I am not sure what you mean by default one.
Do you get the Thawte Certificate from Thawte?
You might not have the whole certificate chain in your p12 file. If you use to ADT to package your AIR file with the Thawte cert, ADT should give you
a clear error message.
oh yes the certificate is just fine, spend like a week every eves with Thawte to find out if there was an issue on their side.
I've even done the procedure twice monitored by the Thawte tech guys.
After they've double checked everything, they came to conclusion there might be an issue with AIR.
By default one I mean the p12 you can generate from CS4 that you save and use to compile.
This one works just fine.
The Thawte certificat gives a "could not sign the AIR file" alert.
On your Mac, could you open a terminal and execute the following command:
keytool -list -v -storetype pkcs12 -storepass password_for_your_p12_file -keystore filepath_to_p12
where password_for_your_p12_file is the password for your certificate.
In the output, find the line:
Certificate chain length: x
Where x should be more than 1. I think it is 3 for Thawte.
If x=1, then you don’t have the whole certificate chain in your p12 file then.
AIR needs to have a p12 certificate with full certificate chain to package an AIR file.
I just found out you are on a Mac. Could you run the command in my post above?
how do I do that? Did not get previous mail, trying now
Picked up JAVA_TOOL_OPTIONS: -Xmx1024m
Keystore type: PKCS12
Keystore provider: SunJSSE
Your keystore contains 1 entry
Alias name: myid stuff
Creation date: Feb 11, 2010
Entry type: PrivateKeyEntry
Certificate chain length: 1
Owner: CN= myid stuff
Issuer: CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA
Serial number: 519ad576670d16f769840de6e82e4759f
Valid from: Mon Nov 16 01:00:00 CET 2009 until: Wed Nov 17 00:59:59 CET 2010
Signature algorithm name: SHA1withRSA
#1: ObjectId: 184.108.40.206 Criticality=true
#2: ObjectId: 220.127.116.11.18.104.22.168.1 Criticality=false
accessLocation: URIName: http://ocsp.thawte.com]
#3: ObjectId: 22.214.171.124 Criticality=false
#4: ObjectId: 126.96.36.199 Criticality=false
#5: ObjectId: 188.8.131.52 Criticality=false
#6: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
x = 1, so means its wrong? how do i get the "3". does this means I need go back to Thawte?
Your certificate is fine. But you need to have
Thawte Code Signing CA
certificate. This is an intermediate CA I believe and you might try to download it from
or you can ask Thawte directly for it.
Once you get this CA, you can install it to Firefox and then export your certificate again.
Then run the same command on the p12 file to see if the cert chain is more than 1.