Please go to Creating and validating XML signatures | Adobe Developer Connection and install the validation tool to validate the signature of your extension. Unzip this extension to a empty folder with 7-zip, winzip or Mac built-in unzip, then click "Load signature" button in the tool, browse to META-INF/signatures.xml to load it, then click "Verify signature" button.
Extension Manager CS6 uses the same method as this tool to validate extension signature. If this tool says the signature is invalid, then EM CS6 will also treat the signature as invalid.
I've experienced some odd behavior from Extension Manager 22.214.171.124. One of our extensions, Tada QR has been properly signed and timestamped, and works fine. However, I was writing some instructions, and needed screencaps from Tada QR in various states of installedness so I was uninstalling and reinstalling a few times in a row, and found out that Extension Manager sometimes complains about invalid signature and refuses to install, say, 3 times out of 10. This is installing the same .zxp, sometimes it works, sometimes it does not.
Something fishy is going on. Some additional info and suspicions: I am currently in a hotel with moderately OK internet, and I am suspecting Extension Manager might be checking the Time Stamping server. And I am wondering what happens if that time stamping server is slow in responding? Could something in that area be the issue? I have no other ideas what might cause such 'now I do, now I don't' behavior.
Further: If I recall correctly, the currently available TadaQR on our web site might have been signed with a now-expired certificate (but it was signed before expiry). However, I just rebuilt a new, timestamped TadaQR .zxp with a fresh, non-expired certificate valid till 2019, and it exhibits the same behavior: now I do, now I don't.
During signature validation, Extension Manager have to check timestamp and CRL online. So if there are intermittent Internet connection problems, you may encounter the issues above. If you click "Tools"->"Preferences" menu item in Extension Manager, uncheck "Allow Extension Manager to access Internet" option, these steps will be skipped, so the installation will always work.
I got the same issue when install the extension.
I used the below command to generate the selfsigned cert.
1. ZXPSignCmd -selfSignedCert <countrycode> <state> <org> <name> <psw> <output.p12>
2. ZXPSignCmd -sign myExtProject myExtension.zxp MyCert.p12 abc123
However when do the verification by the XMLSignatureValidation, it cannot pass.
Signature status: invalid
Digest status: invalid
Identity status: valid
Reference status: invalid
Can you suggest how I can sign my extension?