For an Adobe AIR program I wanted an official code signing certificate to get rid of the big fat “publisher: UNKNOWN” warning clients face while installing my software.
Visiting verisign.com you will see a one year Code Signing Certificate will set you back US $ 499,-
According to Adobe’s Flash Builder documentation only Certificates from the big four CA’s are trusted:
“A developer can use any class-3, high-assurance certificate provided by any CA to sign an Adobe AIR application. However, only ChosenSecurity, GlobalSign, Thwarte, and VeriSign come pre-installed on most end user’s machines (Mac OS X or Windows) and are trusted by the operating systems.”
These companies ask an amazing amount of money for a certificate, luckily there are better alternatives. The one I got was available for $75,- a year. This of course raises the question whether this certificate will be accepted, but I did found a couple of blog posts that reassured me this shouldn’t be a problem.
Hop over to author.tucows.com, register for an account and you will be able to purchase a Comodo Certificate through tucows.
The process will take some time. You will have to email documents to proof your business/person identity and they probably call you as well. After receiving the certificate and signing the AIR package I was able to install my signed software successfully on:
- Windows 7
- Windows Vista
- Windows XP
- Mac OS X (10.6).
Unfortunately Ubuntu Linux 10.04 fails to recognize/trust the certificate out of the box (thanks to Jaap for testing this)
Before:
After:
Thanks Arend!
Did you encounter any problems with other OS’s?
Works on:
Mac OS X Leopard
Windows Vista
Windows 7
I’m booting XP to see if that works too.
No problems in XP.
Not sure about Linux as I don’t have a Linux X environment ready.
Great. I can test it for you on linux if you give me a link to a signed app.
http://www.arenddeboer.com/pub/testApp.air
It’s a new project without any modifications, just signed.
alas, doesn’t work on Ubuntu 10.04 out of the box. UNKNOWN publisher.
I guess it a matter of reaching that 1% of users vs. 100-200 bucks extra cost
Indeed.
I ordered a certificate because I was under the impression it was a requirement for using the Adobe AIR Update Framework. Turns out it is not. Even though it looks nice, I’m not sure if I’m going to extend it next year.
For personal use you don’t need it, but to avoid scaring regular users away with a red cross and a big ‘UNKNOWN’ is important to me though. Guess I have to pay for that.
My applications are almost always company specific, used by only a few people. I can understand it becomes more important when you have a large user base / many installs.
I know it is old topic, but it is the only place with relevant information I was able to find quickly
so, great thanks for pointing a proper direction!
some tips (just for ref) on how to make it work with linux.
example for DigiCert
1) wget required root crt from vendor site,
2) cd /opt/Adobe\ AIR/Versions/1.0/Resources/
# ./aucm -a -f /home/taphy/CRT/DigiCertAssuredIDRootCA.crt
Certificate added with name: 69105f4f.0.
# ./aucm -a -f /home/taphy/CRT/DigiCertAssuredIDCodeSigningCA-1.crt
Certificate added with name: a58f3482.0.
3) Marking a certificate as trust anchor
# ./aucm -n 69105f4f.0 -A true
Certificate Found, processing…
Property changed.
# ./aucm -n a58f3482.0 -A true
Certificate Found, processing…
Property changed.
4) Marking a certificate as trusted
# ./aucm -n 69105f4f.0 -c true
Certificate Found, processing…
Property changed.
# ./aucm -n a58f3482.0 -c true
Certificate Found, processing…
Property changed.
that is it.
Thanks for sharing