Skip to main content
Mateo666
Mateo666
Known Participant
July 4, 2019
Question

ZXPSignCmd signing extension with a self-signed certificate on mac and windows...

  • July 4, 2019
  • 3 replies
  • 3019 views

I have generated a self-signed certificate on Mac using

ZXPSignCmd -selfSignedCert CA ON MyCompany MyProduct password my-certificate.p12

and then signed my after effect extension using

ZXPSignCmd -sign .extension .extension.zxp .my-certificate.p12 password -tsa http://time.certum.pl

it worked fine on my Mac.

then I pushed everything in git.

Another developer tried to signed the extension on Windows using the same command

ZXPSignCmd -sign .extension .extension.zxp .my-certificate.p12 password -tsa http://time.certum.pl

and got this error ...

Error - Failed to parse certificate. Please check that your certificate file(s) are valid, stored in an accepted file format (e.g. PKCS12 'p12'), and that you have entered the correct password.

If he regenerate the self-signed certificate on windows and sign the extension, it work.

But then when I get it back from git and try to resign the extension I get the same error...

What is going wrong ?

Thanks

Mat

This topic has been closed for replies.

3 replies

Mateo666
Mateo666Author
Known Participant
July 9, 2019

Hi Erin,

no the certificate is not being regenerated. Its just being used to sign the extension. The problem is if the certificate is generated from mac and used on windows (or vice versa) the the signing does not work. If it is generated from mac and used on mac it works. Same on windows.

hope i explained clearly.

erinferinferinf
Adobe Employee
erinferinferinf
Adobe Employee
July 10, 2019

Hi Mat,

I am asking my colleague about this who is a bit more knowledgable on the certificate process.

Meanwhile, he did say that your certificate, once signed, should work on both Mac and Windows.

Best,

Erin

    erinferinferinf
    Adobe Employee
    erinferinferinf
    Adobe Employee
    July 8, 2019

    Hi Mat,

    Sorry about the delay, North American Adobe employees got last week off.

    Code signing is often the most difficult part of the current ZXP process. That said...

    I'm a bit confused; Is your Windows developer trying to sign the same certificate again? Or were you having them try the same command to walk them through the process...?

    If he regenerate the self-signed certificate on windows and sign the extension, it work.

    But then when I get it back from git and try to resign the extension I get the same error...

    Why would you resign the extension? Isn't signing the very last step? I'm not sure what you're trying to do, exactly.

    The discussion in this github repo is correct:

    I know that when you sign files, you should not change or move them in anyway, otherwise it will cause the extension to fail.

    Best,

    Erin F.

    erinferinferinf
    Adobe Employee
    erinferinferinf
    Adobe Employee
    July 8, 2019

    Hi Mat,

    Sorry about the delay, North American Adobe employees got last week off.

    Code signing is often the most difficult part of the current ZXP process. That said...

    I'm a bit confused; Is your Windows developer trying to sign the same certificate again? Or were you having them try the same command to walk them through the process...?

    If he regenerate the self-signed certificate on windows and sign the extension, it work.

    But then when I get it back from git and try to resign the extension I get the same error...

    Why would you resign the extension? Isn't signing the very last step? I'm not sure what you're trying to do, exactly.

    Best,

    Erin F.

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices