GlobalSign Adobe Air Code Signing Certficate Renewal Installation Update 2015

April 7, 2015

Downloaded Adobe Air Code Signing Certificate per the usual process

  1. I was asked for my pickup password which I had selected in the application process
  2. A new view appeared requesting I create a password for the certificate being issued
  3. The password had to be a minimum of 12 characters
  4. Then a view appeared requesting that I download my certificate

This year GlobalSign recommended selecting the sha256 hash algorithm rather than the old sha1 which is the only difference I noted during the download process from last year.

PFX Downloaded File
The pfx file which is downloaded can be used directly as a code signing certificate file when creating an adobe air program via flex or flash.

Install Code Signing Certificate in Windows
To backup the certificate, I was under the impression I had to import the certificate into a browser like Firefox or Internet Explorer. BROWSER INSTALLATION PROCESS NOT NECESSARY!!

I can install the code signing certificate in Windows by double clicking on the pfx file directly and windows comes up with a wizard that steps you through the installation process without using any browsers. Per the image below, I made sure to check “Mark this key as exportable” and enter the certificate password:

Once installed in the windows store you can bring up the certificate in IE or Chrome and export it and create a backup copy (See next section).

(Noto Bene – If you do use a browser to install the certificate, the phone support person recommended chrome or Internet Explorer due to the fact that firefox uses a special certificate store scenario.)

Export Certificate
Export Code Signing Certificate Instructions

PFX VS p12
pfx is the microsoft extension
p12 is the netscape extension

is not commonly downloaded and could be dangerous Message

January 6, 2015

We have an adobe air application which has a code signing certificate included during creation of the package. I added another layer by creating a windows installer(via Inno Setup) then using microsoft signtool to pass on the code signing certificate. I recently tried to download the file via Chrome and the message:

<file> is not commonly downloaded and could be dangerous

was displayed along the lines of the image below:

I did a quick google and found the following message on an adobe forum. The user recommended the DigiCert Certificate Utility which is available here.

I took my exe file and applied the adobe code signing certificate to this windows installer wrapped package using the Certificate Utility. Voila! The error message was no longer occurring when downloading via Chrome.

GlobalSign Renewal

February 11, 2014

This year the global sign renewal process was straight forward. I received an email to install my certificate by clicking on a link in the email.

The GlobalSign website was rendered in my firefox browser and the following sequence ensued:

  1. I was asked for my certification installation password.
  2. A new view appeared requesting I create a password for the certificate being issued
  3. The password had to be a minimum of 12 characters
  4. Then a view appeared requesting that I download my certificate

Download Certificate View:

Continue reading

Installing Microsoft signtool.exe on Windows 7- Part 2

November 19, 2013

I recently upgraded to a Windows 7 machine and needed to install the signtool on my new pc. This is a followup to the post Installing Microsoft signtool.exe posted in May 2012.

I searched the web for the download location for the Windows 7 version of the SDK and found this url: Windows SDK for Windows 7 and .NET Framework 4.

I downloaded the winsdk_web.exe file and tried to install a minimal version of the SDK since I only wanted the signtool.exe. I was not able to successfully install this version since I did not have the correct .NET version. I was getting the error message “Some components cannot be installed” message.

So instead of upgrading to .NET 4 version I returned to the previous download link and perused the archived versions. I found the download for the Windows SDK .NET Framework 3.5 SP1 archived version which is preinstalled on all Windows 7 machines. I downloaded the new winsdk.exe for this version.

I selected the same settings as I did for Windows XP version:

Windows 7 SDK options Selected

Windows 7 SDK options Selected

This installation ran smoothly and in a similar manner to the one for windows XP.

I can now access the signtool on my new desktop with a minimal windows SDK installation.

Run InnoSetup with Digital Signature

May 8, 2012

I have signtool.exe installed on my desktop pc. I now need to configure the InnoSetup script to incorporate a digital signature during the generation of the installation package executable. The following links were used as resources when configuring the InnoSetup program:

Continue reading

Installing Microsoft signtool.exe

May 8, 2012

I first googled to find a free digital signing tool for a windows program and found a page on the Global Sign website. The Global sign website (which is where I got my digital certificate) had a page discussing GlobalSign Code Signing Tools. Realized I needed to use signtool.exe for a microsoft application.

Continue reading

Chrome Malicious Warning Message on Packaged Desktop Air Application for Windows

May 8, 2012

Every have a DOH moment?

So I have created an air application that can be deployed on the desktop, mobile devices and the web. For each version, I followed the directions to package the application using digital certificates in Flashbuilder 4.6 for a signed application with a captive runtime.

Note: The mobile device packaging zips all the necessary files and directories and the captive runtimes with a digital certificate into a single file. So the Android pocketnotes.apk file for example will have an associated digital certificate (as does the iphone/ipad pocketnotes.ipa file).

Continue reading