What code signing certificate has to be added for Adobe Air Native Installer?
Hi,
I'm developing Adobe Air application. I need to digitally verify the application to add the publisher's name with the product. I did a little research and came to know that Symantec, Thawte, Comodo, Comodo-Tucows, Digicert, Godaddy and couple of others are doing this.
Yes. I'm talking about the Code Signing Certificate. My question is, What code signing certificate has to be added for Adobe Air Native Installer? The reason is, The native installer will have an extension .exe ( Windows ) and .dmg ( MAC OS X ).
These guys are providing certificate for Adobe Air. For instance, If the application is exported using Native Installer in Windows, The application will have an .exe extension. For this, Can I use the same Adobe Air code signing certificate or Should I go for Microsoft Autheticode ( for .exe ) certificate?
Thanks in advance.
I think comodo code signing certificate is one of the nice option to be added for Adobe Air, as i have seen comodo code signing certificate in other adobe programs. Recently i bought comodo code signing from https://cheapsslsecurity.com/comodo/codesigningcertificate.html, to sign one of my adobe application and it works fine, you can use microsoft authenticode technology with comodo code signing.
Similar Messages
-
What Technology used for Adobe AIR Installer
Hi...Guys..For Mac environment what technology was used to built Adobe AIR Installer Window,the one we get when Installing Adobe AIR Application.I need to identify the Elements in it such as Agree,Cancel etc..But i am not able to do that..It will be helpful if any one suggest the automation tool to identify those elements so that i can automate the installation procedure of AIR...Plz reply...its an emergency..thanks in advance.
I think comodo code signing certificate is one of the nice option to be added for Adobe Air, as i have seen comodo code signing certificate in other adobe programs. Recently i bought comodo code signing from https://cheapsslsecurity.com/comodo/codesigningcertificate.html, to sign one of my adobe application and it works fine, you can use microsoft authenticode technology with comodo code signing.
-
What kind of code signing certificate do I need for Profile Manager?
I'm new to Lion Server and the Profile Manager, and I'm wondering what kind of CA-recognized code signing certificate I would need to buy to use in the Profile Manager -> Sign configuration profiles? For example, Verisign sells a bunch of different kind (http://www.verisign.com/code-signing/): Microsoft Authenticode, Java, etc.
PatrickThe cable should be just the normal one, the special smarts that tell the tablet to charge at full speed is in the power brick.
-
A PKI Code Signing Certificate question.
Hello,
Can someone please help me with the following question.
I have created and used a code Signing certificate from our Microsoft Enterprise CA before which works OK, but I am not sure I did it correctly, and have a few related questions please.
what I did.
1: Logged on the CA directly, went to the CertSvc web site, requested a code signing cert, issued it and exported it along with the private key.
2: Imported the above certificate into CurrentUser/My store on PC and used it to sign code
3: Took the came certificate (along with the private key, and this is where perhaps I made at least one mistake) and imported it into the 'Trusted Publishers' store the PC that will be running the signed code. This step was done so the user does not receive
a message asking if they want to run the code signed by "AAnotherUser" as it were, as although the code is signed by a trusted CA, the user still gets this warning message as the 'Publisher' is not in the 'Trusted Publishers' list. Therefore the
way I sorted this at the time was to take the whole certificate as above and import to this store.
The first mistake I made (as far as I can see as I am new to this area) I think I should have not imported the certificate 'along with its private key' into the trusted publishers store? in other words should I have imported the certificate 'minus its
private key' into the trusted publishers store?
Also, I understand you have to have the certificate along with is private key to sign code. I am 'assuming' a Hash of the code is taken and this is signed (encrypted) with the private key (in the same way a CA signs a CSR for a WEBServer cert for example),
is that correct i.e. is that what it mean to sign code?
if the above is correct then I assume you only need the 'public' key of the code signed cert in the 'Trusted Publishers Store' to verify the code was signed by a trusted CA and it has not been altered e.g. the Hash code still computes to the same value.
Is this correct?
My next question is regarding the private key. As I need to 'Login' to AD in order to request a code signing cert, can the 'private key' not be stored securely in AD along with my AD User account?
if the above is possible (which would make good sense to me I think) then I do not have to worry about looking after the safety of the private key as the system 'AD' can do this for me. It would also mean which every computer I logon to in the domain I would
have access to the private key (but no other user) and therefore be able to sign code I assume. Does this last paragraph make sense can this be done/is this done?
Basically I need to understand the above, in order to understand more about Crypto.
I also need create a code signing cert for a 'department' of about 10 people. Therefore I was thinking about creating and AD account called 'XYZCorpCodeSigning' or what ever, and issuing a code singing cert to this entity. If the private key could be stored
in AD then accessed used once signed in as this account (these 10 people would need to know the password for the account) this would make life easier/more secure, I think.
I know there are several question above, but it would be great it they would be answered as I would help me understand more about how it all works and to solve a problem too
Thanks very much
AAnotherUser__
AAnotherUser__> The first mistake I made (as far as I can see as I am new to this area) I think I should have not imported the certificate 'along with its private key' into the trusted publishers store
yes, it is not correct. Only public part should be imported to a Trusted Publishers container.
> is that correct i.e. is that what it mean to sign code
exactly. Encryption with private key and decrypting with public key is called "digital signature".
> if the above is correct then I assume you only need the 'public' key of the code signed cert in the 'Trusted Publishers Store' to verify the code was signed by a trusted CA and it has not been altered e.g. the Hash code still computes to the same
value. Is this correct?
yes. Client uses only public part of the certificate to validate the signature.
> As I need to 'Login' to AD in order to request a code signing cert, can the 'private key' not be stored securely in AD along with my AD User account?
normally code signing certificates are not stored in Active Directory and should not be there, because signing certificate is included in the signature field.
> I do not have to worry about looking after the safety of the private key as the system 'AD' can do this for me.
this is wrong assumption. A user is responsible to protect signing private key from unauthorized use.
> If the private key could be stored in AD then accessed used once signed in as this account (these 10 people would need to know the password for the account) this would make life easier/more secure
wouldn't, because if something happens -- you will never know who compromised the key.
as a general practice, we recommend to purchase at least few smart cards to store signing keys. Depending on a particular code development practice, there might be a dedicated employee (for example, manager of devs) who the only has access to a smart card
(and PIN) and signs the code upon dev request. Or issue a dedicated smart card with unique signing certificate to each developer. However this will add a complexity in signing certificate trust management.
My weblog: en-us.sysadmins.lv
PowerShell PKI Module: pspki.codeplex.com
PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
Check out new: SSL Certificate Verifier
Check out new:
PowerShell FCIV tool. -
Code-signing Certificate Renew issue
We recently renewed our Verisign code-signing certificate, only to discover that it breaks the auto-update process with the notorious error "This application cannot be installed because this installer has been mis-configured." We were able to make it work by using the ADT -migrate command. That is all well and wonderful. But there are two issues I see. First, there is a 180 day cut-off, beyond which users can no longer be updated. Then, when our certificate gets renewed again next year we might be stuck in a situation where we have to choose which users get to be updated and which are orphaned and are forced to uninstall/re-install.
Furthermore, how much of this pain we have to live with becomes a function of how long a certificate we are willing to pay for. If we're a small company forking out the money for a 3 year certificate might be kind of painful. Why should this be a factor? Why is it not straight-forward to renew the same certificate and have installations back to the beginning of time be alright with it?
It could be there is something about the renewal process that is not right. However, when I renewed my Verisign cert their process pretty much forced me to keep everything about the renewed cert the same as the original, otherwise it would not be a 'renewal'.
If there is an arcane trick we are missing I would be most appreciate to know what it is. This should not be this difficult.
Thanks
KevinHi Kevin,
I've asked around and learned that the process as you describe is "as designed". However, there are stratigies for minimizing the downsides.
For more information, please see the following documents:
AIR 2.6 Extended Migration Signature Grace Periods
Update Strategies for Changing Certificates
Update Your Applications Regularly
Code Singing in Adobe AIR
Hope this helps,
Chris -
Hello,
I have an applet running in embeddad systems. This program runs without any problem since 8u31 update! After this update it starts to give java security warning and stops running.
Here is the warning message:
"Your security settings have blocked an application signed with an expired or not-yet-valid certificate from running"
What it says is true; my Code Signing Certificate (CSC) is valid between 24 Jan 2014 and 25 Jan 2015. And it expired! However, while i was signing my applet with this certificate i used "timestamp". The authority i choosed was DigiCert. My signing date was 26 Jan 2014 (when my CSC was valid).
When i started to have this Java Security Error, first i thought i mis-timestamped my code, and check by using the jarsigner -verify command. Here is a partial result:
s 19607 Mon Jan 27 13:17:34 EET 2014 META-INF/MANIFEST.MF
[entry was signed on 27.01.2014 13:19]
X.509, CN=TELESIS TELECOMMUNICATION SYSTEMS, OU=ARGE, O=TELESIS TELECOMMUNICATION SYSTEMS, STREET=TURGUT OZAL BLV.NO:68, L=ANKARA, ST=ANKARA, OID.2.5.4.17=06060, C=TR
[certificate is valid from 24.01.2014 02:00 to 25.01.2015 01:59]
X.509, CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
[certificate is valid from 24.08.2011 03:00 to 30.05.2020 13:48]
X.509, CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
[certificate is valid from 07.06.2005 11:09 to 30.05.2020 13:48]
X.509, CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
[certificate is valid from 30.05.2000 13:48 to 30.05.2020 13:48]
sm 495 Thu Jan 23 14:55:22 EET 2014 telesis/WebPhone$1.class
As you may see the timestamp was correctly done. And it is in the valid period of CSC.
Than i started to check how Java confirms the Certificate, and found some flowcharts.
Here is an example from DigiCert:
Code Signature Verification Process
After the Web browser downloads the Applet or Web Start application, it checks for a timestamp, authenticates the publisher and Certificate Authority (CA), and checks to see if the code has been altered/corrupted.
The timestamp is used to identify the validation period for the code signature. If a timestamp is discovered, then the code signature is valid until the end of time, as long as the code remains unchanged. If a timestamp is not discovered, then the code signature is valid as long as the code remains unchanged but only until the Code Signing Certificate expires. The signature is used to authenticate the publisher and the CA, and as long as the publisher (author or developer) has not been blacklisted, the code signature is valid. Finally, the code is checked to make sure that it has not been changed or corrupted.
If the timestamp (or Code Signature Certificate expiration date) is verified, the signature is validated, and the code is unchanged, then the Web browser admits the Applet or Web Start application. If any of these items do not check out, then the Web browser acts accordingly, with actions dependent on its level of security.
So according to this scheme, my applet had to work properly, and without security warning.
However i also found that from Oracle, which also includes the timestamping authorities Certification validity period??? :
The optional timestamping provides a notary-like capability of identifying
when the signature was applied.
If a certificate passes its natural expiration date without revocation,
trust is extended for the length of the timestamp.
Timestamps are not considered for certificates that have been revoked,
as the actual date of compromise could have been before the timestamp
occurred.
source: https://blogs.oracle.com/java-platform-group/entry/signing_code_for_the_long
So, could anyone please explain why Java gives security error when someone tries to reach that applet?
Here is a link of applet: http://85.105.68.11/home.asp?dd_056
I know the situation seems a bit complicated, but i tried to explain as simple as i can.
waiting for your help,
regards,
AnılHello,
I have an applet running in embeddad systems. This program runs without any problem since 8u31 update! After this update it starts to give java security warning and stops running.
Here is the warning message:
"Your security settings have blocked an application signed with an expired or not-yet-valid certificate from running"
What it says is true; my Code Signing Certificate (CSC) is valid between 24 Jan 2014 and 25 Jan 2015. And it expired! However, while i was signing my applet with this certificate i used "timestamp". The authority i choosed was DigiCert. My signing date was 26 Jan 2014 (when my CSC was valid).
When i started to have this Java Security Error, first i thought i mis-timestamped my code, and check by using the jarsigner -verify command. Here is a partial result:
s 19607 Mon Jan 27 13:17:34 EET 2014 META-INF/MANIFEST.MF
[entry was signed on 27.01.2014 13:19]
X.509, CN=TELESIS TELECOMMUNICATION SYSTEMS, OU=ARGE, O=TELESIS TELECOMMUNICATION SYSTEMS, STREET=TURGUT OZAL BLV.NO:68, L=ANKARA, ST=ANKARA, OID.2.5.4.17=06060, C=TR
[certificate is valid from 24.01.2014 02:00 to 25.01.2015 01:59]
X.509, CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
[certificate is valid from 24.08.2011 03:00 to 30.05.2020 13:48]
X.509, CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
[certificate is valid from 07.06.2005 11:09 to 30.05.2020 13:48]
X.509, CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
[certificate is valid from 30.05.2000 13:48 to 30.05.2020 13:48]
sm 495 Thu Jan 23 14:55:22 EET 2014 telesis/WebPhone$1.class
As you may see the timestamp was correctly done. And it is in the valid period of CSC.
Than i started to check how Java confirms the Certificate, and found some flowcharts.
Here is an example from DigiCert:
Code Signature Verification Process
After the Web browser downloads the Applet or Web Start application, it checks for a timestamp, authenticates the publisher and Certificate Authority (CA), and checks to see if the code has been altered/corrupted.
The timestamp is used to identify the validation period for the code signature. If a timestamp is discovered, then the code signature is valid until the end of time, as long as the code remains unchanged. If a timestamp is not discovered, then the code signature is valid as long as the code remains unchanged but only until the Code Signing Certificate expires. The signature is used to authenticate the publisher and the CA, and as long as the publisher (author or developer) has not been blacklisted, the code signature is valid. Finally, the code is checked to make sure that it has not been changed or corrupted.
If the timestamp (or Code Signature Certificate expiration date) is verified, the signature is validated, and the code is unchanged, then the Web browser admits the Applet or Web Start application. If any of these items do not check out, then the Web browser acts accordingly, with actions dependent on its level of security.
So according to this scheme, my applet had to work properly, and without security warning.
However i also found that from Oracle, which also includes the timestamping authorities Certification validity period??? :
The optional timestamping provides a notary-like capability of identifying
when the signature was applied.
If a certificate passes its natural expiration date without revocation,
trust is extended for the length of the timestamp.
Timestamps are not considered for certificates that have been revoked,
as the actual date of compromise could have been before the timestamp
occurred.
source: https://blogs.oracle.com/java-platform-group/entry/signing_code_for_the_long
So, could anyone please explain why Java gives security error when someone tries to reach that applet?
Here is a link of applet: http://85.105.68.11/home.asp?dd_056
I know the situation seems a bit complicated, but i tried to explain as simple as i can.
waiting for your help,
regards,
Anıl -
NSUserDefaults stopped working after installing code sign certificates (?)
The following code has worked fine in the iPhone simulator.
NSUserDefaults *userDefaults = [NSUserDefaults standardUserDefaults];
myFloat = [userDefaults floatForKey:@"myFloat"];
myString = [userDefaults stringForKey:@"myString"];
Today I installed the code signing certificates and all the updates necessary to deploy my code to a device. That part works fine, and I'm able to install and run my apps on the iPhone device.
The problem is that the above code has stopped working. myFloat is now always 0.0 and myString is now always nil. If I go into the Settings app, my preferences UI is still there and I can change and persist the preference values. But my app no longer sees those values.
I'm assuming this broke because of the changes related to code signing and device deployment, but I'm not sure since there is no way (?) to roll back those changes.
Has anyone else encountered this problem?
Thanks,
NickI have the same issue with SDK Beta 7, I can't get my preferences to persist (although in my case I'm not using the Settings app to alter settings). This is what I am doing:
+(void) initialize
NSUserDefaults *defaults = [NSUserDefaults standardUserDefaults];
NSDictionary *appDefaults = [NSDictionary dictionaryWithObject:@"YES" forKey:@"SomeValue"];
[defaults registerDefaults:appDefaults];
in initwithFrame:
if ([[NSUserDefaults standardUserDefaults] boolForKey:@"SomeValue"]) {
[[NSUserDefaults standardUserDefaults] setObject:@"NO" forKey:@"SomeValue"];
} else {
[[NSUserDefaults standardUserDefaults] setObject:@"YES" forKey:@"SomeValue"];
and I synchronize in applicationWillTerminate. Settings just don't persist. -
Signing a package with .pfx code signing certificate
Hi,
I've got a code signing certificate (.pfx) from GlobalSign and tried to sign my extension package.
I used the ZXPSignCmd tool and got the following response:
Unable to build a valid certificate chain. Please make sure that all certificates are included in the certificate file.
The necessary certificate chain is installed on my system (Windows 7):
My code signing certificate,
the certificate from GlobalSign the signed my certificate
and the GlobalSign root certificate that signed it.
The OpenSSL info output for the certificate looks fine too:
MAC Iteration 2000
MAC verified OK
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2000
Certificate bag
Certificate bag
Certificate bag
On the other hand signing other files with the Windows SDK Signtool works and results in a correct certificate chain (visible in the file's details).
Any idea what I might be doing wrong?
Regards
PhilippHi Philipp,
No, it doesn't matter - using Certificate Manager should also have worked.
I don't think the issue is that the wrong root certificate has been chosen, otherwise we'd be seeing a different error. In the PEM file you exported, I would expect to see several certificate sections, each starting with BEGIN CERTIFICATE and ending with END CERTIFICATE. Just above each certificate's "BEGIN CERTIFICATE" line should be "subject" and "issuer" - the last certificate (at the bottom of the PEM file), should have your personal certificate name as the subject. Then, working upwards, each certificate should have an "issuer" which matches the "subject" of the certificate above it.
The first certificate in the PEM file should have the same value for "subject" and "issuer" - identifying the certificate authority's root certificate.
Also in the PEM file I'd expect to see a section "BEGIN RSA PRIVATE KEY"...."END RSA PRIVATE KEY".
Does this all match what you're seeing?
Assuming your PEM file looks OK, you could try using OpenSSL to convert it to PKCS12 format, using the command:
openssl pkcs12 –export –in my_pem_file.pem –out my_pkcs12_file.p12
Also, please ensure that you're using only ASCII characters in your P12 password, just in case that's causing problems.
Best regards,
Fraser -
Adobe AIR 3 Performance Issues and Code Signing Certificate Problem
I recently updated to Adobe AIR 3.0 SDK (and runtime) doing HTML/Javascript development using Dreamweaver CS5.5 in a Windows 7 Home Premium (64 bit).
The AIR app I'm developing runs well from within Dreamweaver. But when I create/package the AIR app and install it on my machine:
1. The app literally CRAWLS running it in my Windows 7 12G RAM machine (especially when I use the mouse to mouse over a 19-by-21 set of hyperlinks on a grid) --- IT IS THAT SLOOOOWWWW...
2. The app runs fine in my Mac OS X 10.6.8 with 4G RAM, also using the Adobe AIR 3 runtime.
About the Code Signing Certificate problem:
When I try to package the AIR app with ADT using AIR's temporary certificate feature, I get the error message "Could not generate timestamp: handshake alert: unrecognized_name".
I found some discussions on this problem in an Adobe AIR Google Groups forum, but no one has yet offered any resolution to the issue. Someone said Adobe is using the Geotrust timestamping service --- located at https://timestamp.geotrust.com/tsa --- but going to this page produces a "404 --- Page not found" error.
The Google Groups Adobe AIR page is here:
http://groups.google.com/group/air-tight/browse_thread/thread/17cd38d71a385587
Any ideas about these issues?
Thanks!
OscarI recently updated to Adobe AIR 3.0 SDK (and runtime) doing HTML/Javascript development using Dreamweaver CS5.5 in a Windows 7 Home Premium (64 bit).
The AIR app I'm developing runs well from within Dreamweaver. But when I create/package the AIR app and install it on my machine:
1. The app literally CRAWLS running it in my Windows 7 12G RAM machine (especially when I use the mouse to mouse over a 19-by-21 set of hyperlinks on a grid) --- IT IS THAT SLOOOOWWWW...
2. The app runs fine in my Mac OS X 10.6.8 with 4G RAM, also using the Adobe AIR 3 runtime.
About the Code Signing Certificate problem:
When I try to package the AIR app with ADT using AIR's temporary certificate feature, I get the error message "Could not generate timestamp: handshake alert: unrecognized_name".
I found some discussions on this problem in an Adobe AIR Google Groups forum, but no one has yet offered any resolution to the issue. Someone said Adobe is using the Geotrust timestamping service --- located at https://timestamp.geotrust.com/tsa --- but going to this page produces a "404 --- Page not found" error.
The Google Groups Adobe AIR page is here:
http://groups.google.com/group/air-tight/browse_thread/thread/17cd38d71a385587
Any ideas about these issues?
Thanks!
Oscar -
Differences between SSL and Code-Signing Certificates
Hello,
I unsuccessfully tried to use a SSL - certificate for signing an applet (converting from X.509 to PKCS12 prior to signing) and learned, that SSL certificates and code-signing certificates are different things (after seeking the web for ours). Can somebody point out some source of information about this topic ? What are these differences ? Can I convert my SSL certificate into a code-signing certificate ?
Things got even more confusing for me, since my first attempt with an wrongly converted SSL cetificate (I used my public and private key for conversion only, omitting the complete chain) at least worked partly: the certificate was accepted, but marked as coming from some untrustworthy organisation. After making a correct conversion (with the complete chain) the java plugin rejected the certificate completely ...
Ulfyep, looks like it.
keytool can be used with v3 x509 stores:
Using keytool, it is possible to display, import, and export X.509 v1, v2, and v3 certificates stored as files, and to generate new self-signed v1 certificates. For examples, see the "EXAMPLES" section of the keytool documentation ( for Solaris ) ( for Windows ).
jarsigner needs a keystore so I would assume public and private key pair.
you could list the keys from your store:
C:\temp>keytool -list -keystore serverkeys.key
Enter keystore password: storepass
Keystore type: jks
Keystore provider: SUN
Your keystore contains 2 entries
client, Jul 5, 2005, trustedCertEntry,
Certificate fingerprint (MD5): 13:50:77:64:94:36:2E:18:00:4B:90:65:D0:26:22:C8
server, Jul 5, 2005, keyEntry,
Certificate fingerprint (MD5): 20:90:49:6F:46:BA:AB:11:75:39:9F:6F:29:1F:AB:58
The server is the private key, this can be used with jarsigner (alias option).
C:\temp>jarsigner -keystore serverkeys.key -storepass storepass -keypass keypass
-signedjar sTest.jar test.jar client
jarsigner: Certificate chain not found for: client. client must reference a val
id KeyStore key entry containing a private key and corresponding public key cert
ificate chain.
C:\temp>jarsigner -keystore serverkeys.key -storepass storepass -keypass keypass
-signedjar sTest.jar test.jar server -
In OS X Maverick's XCode, I created a brand new Mac > "Cocoa Application", with Core Data and Spotlight Importerl; about as vanilla a Cocoa application I could muster.
Under Preferences > Accounts, I signed in to my Mac Developer Account.
In Targets > Identity, I set Signing to "Mac App Store", and was able to select my Mac Developer Account for "Team".
I then went to Product > Clean, and then Product > Build for... > Running, and then Produt > Archive.
In the Organizer, I select the resulting .app and click "Validate", and hit the Mac App Store radio, and hit "Next", and it's able to log into my Mac Developer Account.
I select my Provisioning Profile in the dropdown, and click "Validate".
It comes back with several errors:
1 - "Invalid Provisioning Profile. The provisioning profile included in the bundle {BUNDLENAME} [{BUNDLENAME}.app] is invalid. [Missing code-signing certificate.] For more information, visit the Mac OS Developer Portal."
2 - "The bundle identifier cannot be changed from the current value, '{DIFFERENT-BUNDLE-FROM-OTHER-PROJECT}'. If you want to change your bundle identifier, you will need to create a new application in iTunes Connect.
3 - Invalid Code Signing Entitlements. The entitlements in your app bundle signature do not match the ones that are contained in the provision profile. The bundle contains a key that is not included in the provisioning profile: 'com.apple.applications-identifier' in '{BUNDLENAME}.app/Contents/MacOS/{BUNDLENAME}'
I was able to do the same process before, for a vanilla app, before Mavericks. I'm not sure if this is a Mavericks error, or a fact that now I have multiple app projects. Particularly odd is that DIFFERENT-BUNDLE-FROM-OTHER-PROJECT in error (2) is not the same bundle name as the current project's bundle.
Would love any help you can provide! Thank you!Seen this thread?
New codesign behavior, --deep option
"Code signing has some interesting changes in Mavericks (that apparently haven't made it into the release notes yet...). Note that this is a change to the operating system, not to the devtools." -
Renew my code sign certificate?
I run a Mavericks server that serves profile manager, file, and time machine services. My code sign cert expires in a couple weeks. When you go into Server.app > Certificates and double click on it, there isn't a "Renew" button like there is for other certs I've renewed.
How would I renew this? And what impact would it have on my running services (ie. would I have to re-enroll everyone in profile manager)? Thank you.Does OS X Server: Renewing Profile Manager's code signing certificate - Apple Support help?
-
Document signing requires code signing certificate
Prior to applying update 11.0.9 we could use more certificates to sign Reader Document. Now only Code signing certificates or ones with All Purposes work.
Our users do not have Code Signing certificates or ones with all purposes.
What changed? And how do I get my original certifcates working again for signing?Hello Jeff,
The behavior change you've noticed with your certificates in version 11.0.9 is not a bug.
In version 11.0.9, Adobe introduced changes in the way digital certificates are filtered for signing.
The changes were made in order to align certificate use more closely with the spec, RFC 5280.
Starting in version 11.0.9, Acrobat/Reader filter off of the extended key usage (EKU) extensions in addition to the Key Usage (KU) extensions.
The certificate you mention with the EKU extension OID (1.3.6.1.4.1.311.10.3.12) is purposely filtered out.
Starting in version 11.0.9, certificates that are available for signing must have a Key Usage extension of digitalSignature or nonRepudiation. Or no KU extension.
If an EKU extension is present, it must have a value of emailProtection or codeSigning or anyExtendedKeyUsage (OID 2.5.29.37.0).
These changes are not present in the current release of Acrobat/Reader X 10.1.12.
Documentation on this topic is not yet available.
Regards,
Charlene -
Using a Code Signing Certificate for download on Azure
Currently, I have a hosted web application and Web API on a VM that I use to allow users to download an executable file that is signed with a Code Signing certificate. My question is how would I do the same thing with a Web Role or Cloud Service? The
goal is to move to PAAS in Azure with our web application.
Thanks for any help in advance.I appreciate the link to the article, but I don't need an SSL certificate, I need a code signing certificate. I'm afraid this post does not help me at all. What I need is a certificate to sign my downloadable applications with. I have
an .exe file that users can download, and I need those people to know my code can be trusted, which is why I need the code signing certificate. My problem is how do I utilize this with a Web Role or Cloud Service? -
Managing Windows Phone's and Symantec Code Signing certificate
Hi,
We need to renew the code signing certificate from Symantec. However, we only use it to manage the Windows Phone devices and don't publish apps. Do we still need to spend $300 on renewing this cert? Can't I manage them for free like our iOS and Android devices?You REQUIRE the Symantec Code Signing Certificate to manage Windows Phones via Windows Intune. This is a requirement of the device rather than the management solution.
You CAN manage Windows Phones without this cert using only Exchange active sync management in Intune. However this management is very basic and has no advanced features (basically the features provided by Exchange rather than Intune).
Gerry Hampson | Blog:
www.gerryhampsoncm.blogspot.ie | LinkedIn:
Gerry Hampson | Twitter:
@gerryhampson
Maybe you are looking for
-
Image Maps not working in Firefox or IE
For some reason my Golive 9 submenu image maps (News, Locations, etc.) work in Safari, but not in Firefox or IE. Plus some elements seem scrambled in the two latter browser apps. Here's the web page: http://www.frankparsons.com/express/index.html Why
-
I only ever activated one license for cs5 mac. Stuck using PC now. Help please.
Now I'm using a Wacom companion, and forced to operate windows on it. Isn't there something I can do or someone I can talk to in order to gain access on both operating systems?
-
Adobe air installer wont do anything
today i got an error message saying that adobe air wasent working so i unistalled it and downloaded it fresh from the site but when i try to run the installer nothing happends it just sits there in the prosses list in that task manager here the adobe
-
Not sure why this could happen
-
Attached document in PR cannot copied into the PO
hi, i am creating a purchase order with reference to purchare request. all the item from the pr is copied into the po (eg. description,qty, etc) except the document attached in the pr. is there anyway this can be configure whereby the attached docume