tags:

views:

22

answers:

1
+2  Q: 

As a company, can I purchase a single certificate for signing multiple Adobe AIR applications and versions of those applications?

I really hope I'm misunderstanding applying certificates to Adobe AIR applications. Certificates are expensive for my budget at around $300 or more last I checked. I don't quite understand the process yet, but it reads like I must purchase a certificate for a single version of a single application. I believe it is called code-signing certificate. And, it certifies that the code hasn't been altered since the certificate was issued. I can understand how customers downloading the application from various sources might feel safe knowing the code hasn't changed, but how do I release new certified versions? Must I buy another certificate each time I update the code? Or do I own the certificate for a period of time and can use it to sign new code at my liesure? Can I use the same certificate to sign several applications? I can't imagine having to buy lots of certificates for all of my company's applications and ever minor version change.

+3  A: 

A Code Signing certificate is not for verifying that the code has not changed since the certificate was issued, it's to verify that the code has not changed since the code was "signed". Big difference.

A specific certificate is not tied to a particular piece of work, nor to a version of that work. It is tied to an identity.

The OTHER purpose of a code signing certificate is to verify the identity of the organization that signed it. It is to verify that the application actually came from a verified person/organization, so you know you can trust it.

So when you sign some code you are letting the user know that it is YOU that is providing that code and that the code has not changed since you signed it.

That means that there is no reason that you could not use the same certificate to sign multiple versions of multiple applications, because it is your organizations identity that you are verifying.

Also, it is actually important that you use the same certificate for an update as you do for the previous version or you can break the application. Changing an applications certificate has a bit of a process to it.

Certificates do expire after a time, so you will need to update the certificates once-in-a-while.

Hope this helps.

Jason Dean  2010-09-19 17:08:00
Thanks! That does help.
Michael Prescott  2010-09-21 16:47:02

related questions

Self Sign Certificate To Authenticode Certificate?
iPhone Error while building application for Device
Code signing Windows Mobile applications - Recommendations?
Runtime CRC checking
Signed assemblies prevent my service from starting
How to validate a signed DLL has been signed by me?
How to add/trigger-exposure-of twiddle-down for Code Signing Identity field in Xcode?
Have anyone used GoDaddy's Code Signing Certificate with ClickOnce
Strong Name Validation Failed
Xcode: iPhone app codesign error
Can you create per-user project settings in Xcode?
What is needed to setup a (personal) executable/code timestamp service?
Can I remove a digital signature from a DLL?
What happens when a code signing certificate expires?
How do I build deployment project without un-signing my assemblies?
Signing a Windows application given a .SPC file?
Code Signing Certificate Options
Assembly "is not signed correctly." Warning
What is special about a code signing certificate?
Only creating a COM object if the DLL that implements it is signed?
Cheapest Java Code Signing Certificate? (not self-signed)
How do you sign your Firefox extensions?
How do I create a self-signed certificate for code signing on Windows?
Java Code Signing Certificates...same as SSL Certificate?
Invalid iPhone Application Binary