tags:

views:

33

answers:

1
Q: 

Connectivity and signed-applications in Adobe AIR

I need a little insight into some authentication issues in adobe AIR. Three related facts that fit into my question:

  1. Whenever accessing my https:// site from my AIR application, I get the untrusted site warning
  2. When I build an AIR app, I don't have a paid-for certificate, so I sign it myself for now
  3. My site (that gives the untrusted warning when I access it inside the AIR app) does have a paid-for certificate (issuer Comodo - via DreamHost)

I'm not quite sure what the most reasonable solution to this is. So I have a couple tightly-coupled questions, and I'm not sure which one or several are applicable. They might be the same thing, or they might be separate. But I would love to have some light shed on this.

  1. Is Comodo just not a "good enough / approved" CA issuer for Adobe, and that's why it complains?
  2. Is there any way around this? Something I can put in my crossdomain.xml or something?
  3. Can I use my CA cert that I have already paid for, to sign the AIR apps?
  4. If 3 is true, will what I have work or will it only work with a different issuer?

Can someone explain the difference, if any, between the certificate used to sign the AIR apps, and the certificate used to do the SSL authentication, and if I can reuse what I have?

+1  A: 

Does your browser see the certificate as valid when you navigate to it?

There is no reason why AIR should be complaining about your website certificate. It looks like it might be worth checking your JRE proxy settings, according to the Adobe docs:

ADT uses the Java runtime environment proxy settings, when appropriate, for connecting to Internet resources for checking certificate revocation lists and obtaining time-stamps. If you encounter problems connecting to Internet resources when using ADT and your network requires specific proxy settings, you may need to configure the JRE proxy settings

Having said that, I've never run into issues with the JRE proxy settings. If AIR does see the certificate as invalid, there is no way around it (except to install the certificate onto the machine).

If that's the case, you'd want to talk to either Comodo or Adobe about the problem.

Can someone explain the difference, if any, between the certificate used to sign the AIR apps, and the certificate used to do the SSL authentication, and if I can reuse what I have?

You'll need to generate a code signing certificate as they include the Extended Key Usage extension, which basically describes the certificate as a "code signing certificate".

You won't be able to reuse your website certificate, but your subscription to Comodo might allow you to generate a code signing cert.

Richard Szalay  2010-08-02 16:01:12
@richard: thanks. the weird thing is that now that i test it again a few weeks later, i do not get the certificate warning any more. perhaps there is a propagation delay at comodo. can you elaborate more on generating a code-signing certificate? the wikipedia link is fairly generic on the point.
eruciform  2010-08-02 16:43:45
Sounds like it was indeed a propagation delay. You'll need to get a code-signing certificate through Comodo, though it may not be part of your existing deal with them. As long as it's an x509v3 cert with the Extended Key Usage extension, it will be fine. Comodo's code certs appear to be here: http://www.comodo.com/e-commerce/code-signing/code-signing-certificate.php
Richard Szalay  2010-08-02 17:59:38
@richard: thanks a lot for the help!
eruciform  2010-08-02 20:18:58

related questions

How can I build an Adobe Air project with Maven?
Tips, Guides and/or Tutorials on writing a Windows desktop app for a PHP programmer by trade
How do I make a custom Flex component for a gap-fill exercise?
What are the print functions in Adobe AIR ?
How can I detect and invoke a user's local installation of the AIR runtime on a particular AIR application?
How do I unload a externally loaded SWF file from a SWFLoader component in Adobe Flex?
Can I generate a Flex web and Air desktop app from the same source code?
Is there another way to integrate PDF viewing in a Flex application?
How do I protect content in AIR?
Which plaform for a lightweight windows desktop app for internal use to run basic console commands (WPF, AIR, something else)?
E4X : Assigning to root node
Printing in Adobe AIR - Standalone PDF Generation
Best way to implement 1:1 asynchronous callbacks/events in ActionScript 3 / Flex / AIR?
Can the same Adobe AIR app run more than once?
Capturing Cmd-C (or Ctrl-C) keyboard event from modular Flex application in browser or AIR.
Adobe AIR: Handling JSON objects from server
How do I change the title bar icon in Adobe AIR?
Add a shortcut to Startup folder with parameters in Adobe AIR
How do I get rid of the "multiple describeType entries" warning?
Open local file with AIR / Flex
Flex / Air obfuscation
Can you access the windows registry from Adobe Air?
Adobe Air - Using multiple SQLite databases at once
Get the current logged in OS user in Adobe Air
Adobe air - SQLStatement.execute() - Multiple queries in one statement