• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
Locked
0

AIR [2.6] Applications, Digital signatures

Explorer ,
Jun 14, 2011 Jun 14, 2011

Copy link to clipboard

Copied

We are attempting to roll out some productivity AIR applications.  When I sign an application with our cert, the Air installer recognizes that the file is signed, but Windows does not.

This is a problem because our white listing solution uses Windows to verify signatures, if Windows cannot determine that the file is signed, our service will not permit the Air installer to proceed. 

We have a proper certificate from Verisgn.

This problem exists with both 1.5, and 2.6; in both AIR packages and native installers. 

How/where is this installer package actually being signed?  Is there some work around to allow Windows to see it?

Any guidance would be appreciated.

Thank you

Views

364

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Jun 21, 2011 Jun 21, 2011

Copy link to clipboard

Copied

I don't think Windows can detect if .air files are signed or not, but in the case of native installer, this is supported.

You can pass a certificate to sign the generated native installer in addition to the actual AIR application. This option is available via command-line ADT (sadly, not exposed in FB as this is win only).

Quote:

Optionally, on Windows you can add a second set of signing options, indicated as [WINDOWS_INSTALLER_SIGNING_OPTIONS]

in the syntax listing. On Windows, in addition to signing the AIR file, you can sign the Windows Installer file. Use the same type of certificate and signing option syntax as you would for signing the AIR file (see ADT code signing options). You can use the same certificate to sign the AIR file and the installer file, or you can specify different certificates. When a user downloads a signed Windows Installer file from the web, Windows identifies the source of the file, based on the certificate

From http://help.adobe.com/en_US/air/build/WS789ea67d3e73a8b22388411123785d839c-8000.html

P.S: For more clarification regarding this, the AIR installation forum will be a better place: http://forums.adobe.com/community/air/installation?view=discussions&start=0

-Anirudh

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Jun 23, 2011 Jun 23, 2011

Copy link to clipboard

Copied

LATEST

Thank you, I had attempted to use ADT since posting, but had overlooked the [WINDOWS_INSTALLER_SIGNING_OPTIONS].

Current state/Lessons learned:

Signed native installer published from FB with the windows SDK's signtool.

and

Used ADT to package signed AIR file into a (different) signed native installer (had to use a PFX* cert, the p12 did not work for some reason)

Sadly, while both are detected as signed applications by windows, but both are still flagged by our whitelisting software.

At least we know where to direct our complaints now!

* If you need to turn a p12 into a PFX (also required to use signtool): import the p12 into Internet Explorer (Internet Options-> Content-> Certificates in IE8), and simply export it again as a PFX.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines