For those having issues with the openssl command not working on Windows due to the missing configuration file, before using the openssl command, enter "set OPENSSL_CONF=C:\path\openssl.cfg" to enable openssl to find your local configuration. Ensure no spaces before or after the "=" sign.

Did this just in case I was supposed to substitute for file created:

F:\dData\Downloads\openssl-0.9.8k_X64\bin>openssl x509 -in CerticateSigningReque

st.certSigningRequest.cer -inform DER -out CertificateSigningRequest.cerSigningR

equest.pem -outform PEM

Error opening Certificate CerticateSigningRequest.certSigningRequest.cer

6516:error:02001002:system library:fopen:No such file or directory:.\crypto\bio\

bss_file.c:356:fopen('CerticateSigningRequest.certSigningRequest.cer', 'rb')

6516:error:20074002:BIO routines:FILE_CTRL:system lib:.\crypto\bio\bss_file.c:35

8:

unable to load certificate

Hello,

this documentation page at the "Changing certificates" section says:

********************************************************************** ********************************************************************** ***************

        In some circumstances, you must change the certificate you use to sign updates for your AIR application. Such circumstances include:

                1. Renewing the original signing certificate.

                2. Upgrading from a self-signed certificate to a certificate issued by a certification authority

                3. Changing from a self-signed certificate that is about to expire to another

                4. Changing from one commercial certificate to another, for example, when your corporate identity changes

********************************************************************** ********************************************************************** ***************

What about "Downgrading from a certificate issued by a certification authority to a self-signed certificate" please ? e.g: the opposite of the second circumstance listed in this part of the documentation.

Considering that we respect the 180 days limit after certificate's expiration date:

• Is it possible to move from certificate issued by a trusted CA to a self-signed certificate ?

• And then move back from the self-signed certificate to a new certificate issued by the same trusted CA as the old one ?

I ask about this because :

• Our application's certificate issued by Thawte has expired for 30 days.

• Thawte can't provide us a new certificate before the 180 days limit is reached.

So we consider to move from the expired Thawte certificate to a self-singed one. And then move back from the self-signed certificate to the new Thawte certificate which they will give us in the future.

Since we have a big amount of users, we'd like to be sure that this will work and everybody will be able to update the application without any troubles related to the "old expired Thawte certifcate => self-signed certificate => new Thawte certificate" migration.

Thanks for your help

Thanks for your quick feedback!
The problem is that we have to delvier a master release of our application to our users on next week.
So we really need this "old expired Thawte certifcate => self-signed certificate => new Thawte certificate" migration.

However we tested the update of our application after moving from the old expired Thawte certificate to the self-signed certificate and it sounds to be ok.

So everything should go fine, thanks again.