cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
Locked
0
Upvote

Code-signing Certificate Renew issue

KevinMacDonald98122
Community Beginner ,
Jun 24, 2011 Jun 24, 2011

We recently renewed our Verisign code-signing certificate, only to discover that it breaks the auto-update process with the notorious error "This application cannot be installed because this installer has been mis-configured." We were able to make it work by using the ADT -migrate command. That is all well and wonderful. But there are two issues I see. First, there is a 180 day cut-off, beyond which users can no longer be updated. Then, when our certificate gets renewed again next year we might be stuck in a situation where we have to choose which users get to be updated and which are orphaned and are forced to uninstall/re-install.

Furthermore, how much of this pain we have to live with becomes a function of how long a certificate we are willing to pay for. If we're a small company forking out the money for a 3 year certificate might be kind of painful. Why should this be a factor? Why is it not straight-forward to renew the same certificate and have installations back to the beginning of time be alright with it?

It could be there is something about the renewal process that is not right. However, when I renewed my Verisign cert their process pretty much forced me to keep everything about the renewed cert the same as the original, otherwise it would not be a 'renewal'.

If there is an arcane trick we are missing I would be most appreciate to know what it is. This should not be this difficult.

Thanks

Kevin

TOPICS
Performance issues
1.2K
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

chris.campbell Adobe Employee
Adobe Employee , Jun 28, 2011 Jun 28, 2011

Hi Kevin,

I've asked around and learned that the process as you describe is "as designed".  However, there are stratigies for minimizing the downsides.

For more information, please see the following documents:

AIR 2.6 Extended Migration Signature Grace Periods

Update Strategies for Changing Certificates

Update Your Applications Regularly

Code Singing in Adobe AIR

Hope this helps,

Chris

Translate
replies 4 Replies 4
latest latest Jump to latest reply
chris.campbell Adobe Employee
Adobe Employee ,
Jun 28, 2011 Jun 28, 2011

Hi Kevin,

I've asked around and learned that the process as you describe is "as designed".  However, there are stratigies for minimizing the downsides.

For more information, please see the following documents:

AIR 2.6 Extended Migration Signature Grace Periods

Update Strategies for Changing Certificates

Update Your Applications Regularly

Code Singing in Adobe AIR

Hope this helps,

Chris

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
KevinMacDonald98122
Community Beginner ,
Jun 28, 2011 Jun 28, 2011
In Response To chris.campbell

Thanks for taking the time to respond. You definitely answered my question. Too bad all of this became apparent way way after we had many users running many different versions. This issue, combined with the changes to the Update Framework that required an intermediate version of our app to be created just to transition people to the new framework, will serve to orphan a good portion of our user base from the update process. Perhaps in a year or so the mess will have straightened itself out and we will then only have to keep track of an ever-growing array of update URLs and their requisite doubly code-signed versions of the app, coordinating that with certificate renewals of course.

Thanks again.

Kevin

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
chris.campbell Adobe Employee
Adobe Employee ,
Jun 28, 2011 Jun 28, 2011
In Response To KevinMacDonald98122

Thanks Kevin.  I'll ping our documentation folks and make sure we stress these points in our docs for developers new to AIR so that others are aware of this when first developing/designing their apps.

Chris

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
KevinMacDonald98122
Community Beginner ,
Jun 29, 2011 Jun 29, 2011
LATEST
In Response To chris.campbell

I would also stress to your development team that these decisions nigh encourage developers like myself to make the decision not to code-sign their applications. My reward for attempting to do things the right way is to get pretty thoroughly hosed by what appears to be an arbitrary "design" decision on Adobe's part to render useless the very function of a renewable certificate. We renew our SSL certificate for our web server every year. It has zero impact on our users or our development efforts. You have taken something that should be virtually transparent to my developers and to my end users, and made it convoluted, frustrating, and ultimately costly to our organization.

What does "as designed" mean in this case Adobe? Please enlighten me.

Kevin

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices