Home >
So, you built your AIR application, packaged it using a self-signed certificate, and put it out on the world wide web for everyone to use. What happens if your little experiment starts to pick up, or you want to move from experiment to a full blown money making machine? In this case, you're not going to want to distribute your application if it doesn't show your company/person is verified via a trusted security outlet. You'll need to migrate from your old self-signed certificate to a digitally signed certificate from one of a number of outlets. I'm not going to run through the process of applying and receiving the new certificate, but will assume the new certificate has already been received.
I'll be running through the steps based on a Windows machine. However, everything should be the same besides the next "setup" process. Windows needs a few things added so that the correct commands can be found. If this is the case on the Mac as well, please someone correct me in the comments and I can update the document.
[setup]
1) Grab the Flex SDK if you don't already have it. You can find it here under "Adobe Flex SDK" (The first listed, the largest package): http://opensource.adobe.com/wiki/display/flexsdk/Download+Flex+3. Go ahead and just grab a Milestone Release Build, unless you're feeling a little daring ;) Make sure you unzip the archive into a folder that will not be moved or deleted.
2) Add ADT to your environment variables. Head to "Start-->Right Click My Computer-->Properties-->Advanced Tab-->Environment Variables". Under the System Variables section, find "Path", click it and hit Edit. In the Variable Value field, add the following:
;path\to\flex\sdk\bin
So, in my case (I happen to have Flex Builder installed) the path was:
;C:\Program Files\Adobe\Flex Builder 3\sdks\3.2.0\bin
Yes, you noticed the semi-colon and it needs to be there to separate multiple paths. Now, since we're here already, let's add Java to our environment variables so ADT can find it as well. Go ahead and add this to the end of your path, just after the ADT variable:
;C:\Program Files\Java\jre6\bin
Make sure the above exists for you, change it as necessary.Now just hit 'Ok' through the dialogs to finalize the new path. You may need to restart your computer after making these changes.
[execution]
Okay, now we're ready to migrate our old certificate to our new one. Start off by packaging your application using the new certificate you received, along with its new password. Now open up a comment line (Start->Run->cmd). Navigate into the directory of your newly packaged application. Do this using the "cd" (change directory) command, example:
cd Desktop/myapplication
Now comes the migration command, which looks like so:
adt -migrate -storetype pkcs12 -keystore oldCertificate.p12 MyApplication.air MyApplication.air
I've underlined the most important aspects. First, the path to your old certificate. In the statement above, it assumes your old certificate is in the directory "Desktop/myapplication" from the example above. If it isn't you'll need to provide the path to it. The same applies to the next two commands, basically. The first one is the location of the newly published AIR package that has your new certificate packaged into it. Again, if the path isn't correct you'll need to modify it. Last is where you want your newly migrated package to be spit out to. I keep this the same location as my old package so it overwrites it, cutting down on confusion. Once you get the correct information for you project, hit enter and you'll be prompted to enter the password of your OLD certificate. Type carefully, you won't be able to see what you're typing, or even how many characters you type. Once you enter the correct password for your old certificate, hit enter. If no errors occur you should see a new command line, otherwise you'll get some sort of error spit out at you.
That's it, you're done! Now when users want to update their application with your new certificate, they won't end up with two installs of your application. Also, first time installers won't be scared away by that horrifying red X. Remember to do this each time you package your application for updates, or users who may not have updated previously will end up with two separate installs of your application. I suppose after a few months you may be able to stop migrating your certificate, but it all depends on your user-base and how safe you want to be.
Tag Cloud
Podcasts & Screencasts
@InsideRIA on Twitter
Follow InsideRIA on Twitter
Facebook Application Development
Thank you man.
I think it is a big step for the average 'do-it-for-the-love-of-tech' developer to jump into the commercial stream. Bu don't let the fear stop you, there is an entrepreneur inside us all.
Who knows, maybe in a few years you could be the next Bill Gates.
REGARDS
I don't think so at all really. If you want any kind of adoption at all, and I mean further than this community, you'll most likely need to use a digitally signed certificate from a trusted security outlet. Otherwise, the average user is going to see the giant red X and "NOT VERIFIED" and "THIS MAY BE HARMFUL", and they're going to say screw this. Just my thought on it, but of course our community looks past that sort of thing. I've gotten plenty of emails regarding my application and how the user wouldn't install unless I was verified.
Anyway, thanks for reading!
Hey,
I am totally with the previous comment. Thanks for providing the guidelines - it is an aspect which is somehow dismissed as negligible in many other sources, so your post is a genuine piece of cake for those preparing to transfer their small passion to the big business level.
Regards and good luck with all your projects.