Signing an adobe air application with an spc file
I recently purchased a digital certificate from GoDaddy to sign an adobe air application. GoDaddy, and probably some of the other CAs out there, deliver their cer开发者_运维百科tificates as SPC files. However, most of the information about compiling and signing an air application assumes you have a p12 file. I spent a while figuring out how to deal with this issue and thought it'd be good to share the process with the SO community. I will post an answer shortly.
The key to coming up with the correct method was understanding that a p12 file is a keystore - not just a certificate. A keystore contains the key and the certificate. When signing an adobe air app, you need to provide a keystore and not just a certificate. So, let me begin from the top.
Step 1: Create a keystore
keytool -genkey -alias codesigncert -keypass <yourkeypwd> -keyalg RSA -keysize 2048 -dname "CN=displayname,O=companyname,C=US,ST=state,L=city" -keystore codesignstore -storepass <yourstorepwd>
Step 2: Create a certificate request
keytool -certreq -v -alias codesigncert -file mycsr.pem -keystore codesignstore
Step 3: Purchase a certificate from a CA using the CSR created in the previous step. In my case, I downloaded the certificate as an SPC file.
Step 4: Add the certificate to your keystore
keytool -import -keystore codesignstore -storepass <yourstorepwd> -alias codesigncert -file mycert.spc
Step 5: Currently your keystore is a java key store (JKS). Convert this to PKCS12
keytool -importkeystore -srckeystore codesignstore -srcstoretype JKS -deststoretype PKCS12 -destkeystore codesignstore.p12
Step 6: Sign your app
adt -package -storetype pkcs12 -keystore codesignstore.p12 -storepass <yourstorepwd> -keypass <yourkeypwd> <name of output file> application.xml <path to root dir>
I think it's probably also possible to skip step 5 and perform step 6 using the JKS keystore. I didn't confirm that this works, however.
精彩评论