Skip navigation
Authentic Sols
Authentic Sols
Currently Being Moderated

Unknown Publisher issue in Native Installer

Sep 3, 2010 9:38 AM

Hi,

There is one issue I'm facing. I have a verified certificate with which I have produced a native installer for Windows. The problem is when I download this installer file from my web server, it gives me a prompt with Publisher: UNKNOWN. Can anyone please let me know where I'm wrong? Please see the attached image

 

window_error.jpg

1943 Views   17 Replies   Latest reply: tzeng, Oct 21, 2010 1:46 PM
 
Replies
  • Authentic Sols
    Currently Being Moderated
    1. Authentic Sols,
    Sep 3, 2010 11:18 AM   in reply to Authentic Sols
    Report

    To help you guys more, when I tried to sign the native installer through command line, it gave me the following error:

     

    Certificate in cert_2.p12 could not be used to sign setup.msi

     

    I also looked into the certificate. It's not expired but then why It can't be used?

     

    Please help me.

     
    |
    Mark as:
  • Czarnian
    Currently Being Moderated
    2. Czarnian,
    Sep 15, 2010 2:02 AM   in reply to Authentic Sols
    Report

    Hi,

     

    Is the certificate being used from a Certification Authority recognised by Adobe? You can self sign an AIR app for use with the installer which will ensure that the AIR archive is not tampered with before install, but a self sign cert will always be an Unknown Publisher to Adobe.

     

    You need to use a Cert from a 3rd party authority that Adobe trusts such as Verisign to be a recogised publisher during install, these are commercial certs that Adobe will verify during install/upgrade of AIR app and display your publisher details registered against this cert when purchased.

     

    Cheers

     

    Mark

     
    |
    Mark as:
  • Authentic Sols
    Currently Being Moderated
    3. Authentic Sols,
    Sep 15, 2010 2:05 AM   in reply to Czarnian
    Report

    My certificate is purchased from http://www.usertrust.com/index.asp

     

    How can I get the list of Certificate Authorities that Adobe trust?

     

    Thanks much.

     
    |
    Mark as:
  • Czarnian
    Currently Being Moderated
    4. Czarnian,
    Sep 15, 2010 2:29 AM   in reply to Authentic Sols
    Report

    Hi,

     

    The Comodo Cert is a social web trust mechanism used as a sort of 'recommendation of trust' for users / customers of an ecommerce web presence.

     

    The cert you would need would have to come from one of the organisations in Adobe Approved Trust List (AATL)

     

    http://www.adobe.com/security/approved-trust-list.html

     

    aa) If your app is going out to thousands++ of users in the public domain, who expect future releases you should investigate obtaining a cert from one of the AATL members.

     

    bb) If your app is internal to an organisation, you could make yourself a trusted authority, have a look at http://biosocket.com/tag/trusted-certificate-authority

     

    I can't vouch for bb) as all my development is on Mac OS X and Linux

     

    Hope this helps

     

    Cheers

     

    Mark

     
    |
    Mark as:
  • tzeng
    Currently Being Moderated
    5. tzeng,
    Sep 21, 2010 3:53 PM   in reply to Authentic Sols
    Report

    You need to use a code signing certificate to pakcage an AIR application.

     
    |
    Mark as:
  • Authentic Sols
    Currently Being Moderated
    6. Authentic Sols,
    Sep 28, 2010 11:18 AM   in reply to tzeng
    Report

    I can create the AIR installer very well but when I try to generate the native installer, I get an error. Please see the attached imageerror.png

     
    |
    Mark as:
  • tzeng
    Currently Being Moderated
    7. tzeng,
    Sep 28, 2010 11:40 AM   in reply to Authentic Sols
    Report

    How you generate your certificate?

    Could you try to enter your password in command line: -storepass yourpassword

    to try again?

     

    -ted

     
    |
    Mark as:
  • Authentic Sols
    Currently Being Moderated
    8. Authentic Sols,
    Sep 28, 2010 11:42 AM   in reply to tzeng
    Report

    I have got my certificate from "UserTrust".

    Yes, I have already tried that but still no luck...

     
    |
    Mark as:
  • tzeng
    Currently Being Moderated
    9. tzeng,
    Sep 28, 2010 3:09 PM   in reply to Authentic Sols
    Report

    I haven't seen this situation. One thing you can try is using the signtool.exe to sign an Windows app. with your cert to see if it works.

    http://www.tech-pro.net/code-signing-for-developers.html

     

    Or ask the certificate vendor if the certificate is good for code signing a Windows app.

     
    |
    Mark as:
  • Authentic Sols
    Currently Being Moderated
    10. Authentic Sols,
    Sep 28, 2010 10:52 PM   in reply to tzeng
    Report

    I have a certificaate with .p12 extension but signtool.exe doesn't understand that.

     
    |
    Mark as:
  • tzeng
    Currently Being Moderated
    11. tzeng,
    Sep 28, 2010 10:54 PM   in reply to Authentic Sols
    Report

    You can change the file extension to .pfx.

     

    -ted

     
    |
    Mark as:
  • sethrd11
    Currently Being Moderated
    12. sethrd11,
    Oct 20, 2010 10:29 AM   in reply to Authentic Sols
    Report

    Hi, we're seeing the same error. Just curious if changing the extension from .p12 to .pfx worked for you? Doesn't seem to be working for us...thnx in advance. Seth

     
    |
    Mark as:
  • Authentic Sols
    Currently Being Moderated
    13. Authentic Sols,
    Oct 20, 2010 11:19 PM   in reply to sethrd11
    Report

    No, it doesn't work for me.

     
    |
    Mark as:
  • sethrd11
    Currently Being Moderated
    14. sethrd11,
    Oct 21, 2010 7:52 AM   in reply to Authentic Sols
    Report

    K. We got it working by signing the exe with Signtool (the wizard is easy) and using the pfx file to sign it.

     
    |
    Mark as:
  • tzeng
    Currently Being Moderated
    15. tzeng,
    Oct 21, 2010 11:25 AM   in reply to sethrd11
    Report

    Hi Seth,

     

    Do you use Comodo cert also?

     

    So ADT could not sign the native installer but the signtool could after you pakcage the native installer?

     

    -ted

     
    |
    Mark as:
  • sethrd11
    Currently Being Moderated
    16. sethrd11,
    Oct 21, 2010 12:59 PM   in reply to tzeng
    Report

    Hi Ted,

     

    We have a Thawte certificate. It seemed like ADT was signing it correctly but when the app was installed on Windows it was displaying Publisher: Unknown. Signtool fixed it after we packaged it.

     

    hope that helps...let me know if you need more details. We build the exe in Hudson.

    Seth

     
    |
    Mark as:
  • tzeng
    Currently Being Moderated
    17. tzeng,
    Oct 21, 2010 1:46 PM   in reply to sethrd11
    Report

    Hi Seth,

     

    " It seemed like ADT was signing it correctly " - Could you see the native installer is signed after ADT packaging command is run?

     

    "when the app was installed on Windows it was displaying Publisher: Unknown." - After the native installer installation, you look at the installed app.'s digital signature?

     

    Thanks,

     

    -ted

     
    |
    Mark as:
Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points