Sign Extension not working for Win10 home-edition

Participant ,
Apr 08, 2022 Apr 08, 2022

Copy link to clipboard

Copied

Dear Support-Team,

I have two different system:

  1. Desktop-PC using windows10 professional edition 64-bit.
  2. Laptop using windows10 home edition 64-bit.

On both systems the old "Adobe Illustrator CC 2018" is installed and running.

One of our customers is still using this old Illustrator version and we have developed a plugin and extension for it.

When I install the plugin and extension on both systems, the extensions only work on the desktop-pc and not on the laptop.

The only way to make the extensions work on the laptop is by opening the registry-editor, browsing to "HKEY_CURRENT_USER\SOFTWARE\Adobe\CSXS.8" and adding the string "PlayerDebugMode" with the value "1". After that, the extensions also work on the laptop. But I dont want the customer to do this.

 

I have signed the extensions using the "ZXPSignCmd.exe" and a self-signed certificate.

On both desktop-pc and laptop, when I verify the signed package, I get the following output:

owita_0-1649422461801.png

It says "Timestamp valid", but "OS Trusted: false". But nevertheless it is working on the desktop-pc.

Even when I sign the extensions with a new self-signed certificate on the laptop under win10-home, the resulting extension-package is only working on the desktop-pc under win10-professional and not on the laptop itself.

The "manifest.xml" and everything is completely the same.

I copied the extensions on both systems in the folder "C:\Program Files\Adobe\Adobe Illustrator CC 2018\Support Files\Required\CEP\extensions".

What am I missing here?

 

I am grateful for any help. Thank you very much in advance.

Best Regards,

Fabian Taubitz

TOPICS
Bug , Third party plugins

Views

112

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Apr 08, 2022 Apr 08, 2022

Copy link to clipboard

Copied

Small addition:

Previously I used the tsa timestamp-server "http://time.certum.pl" for signing.

Interestingly, this led to a valid verification on the desktop-pc but to an invalid verification on the laptop ("Invalid timestamp"), although I use the same "ZXPSignCmd.exe" and the same extension-package.

Now I use the timestamp-server "http://timestamp.digicert.com" for signing.

With this, the verification is valid on both desktop-pc and laptop (refer to screenshot above). However, it still does not work for the latter.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Apr 08, 2022 Apr 08, 2022

Copy link to clipboard

Copied

Ah-hah! A team member helped me get to the bottom of this. Here was the solution:

 

  • The issue
    The developer from plugin pswidget has reported an issue in Photoshop & AI (Illustrator) when they tried to download an asset from their server with Https.get using self-signed certificate authorization. However the same plugin has found to be working fine with ID (InDesign).
  • We found below errors when pswidget is using self-signed certificate authorization in Https.get to download an asset. Node doesn't allow the self-signed certificate authorized connections. It is recommended to use a proper SSL Cert from a trusted source. Although for development we could use a few flags for node to bypass these checks(Try: rejectUnauthorize = false; Check https://stackoverflow.com/questions/45088006/nodejs-error-self-signed-certificate-in-certificate-cha... )

 

        In apiManager.js
        Error: self signed certificate
        at TLSSocket.onConnectSecure (node:_tls_wrap:1531)
        at TLSSocket.emit (node:events:378)
        at TLSSocket._finishInit (node:_tls_wrap:945)
        at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:719)

 

ID on the other hand is pointing to web version of this plugin embedded inside an iframe, which is a totally different flow.

 

  • Conclusion:
    Please use a trusted certificate in production & try rejectUnauthorize = false for development purposes to bypass this problem.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Apr 08, 2022 Apr 08, 2022

Copy link to clipboard

Copied

Hi Fabian,

 

There's a known issue at the moment where self-signing in some Windows environments isn't working.

 

The workaround are:

  • Self-sign on a different OS (like macOS)
  • Sign using a certificate authority (so, don't self-sign)

 

I know both of those options are not great... Even if you can say, emulate macOS somewhere, I'm not sure signing would work. Certificate authorites are quite expensive, as well.

 

Of course, now I can't find this issue reported anywhere from anyone other than me. Maybe this thread will be useful: https://github.com/Adobe-CEP/CEP-Resources/issues/344

 

 

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Apr 12, 2022 Apr 12, 2022

Copy link to clipboard

Copied

Hi Erin,

Thank you very much for your answer and all the informations.

Small update:

  • I installed a macOS via VirtualBox and signed the extension using the "ZXPSignCmd" for Mac. Afterwards the verification was fine on both win10-systems. Unfortunately, after I copied the extension into the correct folder, it again only worked on the desktop-pc and not on the laptop.
  • Then I installed the "Anastasiy's Extension Manager" and tried to install the extension with it. The Extension Manager always gave me the error-message "An extension with this name is already installed", although I removed the extension from the folder "...\Support Files\Required\CEP\extensions" before.
  • After that I installed the "ZXPInstaller". When I tried to install the extension with it, I got the error message "Installation failed because the extension is not compatible with the installed application".

Could this be a hint?

Or does the ZXPInstaller not work with self-signed extensions?

I could't find a log-file so far, which explaines why exactly the extension is not compatible with the installed application.

Thanks in advance for any further help.

I venture on in my quest for successful extension-signing. 😉

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Apr 12, 2022 Apr 12, 2022

Copy link to clipboard

Copied

Small addition again:

The more I learn, the more I get confused. 😉

I found out, why the ZXPInstaller throws the error message.

On both pc-systems I have two Illustrator versions installed: Illustrator CC 2018 and Illustrator 2021.

Therefore I have two different signed ".zxp"-extensions.

When I try to install the extension for Illustrator CC 2018, ZXPInstaller throws the error message.

When I try to install the extension for Illustrator 2021, ZXPInstaller tells me, the installation worked fine.

So, somehow the ZXPInstaller only sees the latest Illustrator version.

Is it possible to tell ZXPInstaller to install an extension for Illustrator CC 2018?

Furthermore, I had always thought that the extensions belong in the following folder:

C:\Program Files\Adobe\*Adobe Illustrator Version*\Support Files\Required\CEP\extensions

But the ZXPInstaller, installed the extension into this folder:

C:\Program Files (x86)\Common Files\Adobe\CEP\extensions

This confuses me a lot, because I have never seen this folder before.

How does Illustrator distinguish which extension belongs to which Illustrator version when there is only one folder?

Thanks again in advance for any additional information.

 

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Apr 14, 2022 Apr 14, 2022

Copy link to clipboard

Copied

LATEST

Hi Erin,

I thought about the problem again.

As I have said, I have two different versions of Adobe Illustrator on my laptop (win10-home).

When I install the self-signed extension for Adobe Illustrator CC 2018 on my laptop, it does not work.

But when I install the self-signed extension for Adobe Illustrator 2021 on the same laptop, everything works fine.

So, there must be a difference how these two versions verify a self-signed extension. Have you any insight what the difference could be?

Thanks again in advance.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines