Signing AIR applications

Posted by on Jun 16, 2008 in How-to, onAIR Tour | Comments Off

My presentation at the On AIR tour through Europe was about signing, deploying and updating your AIR applications. If you didn’t make it to the tour or just want to read up on these topics, I wrote three separate posts about them on the train somewhere between Prague and Munich.

First of all, why is signing an application important? Easy. When your application is unsigned or signed with a self-signed certificate, the user will get two red icons on the install screen. The first one is related to your code signing certificate. It’s telling you that the “publisher is unknown” which is very normal since we have no idea who actually signed this application.

When you do get a code signing certificate and sign the application with it, the icon will turn green or in some cases yellow. The yellow icon will appear when you are using the file I/O API.


So where do you get a code signing certificate? Well, maybe you already have one. If you already bought one to sign Java or Cocoa applications for instance, chances are that this certificate is 100% compatible and you can use that. To make sure, check that your certificate is a Class 3 code signing certificate and you should be ready to go. If you don’t have, there’s a number of companies like Thawte.com that actually sell these. But if you upload your application to the Adobe AIR marketplace, you may get a complimentary code signing certificate from us. More info here.

I’m mainly using Flex for AIR development but the workflow is very similar in Flash or Dreamweaver. In case of Flex, you are actually going to build a release version of your application. To do that, you click the “export release build”-button. That will popup a little wizard window. In the first window, you can specify where you want to save your .AIR file. In this case, I’m saving it on the desktop.

When you click “next”, Flex will ask you to specify which digital certificate you want to use. If you don’t have one but still want to build a .AIR file for testing, click on the “create” button. When you fill out all the details of that form, you can save that self signed certificate so you don’t have to fill out that form every time. I saved mine in my home folder. Once you have created it, you can easily reuse it by just entering your password.

If you already have a code signing certificate, you can browse to the location you saved it to use it. Click “finish” and your AIR file is going to be baked. That’s it.