Skip to main content
K
KevinMacDonald98122
Participating Frequently
June 25, 2011
Answered

Code-signing Certificate Renew issue

  • June 25, 2011
  • 1 reply
  • 1202 views

We recently renewed our Verisign code-signing certificate, only to discover that it breaks the auto-update process with the notorious error "This application cannot be installed because this installer has been mis-configured." We were able to make it work by using the ADT -migrate command. That is all well and wonderful. But there are two issues I see. First, there is a 180 day cut-off, beyond which users can no longer be updated. Then, when our certificate gets renewed again next year we might be stuck in a situation where we have to choose which users get to be updated and which are orphaned and are forced to uninstall/re-install.

Furthermore, how much of this pain we have to live with becomes a function of how long a certificate we are willing to pay for. If we're a small company forking out the money for a 3 year certificate might be kind of painful. Why should this be a factor? Why is it not straight-forward to renew the same certificate and have installations back to the beginning of time be alright with it?

It could be there is something about the renewal process that is not right. However, when I renewed my Verisign cert their process pretty much forced me to keep everything about the renewed cert the same as the original, otherwise it would not be a 'renewal'.

If there is an arcane trick we are missing I would be most appreciate to know what it is. This should not be this difficult.

Thanks

Kevin

This topic has been closed for replies.
Correct answer chris.campbell

Hi Kevin,

I've asked around and learned that the process as you describe is "as designed".  However, there are stratigies for minimizing the downsides.

For more information, please see the following documents:

AIR 2.6 Extended Migration Signature Grace Periods

Update Strategies for Changing Certificates

Update Your Applications Regularly

Code Singing in Adobe AIR

Hope this helps,

Chris

1 reply

chris.campbell
chris.campbellCorrect answer
Legend
June 28, 2011

Hi Kevin,

I've asked around and learned that the process as you describe is "as designed".  However, there are stratigies for minimizing the downsides.

For more information, please see the following documents:

AIR 2.6 Extended Migration Signature Grace Periods

Update Strategies for Changing Certificates

Update Your Applications Regularly

Code Singing in Adobe AIR

Hope this helps,

Chris

K
KevinMacDonald98122Author
Participating Frequently
June 28, 2011

Thanks for taking the time to respond. You definitely answered my question. Too bad all of this became apparent way way after we had many users running many different versions. This issue, combined with the changes to the Update Framework that required an intermediate version of our app to be created just to transition people to the new framework, will serve to orphan a good portion of our user base from the update process. Perhaps in a year or so the mess will have straightened itself out and we will then only have to keep track of an ever-growing array of update URLs and their requisite doubly code-signed versions of the app, coordinating that with certificate renewals of course.

Thanks again.

Kevin

chris.campbell
chris.campbell
Legend
June 29, 2011

Thanks Kevin.  I'll ping our documentation folks and make sure we stress these points in our docs for developers new to AIR so that others are aware of this when first developing/designing their apps.

Chris

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices