Skip navigation
Currently Being Moderated

Unable to build valid certificate chain

Oct 26, 2010 9:58 PM

Hi,

 

I am trying to sign my AIR application using the Code Signing Certificate I got from Apple (iPhone Dev). I have Apple's Root Certificate and my certificate. I installed both and then exported my certificate as pkcs12 (.p12 file) using many methods like Windows Certificate Manager and Firefox. I also used Keychain Access on my Mac. However, when I try to sign, I get the following error:

 

Unable to build a valid certificate chain for the signer.

 

Some help would be great. Thanks.

 
Replies
  • Currently Being Moderated
    Oct 27, 2010 10:45 AM   in reply to JSayani

    When you export the cert from say Windows Certificate Manager, there should be an option that ask if you want to export the whole certificate chain, just check that box.

     

    You can do the same with Firefox.

     

    -ted

     
    |
    Mark as:
  • Currently Being Moderated
    Oct 27, 2010 3:38 PM   in reply to JSayani

    Are you trying to package an AIR app. for iPhone?

    In that case, you don't need to have the whole chain, but you need to specify -provisioning-profile.

     

     

    If you just want to have the whole chain, you should check the certificate in the certificate manager to see if the cert chains up to the Root CA.

    If it does, you should be able to export the whole chain with the option box checked.

    But if the Root CA (or any intermediate CAs if there is any) is not present, then you wouldn't get the whole chain.

     
    |
    Mark as:
  • Currently Being Moderated
    Oct 29, 2010 1:31 PM   in reply to JSayani

    You can use the command:

    keytool -list -v -storetype pkcs12 -keystore air.pfx -storepass xxxx

    List out your cert's info. You should be able to find out if your cert has the whole chain or not.

     

    I am not sure why you could not export the whole chain. I never fail to do this on Windows.

     

    -ted

     
    |
    Mark as:
  • Currently Being Moderated
    Oct 29, 2010 3:51 PM   in reply to JSayani

    On my machine, I have two Cas.

    One is

    Apple Worldwide Developer Relations Certification Authority

    Which is an intermediate CA, the other is Apple Root CA which is the Root CA.

    Then the certificate.

    So you need to have all the 3. Also, I think you need to put the intermediate CA in Systems keychain.

     

    -ted

     
    |
    Mark as:
  • Currently Being Moderated
    Oct 29, 2010 7:47 PM   in reply to JSayani

    developer_identity.cer <-- this doesn't have the private key, right?

     
    |
    Mark as:
  • Currently Being Moderated
    Nov 3, 2010 11:41 AM   in reply to JSayani

    I just exported a cert from Keychain Access to a .cer file, the private key is not exported (no password is asked).

    Exporting to a P12 Keychain would ask for a password.

     
    |
    Mark as:
  • Currently Being Moderated
    Nov 3, 2010 12:16 PM   in reply to JSayani

    When you export a cert with a private key, the program (whatever that is) will ask you for a password to be used in the file.

     

    When you import this cert again to a different machine (say to a Windows machine), the machine will ask you for the password to import the private key.

    When you export the cert from this machine, it will ask you again for a different password to be used in the exported cert file.

     

    Whenever there is a private key in a cert, it always comes with a password.

     
    |
    Mark as:
  • Currently Being Moderated
    Nov 3, 2010 1:55 PM   in reply to JSayani

    When you see the certificate is valid, you have all the certificate chains. But I don't know how to export the whole chain

    In Keychain Access.

    So to do this, you need to import all the certs to Firefox or in a Windows machine. Make sure you have the whole chain.

    Then export the cert with the whole chain option checked. That should do it.

     
    |
    Mark as:
  • Currently Being Moderated
    Oct 25, 2011 11:50 AM   in reply to JSayani

    Hi JSayani,

     

    Did you manage to figure this out? 

     
    |
    Mark as:

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points