I have two different system:
On both systems the old "Adobe Illustrator CC 2018" is installed and running.
One of our customers is still using this old Illustrator version and we have developed a plugin and extension for it.
When I install the plugin and extension on both systems, the extensions only work on the desktop-pc and not on the laptop.
The only way to make the extensions work on the laptop is by opening the registry-editor, browsing to "HKEY_CURRENT_USER\SOFTWARE\Adobe\CSXS.8" and adding the string "PlayerDebugMode" with the value "1". After that, the extensions also work on the laptop. But I dont want the customer to do this.
I have signed the extensions using the "ZXPSignCmd.exe" and a self-signed certificate.
On both desktop-pc and laptop, when I verify the signed package, I get the following output:
It says "Timestamp valid", but "OS Trusted: false". But nevertheless it is working on the desktop-pc.
Even when I sign the extensions with a new self-signed certificate on the laptop under win10-home, the resulting extension-package is only working on the desktop-pc under win10-professional and not on the laptop itself.
The "manifest.xml" and everything is completely the same.
I copied the extensions on both systems in the folder "C:\Program Files\Adobe\Adobe Illustrator CC 2018\Support Files\Required\CEP\extensions".
What am I missing here?
I am grateful for any help. Thank you very much in advance.
Previously I used the tsa timestamp-server "http://time.certum.pl" for signing.
Interestingly, this led to a valid verification on the desktop-pc but to an invalid verification on the laptop ("Invalid timestamp"), although I use the same "ZXPSignCmd.exe" and the same extension-package.
Now I use the timestamp-server "http://timestamp.digicert.com" for signing.
With this, the verification is valid on both desktop-pc and laptop (refer to screenshot above). However, it still does not work for the latter.
Ah-hah! A team member helped me get to the bottom of this. Here was the solution:
- The issue
The developer from plugin pswidget has reported an issue in Photoshop & AI (Illustrator) when they tried to download an asset from their server with Https.get using self-signed certificate authorization. However the same plugin has found to be working fine with ID (InDesign).
- We found below errors when pswidget is using self-signed certificate authorization in Https.get to download an asset. Node doesn't allow the self-signed certificate authorized connections. It is recommended to use a proper SSL Cert from a trusted source. Although for development we could use a few flags for node to bypass these checks(Try: rejectUnauthorize = false; Check https://stackoverflow.com/questions/45088006/nodejs-error-self-signed-certificate-in-certificate-cha... )
In apiManager.js Error: self signed certificate at TLSSocket.onConnectSecure (node:_tls_wrap:1531) at TLSSocket.emit (node:events:378) at TLSSocket._finishInit (node:_tls_wrap:945) at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:719)
ID on the other hand is pointing to web version of this plugin embedded inside an iframe, which is a totally different flow.
Please use a trusted certificate in production & try rejectUnauthorize = false for development purposes to bypass this problem.
There's a known issue at the moment where self-signing in some Windows environments isn't working.
The workaround are:
I know both of those options are not great... Even if you can say, emulate macOS somewhere, I'm not sure signing would work. Certificate authorites are quite expensive, as well.
Of course, now I can't find this issue reported anywhere from anyone other than me. Maybe this thread will be useful: https://github.com/Adobe-CEP/CEP-Resources/issues/344
Thank you very much for your answer and all the informations.
Could this be a hint?
Or does the ZXPInstaller not work with self-signed extensions?
I could't find a log-file so far, which explaines why exactly the extension is not compatible with the installed application.
Thanks in advance for any further help.
I venture on in my quest for successful extension-signing. 😉
Small addition again:
The more I learn, the more I get confused. 😉
I found out, why the ZXPInstaller throws the error message.
On both pc-systems I have two Illustrator versions installed: Illustrator CC 2018 and Illustrator 2021.
Therefore I have two different signed ".zxp"-extensions.
When I try to install the extension for Illustrator CC 2018, ZXPInstaller throws the error message.
When I try to install the extension for Illustrator 2021, ZXPInstaller tells me, the installation worked fine.
So, somehow the ZXPInstaller only sees the latest Illustrator version.
Is it possible to tell ZXPInstaller to install an extension for Illustrator CC 2018?
Furthermore, I had always thought that the extensions belong in the following folder:
C:\Program Files\Adobe\*Adobe Illustrator Version*\Support Files\Required\CEP\extensions
But the ZXPInstaller, installed the extension into this folder:
C:\Program Files (x86)\Common Files\Adobe\CEP\extensions
This confuses me a lot, because I have never seen this folder before.
How does Illustrator distinguish which extension belongs to which Illustrator version when there is only one folder?
Thanks again in advance for any additional information.
I thought about the problem again.
As I have said, I have two different versions of Adobe Illustrator on my laptop (win10-home).
When I install the self-signed extension for Adobe Illustrator CC 2018 on my laptop, it does not work.
But when I install the self-signed extension for Adobe Illustrator 2021 on the same laptop, everything works fine.
So, there must be a difference how these two versions verify a self-signed extension. Have you any insight what the difference could be?
Thanks again in advance.