WARNING Signed Apps not detected correctly by Appup validation...

WARNING Signed Apps not detected correctly by Appup validation...

Hi All, Just a warning that your new signed apps might get rejected automatically by the validation software. I signed all my submitted jars using Comodo and they were promptly rejected. I have been signing apps for several years so it is not new. I even submitted signed jars before the deadline and they were approved and running fine in Appup. So beware you may get rejected apps. I notified the validation team and they are looking at it now hopefully. I suspect a major bug in their validation software for signing. I hate to have to wait to get new enhancements and bug fixes to my users but now it is wait till Intel understands and fixes the problem. I use the same signed jars using Java Web Start and it works and displays the fact I used CA from Comodo. Unhappy, -Tony
8 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.

Hi Tony,

We are checking into this situation. We do not believe this is a universal problem. Other recently submitted apps are getting Approved.

We have requested that a validation TME contact you.

Regards
Hal G.
Technical Support Team
Intel AppUp(SM) Developer Program
Intel AppUp(SM) center

*Other names and brands may be claimed as the property of others.

Thanks Hal,

The automated response messages did not instill a lot of confidence. Would be great if Intel had a bug status system rather than dealing with automated email responses.

Regards,
-Tony

Hi Hal,

Your support group has verified my jars are signed and according to jarsigner utility are valid. They are trying to locate another tool to get more detailed info since jarsigner does not show who the CA is. I ran Java Web Start for my app and removed the certificate in Web Start and it shows the detail for my cert when the user is asked to accept the cert and indeed it is Comodo according to the Comodo support group.

Looks like right now your validation app is broken for verifying signing at least in my case.

Regards,
-Tony

Hi Hal,

Turns out the validation program needed some extra cert info not needed by Java Web Start in order to detect CA. So I re-exported my cert from the browser specifying to export any extra cert info it can and that solved the problem. Because I was using a process specified by Sun (before it became Oracle) where their deployment app tool did not need that extra info to verify the cert (it figured out who the CA was and displayed it) it was fine.

So anyone using their own cert for signing already instead of the temp one supplied by Intel will have to start over again (maybe).

Regards,
-Tony

Hi Tony,

It is good to hear that the issue has been resolved. Thanks for posting this update.

Regards
Hal G.
Technical Support Team
Intel AppUp(SM) Developer Program
Intel AppUp(SM) center

*Other names and brands may be claimed as the property of others.

Hi Tony,
While exporting your certificate from the browser, please ensure that you have included all certificates in the path. Instructions on how to do it is available in the article: http://appdeveloper.intel.com/en-us/article/how-do-i-get-code-signing-certificate-certifying-authority

Intel requires that applications be signed by a code signing certificate from one of: Chosen Security, Verisign, Globalsign, Thawte, Trust Center, Go Daddy Secure Certification Authority and Comodo. Including the certificate chain will help identify the CA who issued the certificate.

Thanks

Hi Meghana,

Thanks for all your help. As you know I was using a CA (Comodo) but what was different was for years I have been signing for a universal deployment app (Java Web Start) that did not require the extra step when exporting the cert. It was written not to need that for some reason to verify.

You may not have read my lengthy explanation. People like me have not needed to go all the way back to exporting since it worked and others will probably run into this issue thinking their autobuild and sign scripts (like me) are ok when thier keystore needs to be updated.

Again thanks for all the help.
-Tony

Leave a Comment

Please sign in to add a comment. Not a member? Join today