at https://timestamp.geotrust.com/tsa --- but going to this page produces a "404 --- Page not found" error.
  The Google Groups Adobe AIR page is here:
  http://groups.google.com/group/air-tight/browse_thread/thread/17cd38d71a385587
  Any ideas about these issues?
  Thanks!
  Oscar

• Code Signing Cert for AIR and MSI

  If a Code Signing Certificate for AIR is purchased, can that same certificate be used when distributing the package using MSI?
  Or does it not matter as long as the AIR app is signed?

  No, this was a different problem that created similar symptoms.
  I just found out that, since Director 11.5, we can put the Xtras folder inside a projector. I was relying on outdated documentation, both online and in my mind, which said the xtras had to be next to the projector.
  Weirdly, putting the Xtras folder inside the Contents folder (inside the bare stub projector) solved the problem I was having: my sound was not functioning after I code signed the xtra that enables sound. Now it works fine.
  I also created an error when my projector's INI file set Movie01 to a Director movie in the same folder as the projector. Now I have it instead point to a movie in the Resources folder of the projector. So maybe I will just throw all my movies and supporting files in the Resources folder.
  I too am thinking of documenting the process, once I know customers are buying my app and using it successfully. Maybe I'll use screen recording to create a set of YouTube tutorials. That can spare others from this confusion and aggravation, and encourage people to buy the latest version of Director and update their old products. The more money that Adobe earns from Director, the more they will be encouraged to invest in developing Director further.
  If Apple will accept apps without receipt validation, that will certainly simplify things. I saw an Apple web page that stated it was mandatory, but that page has been changed. Maybe validation is optional but no longer required.
  For details, check this:
  https://developer.apple.com/library/mac/releasenotes/General/ValidateAppStoreReceipt/Intro duction.html
  but luckily there is source code out there that can be used to handle those technical details.
  I'm wondering how you applied your set of icons to your bare stub projector. Did you simply replace the projector.icns file? I created an error when I tried that.

• What code signing certificate has to be added for Adobe Air Native Installer?

  Hi,
  I'm developing Adobe Air application. I need to digitally verify the application to add the publisher's name with the product. I did a little research and came to know that Symantec, Thawte, Comodo, Comodo-Tucows, Digicert, Godaddy and couple of others are doing this.
  Yes. I'm talking about the Code Signing Certificate. My question is, What code signing certificate has to be added for Adobe Air Native Installer? The reason is, The native installer will have an extension .exe ( Windows ) and .dmg ( MAC OS X ).
  These guys are providing certificate for Adobe Air. For instance, If the application is exported using Native Installer in Windows, The application will have an .exe extension. For this, Can I use the same Adobe Air code signing certificate or Should I go for Microsoft Autheticode ( for .exe ) certificate?
  Thanks in advance.

  I think comodo code signing certificate is one of the nice option to be added for Adobe Air, as i have seen comodo code signing certificate in other adobe programs. Recently i bought comodo code signing from https://cheapsslsecurity.com/comodo/codesigningcertificate.html, to sign one of my adobe application and it works fine, you can use microsoft authenticode technology with comodo code signing.

• Code signing operation failed

  I got a very frastrating broblem suddenly after I refresh my provisioning profile. I can't distribute any project any more. The error message like this when I'm trying to distribute my project as an ad-hoc ipa.
  Code signing operation failed
  Invalid arguments were passed to codesign. Arguments were: --sign fd2f30b26c9b384c635a044aefa90683239a434a --force --preserve-metadata=identifier,entitlements,resource-rules /var/folders/c6/yjp3wvhx2bv34_wpcg4j779c0000gn/T/AD6840D0-4776-4EEF-BFC6-9EBA2A 1188D6-212-0000012034964EA7/TestSigning.app/TestSigning
  It happens for all the projects even for the newly created one. (All those projects have no problems at all before I got this problem.)
  So I did:
  delete all provisions in xcode
  delete all certificate in keychains
  "Refresh" in "Provisioning Profiles"
  download distribution provision for the specific app
  generate the ipa file
  reinstall the xcode
  Unfortunately none of them work. All my projects can still be running in my device or simulate, but I can't distribute it any more. Can anybody suggest? Thank you so much.

  Hi Dude,
  Can you try this two steps?
  Step1: Open  Edit Scheme --> Click on Run 'Appname' in the left menu --> Go to info --> Build configuration into Distribution /release.
  Step2: Go to projects settings --> Info --> Under config --> Use "Distrbution/ release" for command line builds.
  After that clea the project once and try to distribute it.
  May helps.....

• Code Signing certificate expired

  Hello,
  I please need an information about SGDEE 4.1 login applet: it seems
  applet code signing certificate was expired on September 2, 2005.
  I have no problem (after I deleted all expired root certificates from
  local client repository) with Internet Explorer 6SP1, but Mozilla Firefox
  always prompt me a warning with this contents:
  Serial:     
  [62374265099632433790334794162326322759]
  Issuer:
  N=VeriSign Class 3 Code Signing 2001 CA,
  OU=Terms of use at https://www.verisign.com/rpa (c)01,
  OU=VeriSign Trust Network,
  O="VeriSign, Inc."
  Valid From: Wed Sep 01 02:00:00 CEST 2004,
  To: Fri Sep 02 01:59:59 CEST 2005
  Subject:
  CN="Tarantella, Inc.",
  OU=Digital ID Class 3 - Netscape Object Signing,
  O="Tarantella, Inc.",
  L=Santa Cruz,
  ST=California,
  C=US
  Thank you very much in advance,
  Best Regards,
  Valerio Morozzo

  I know this is an older post, but it helped me find out how to make the migration procedure for native installer. I tried it with self signed certificate created by ADT tool and everything went fine.
  But now, we obtained a commercial AIR signing certificate from Thawte and the process failes in step 3) ADT saying
  'Certificate in PATH_TO_P12 could not be used to sign setup.msi' on Windows.
  On mac, it says that signing native installer on OSX is not supported, so I skipped the signing option in step 3) and it worked fine.
  I can skip the signing option on Windows as well and the process succeeds, but running the installer on machines with previous versions of application results in "Installer mis-configured' error message - the same error as if the migration process was not applied.
  I already contacted Thawte if it is a certificate issue, reply from them was 'AIR certificate can only sign .air applications'. But when I build a native application directly from FlashBuilder and sign it with the Thawte certificate the whole process seem to succeed. The application can be installed on machines without previous version of the application. Those who already have the older version get the 'Installer mis-configured' error message.
  I want to mark out again, that the same process but with a self signed certificate created with ADT, is successfull and the application can be installer as an update on machines with older version of the app. So I assume the workflow is correct.
  Any ideas? Or somebody having the same issue?
  Thanks