Skip navigation
Currently Being Moderated

Can't export extension with code signing certificate

Aug 19, 2013 6:20 PM

Tags: #illustrator #error #certificate #extension_development #cs_extention_builder #extension_builder_2.1

I puchased a code signing certificate and when I try to export a build for Illustrator in Extension Builder 2.1 I get the following error:

 

Unknown Error (Often Incorrect Timestamp URL)

 

Any suggestions?

 
Replies
  • Currently Being Moderated
    Sep 13, 2013 1:49 AM   in reply to mityaf

    Is your commercial certificate contained alternate URLs for checking certificate revocation? If so, there is a bug which may cause signing fail.

     
    |
    Mark as:
  • Currently Being Moderated
    Nov 1, 2013 3:36 PM   in reply to mityaf

    I am also running into a similar issue with a new cert, although I get the error message even if I don't have the option to time stamp the certificate checked.  Is there a place where the export logs to so that I can get more info on what that unknown error might be?

     
    |
    Mark as:
  • Currently Being Moderated
    Dec 10, 2013 2:35 PM   in reply to R Blau

    same problem for me. has anyone found ways to handle this? I have commercial certificate from Comodo, EB2.1

     
    |
    Mark as:
  • Currently Being Moderated
    Dec 12, 2013 4:47 PM   in reply to mityaf

    We have the same issue exactly with a recently renewed Comodo certificate and Extension Builder 2.1.

     
    |
    Mark as:
  • Currently Being Moderated
    Dec 12, 2013 4:48 PM   in reply to xujieadobe

    Could you please find if this bug is likely to get fixed, or if there is any way around it?

     
    |
    Mark as:
  • Currently Being Moderated
    Dec 12, 2013 5:03 PM   in reply to R Blau

    I also get the error message whether the time stamp option is enabled or not. It happens whether I leave the default TSA URL, or whether I change it for Comodo's or any other.

    So far I haven't found any way around this, nor have I found export logs.

     

    Should we find a solution around this, I'll post it here. Please let us know if you find a way around it too.

     

    Cheers

     
    |
    Mark as:
  • Currently Being Moderated
    Dec 12, 2013 6:11 PM   in reply to mityaf

    I believe I have found a solution to this. The certificate file (.p12) should contain the whole chain of certificates, and not just your leaf one (a.k.a the one with your name). So in the end, it has nothing to do with the timestamp URL, which is why it happens whther you chose to timestamp your extension or not.

     

    If you are on a Mac, you can follow the instructions in the "final step" on this page: http://scottgaertner.com/code_signing/ to put together your p12 file.

     

    Note that for him this means 3 certificates, but if you have a new Comodo code signing certificate like I do, this is 4 (yours with your company name, "COMODO Code Signing CA 2", "UTN-USERFirst-Object" and "AddTrust External CA Root"). Basically, include the whole chain all the way and including the root certificate.

     

    That's it. I hope this is useful ot others.

     
    |
    Mark as:
  • Currently Being Moderated
    Dec 13, 2013 8:51 AM   in reply to Liquid State

    Re-exporting the cert with the full trust chain solved this for me.

    Thanks for that!

     
    |
    Mark as:
  • Currently Being Moderated
    Dec 16, 2013 4:16 AM   in reply to R Blau

    Hi all,

     

    Thanks for persevering with this. Yes - it sounds like exporting the full trust chain in the p12 is the key to solving this specific problem. Is anyone still having problems?

     

    Thanks,

    Fraser

     
    |
    Mark as:

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points