## Digitally Sign Adobe AIR Applications

If you want to run your applications on Adobe AIR, you must digitally sign them first. Using a DigiCert Code Signing Certificate to sign your applications allow your users to trust and run the applications that you create and modify. When your users install one of your applications signed with a DigiCert Code Signing Certificate, Adobe AIR gives your application the Publisher Identity: VERIFIED green checkmark.

Get code signing certificates for just \$178/year

## Export Your Code Signing Certificate as a .PFX File

To sign your application for Adobe AIR, you need your Code Signing Certificate in a .pfx format (a certificate and private key file combined into one). If you already have your certificate .pfx file, you are ready to sign your AIR applications.

### How to Export Your Certificate as a .PFX File

#### Internet Explorer (IE)

If you used IE, your code signing certificate was installed in the Windows certificate store.

1. In IE, go to Internet Options.

2. In the Internet Options window, on the Content tab, click Certificates.

3. In the Certificates window, on the Personal tab, select your code signing certificate and click Export.

4. Follow the Certificate Export Wizard to export your certificate as a .pfx file.

• If during the export process, you do not have the option to export the private key with your certificate, you need to request a new certificate. Your PFX file needs to include the private key. See Reissue or Re-Key Your Code Signing Certificate.

• Make sure not to forget the password that you select during this process. This password is required when using the certificate to actually sign your code. If you forget your password, you need to re-export your certificate.

5. For detailed export instructions, see Internet Explorer: Exporting Your Code Signing Certificate as a PFX File.

#### Chrome

If you used Chrome, your code signing certificate was installed in the Windows certificate store.

1. In Chrome, go to Settings.

2. On the Settings page, below Default browser, click Show advanced settings.

3. Under HTTPS/SSL, click Manage certificates.

4. In the Certificates window, on the Personal tab, select your code signing certificate and click Export.

5. Follow the Certificate Export Wizard to export your certificate as a .pfx file.

• If during the export process, you do not have the option to export the private key with your certificate, you need to request a new certificate. Your PFX file needs to include the private key. See Reissue or Re-Key Your Code Signing Certificate.

• Make sure not to forget the password that you select during this process. This password is required when using the certificate to actually sign your code. If you forget your password, you need to re-export your certificate.

6. For detailed export instructions, see Chrome: Exporting Your Code Signing Certificate as a PFX File.

#### Firefox

If you used Firefox, your new code signing certificate was installed in the Firefox certificate store.

1. In Firefox, go to Options.

2. In the Options window, click Advanced, next, click the Certificates tab, and then, click View Certificates.

3. In the Certificate Manager window, on the Your Certificates tab, select your code signing certificate and then, click Backup.

4. In the File Name to Backup window, save your code signing certificate (w/ private key) .p12 file.

Note: A .p12 file uses the same PKCS#12 format as a .pfx file.

5. In the Choose a Certificate Backup Password window, create a Certificate backup password and then, click OK.

Make sure not to forget the password that you select during this process. This password is required when using the certificate to actually sign your code. If you forget your password, you need to re-export your certificate.

6. For detailed export instructions, see Firefox: Exporting Your Code Signing Certificate as a P12 File.

## Sign your Application Using the PFX file

Sign your AIR application using the command-line program AIR Developer Tool (ADT) or the GUI.

### Signing an AIR Application Using ADT (CLI Option)

1. Open the command prompt as an admin (right-click and select run as administrator)

2. Navigate to the source directory of your application (i.e. where the application.xml file is located).

Note:    Make sure that the code signing certificate .pfx file used for signing is not located in the source directory.

3. Now run the following command at the command line modifying the red text to match your file names:

 adt -package -storetype pkcs12 -keystore "c:\path\to\your\certificate.pfx" "c:\path\to\your\file.air" "application.xml" 
4. When prompted, enter the password that you create while exporting the certificate as a .pfx file.

### AIR Application Signing Using Flash (GUI Option)

1. Open the program you are using to sign the AIR document.

According to Adobe documentation, you can use Adobe Flash Builder 4.5, Adobe Flash CS 5.5 Professional, or Flex SDK.

2. In the program, select Adobe AIR Settings.

This setting is listed with a number based on the version of AIR you are using.

3. In the AIR Settings window, on the Signature tab, select Use a code signing certificate (.p12, .pfx).

4. In the Certificate box, use the drop-down list or click Browse to select your code signing certificate .pfx file.

5. In the Password box, enter your password that you created when you exported the certificate .pfx file and then, click Publish.

There are situations where you must replace the Code Signing Certificate that you use to sign your applications for Adobe AIR.

• Renewing your Code Signing Certificate

• Moving from a self-signed certificate to a DigiCert Code Signing Certificate

• Choosing DigiCert as your new certificate provider

CAUTION:

According to Adobe, you must change certificates and apply the migration signature to your updated AIR file before the original certificate expires. If you don't, users must uninstall their current version of the application before installing the updated version.

• Adobe AIR version 1.5.3 or later

For later versions, Adobe allows you to use an expired code-signing certificate (up to 365 days after it expires) to apply a migration signature. You cannot use the expired certificate to sign your updated application.

• See Adobe Documentation: Digitally signing an AIR file

When changing certificates, you need to help Adobe AIR recognize the AIR file as an update. You can do this by applying a migration signature to the updated AIR file.

To apply a migration signature, you must sign your updated AIR file with both the new certificate and the original certificate (migration signature). This migration signature helps Adobe AIR establish the connection between the old certificate and the new one.

After a user installs your updated AIR file with a migration signature, your new code signing certificate is then recognized as the primary certificate. The next time you update your Adobe AIR application, you can just sign it with your new certificate.

### How to Change Certificates

2. Package the AIR file, and then use your new code signing certificate to sign it.

3. Finally, use your original certificate to sign the AIR file again.

Use the command below:

 ADT -migrate 
4. You have applied a migration signature to your updated Adobe AIR file.