Copy link to clipboard
Copied
Last month, the Certificate Authority Security Council (CASC) officially announced their new minimum requirements for Code Signing Certificates,
https://www.globalsign.com/en/blog/casc-code-signing-certificate-requirements-for-developers/
This affects most providers suggested by Adobe.
With the new regulations (CASC) we do not have a * .p12 file. We have a USB Token.
How do we sign extensions with the Adobe Extension Builder or the ZXPSignCmd?
Thanks in advance.
Copy link to clipboard
Copied
Hi xsalva,
Did you manage to resolve this? If so how?
We received a USB token today and I'm currently scratching my head trying to figure how to sign extensions. Can't seem to find anything else online regarding this.
Cheers.
Copy link to clipboard
Copied
Hello Xsalva,
To create a .p12 self-signed certificate please use the below steps:
Grab the CC Extensions Signing Toolkit, that is to say, the ZXPSignCmd executable file.
Myself, I will go with a free, self-signed certificate: Adobe Extension Manager will fire a couple of warning popups, but Adobe Add-ons is perfectly fine with it and won’t complain.
So: fire the Terminal (or the Win Command line), get to the directory where you’ve moved the ZXPSignCmd file (if you don’t know how to do this, just type “cd ” – mind you there’s a space – in the terminal and drag and drop the folder, then hit Enter) and create a certificate using this pattern:
ZXPSignCmd -selfSignedCert <countryCode> <stateOrProvince> <organization> <commonName> <password> <outputPath.p12>
1 | ZXPSignCmd -selfSignedCert <countryCode> <stateOrProvince> <organization> <commonName> <password> <outputPath.p12> |
An actual example with fake data can be:
./ZXPSignCmd -selfSignedCert IT BO DBCompany "Davide Barranca" OcaMorta selfDB.p12
1 | ./ZXPSignCmd -selfSignedCert IT BO DBCompany "Davide Barranca" OcaMorta selfDB.p12 |
Mind you,/ at the beginning instructs the shell to look for the executable in the current directory. If everything went OK you should find a newly created selfDB.p12. That’s your self-signed cert.
Regards,
Ankita Maan
The Creative Cloud Integrations Review Team
Copy link to clipboard
Copied
Hi Ankita,
Thanks for your reply. So are you saying it's perfectly ok to create a self-signed certificate for signing CC extensions? The extensions will be seen as 'trusted' when opened in the host CC app?
Thanks
Copy link to clipboard
Copied
Hello Axo315,
Yes, it should.
Regards,
Ankita Maan
The Creative Cloud Integrations Review Team
Copy link to clipboard
Copied
Thanks Ankita
Copy link to clipboard
Copied
So a free certificate will be approved by adobe exchange. That's kinda weird, I mean why would other pay for a certificate then. I'm just curious why this free one would work