We have build an Windows native app (aapxbundle). We want to ship to a customer.
The certificates used in my company are owned by my company and customer has different set of certificates.
When we ship the appxbundle file it is already signed by our certificate. And hence customer is not able to install it because our certificate is not installed on their device.
What is recommended way to achieve such signing and deployment ?
Regards, Ashwani Kr Sharma
You can send your certificate to customer. The customer can add your certificate as trusted on computer/network/domain.
You can buy certificate (Verisign, for example) and sign your program using it.
Related
I have created an electron app. Now I want to sign code for both windows and mac platform. But I have only go daday pfx certificate.I successfully signed code using pfx certificate from go daday in windows platform. So,Can I sign an electron app on macos platform using go daday certificate?
You can sign a macOS app with a GoDaddy code-signing certificate, but it probably won't do what you want. Here's what Apple's developer documentation says (with my emphasis added):
Note: Apple uses the industry-standard form and format of code signing
certificates. Therefore, if your company already has a third-party
signing identity that you use to sign code on other systems, you can
use it with the macOS codesign command. Similarly, if your company is
a certificate issuing authority, contact your IT department to find
out how to get a signing certificate issued by your company. However,
while these valid certificates allow you to sign your code, you can
only distribute through the App Store or through the Developer ID
program when you sign with a certificate issued by Apple.
So, the question is: how is your application going to be distributed to users' computers?
If it's sold through Apple's App Store, you need to become an Apple Developer, get a Mac App Distribution certificate from Apple, and sign the app with that before submitting it to Apple.
If it's distributed outside Apple's App Store (e.g. via web download), then you also need to become an Apple developer, get a Developer ID certificate, and use that to sign it. If you don't sign it with the right kind of certificate, Gatekeeper will prevent users from opening the app unless they go through a special procedure to trust the app.
Either way, you need to join the Apple Developer program, and use an Apple-issued code signing certificate to sign the macOS version of your app.
How can I put my incomplete application on my iPod before I publish it on the appstore? So I want to test it on my iPod.
This requires a provisioning profile and developer identity. These things are available via the provisioning portal and requires a paid developer program membership.
You must generate an identity (by means of a certificate, and signing request) with keychain, and use the provisioning portal to upload the CSR and get a signed certificate matched to the identity. With this identity downloaded and installed, you'll use it to sign your binaries.
Applications have a unique bundle identifier. Using the provisioning portal, you must create a development provisioning profile associated with your device ID(s). Download and install the provisioning portal, and you should be set to build and run on your device.
The provisioning portal has concise steps to walk you through this process..
developer.apple.com/ios/manage/overview/index.action
You have to have a provisioning profile and if you do you have to do some things in the account which you then put in xcode and transport it to the iPhone
I have read about it so much and i couldn't find a specific direct answer.
Each app must have its provisioning for development and distribution. The provisioning is using the certificates I already have.
Do I need to create a new certificate(dev/distribute) for each new app, and connect the provisioning to that specific certificate?
Do I need to create the certificates for dev/distribution and connect them to the provisioning dev/distribution?
I have read about it here, and it wasn't clear to me: iOS Developer Library: Creating Your Signing Certificates
As a developer, you create a single Development certificate. You can create many development profiles (one dev profile per app) that use this certificate.
The same principle applies to Distribution certificates (single certificate, multiple profiles), however you only have one Distribution certificate per iOS Development account (not per developer).
I use 2 machines for developing a Mac application. I just submitted my app to the app store from my desktop (generating and using the appropriate certificates from Apple for code signing).
I exported and installed the certificates on my laptop so that they show up in the keychain but, yet, I'm unable to build my app on my laptop because of the following error:
Check dependencies
[BEROR]Code Sign error: The identity '3rd Party Mac Developer Application' doesn't match any valid certificate/private key pair in the default keychain
Is there any way to use the same certificates for code signing on more than 1 machine?
Yes, I use multiple computers and the same certificates all the time.
You need to also make sure you have the private keys imported into your keychains.
We are developing a WP7 application which is connected to a server using OAuth. It's a low budget project. So, we are only using self signed certificates even on the production server. That worked fine for the android client.
Is there a chance to work with
unsigned certificates on WP7 also?
Is there a way to make the app work
out of the box with this kind of
certs? So, that the user doesn't
need to install the cert manually?
We failed to install the cert on the emulator. Did you have the same kind of problem? How did you solve it?
Does Microsoft allow apps with this kind of certs in their market
How to: Set up an Authenticated Web Service for Windows Phone on MSDN describes how to go about using authenticated services. According to SSL Root Certificates for Windows Phone, the only trusted certificate authorities are:
AOL (USA)
Comodo (USA)
DigiCert (USA)
Entrust (Canada)
GlobalSign (UK)
GoDaddy (USA)
Keynectis (France)
QuoVadis (Bermuda)
So I'd say that a self-signed certificate won't work.
Did you try using the emulator's browser to navigate to the .CER file that represents your self-signed root? That works on the physical hardware, and seems like it might work on the emulator as well. But you absolutely shouldn't expect to ship like this; a Go-Daddy cert is like $15/year.