We have looked at signing our Flex applications using a purchased certificate, but the question lurked in the back of my mind on how the expiry of these cerftificates affected the applications.
Recently at a talk in Melbourne Australia by Danny Dura I asked him these questions, and he didn't really know, but asked me to ping him later and he would chase the answers. Which I did and I got all the answers back promptly. Here is a summary of the questions and answers, note not the verbatim questions or answers.
Q: When you purchase a code signing certificate you might notice you are purchasing it for 1 or 2 years. So what happens to your application once the certificate expires?
A: Nothing, the application will still function normally and will still have the Green tick, the certificate expiry is indeed different to SSL type of certificate expiry, it expires only in the sense that once expired you can no longer sign code with this certificate, thus if you wanted to release a new version you would need to renew your certificate.
Q: How does the application validate the certificate, do you need to be connected to the internet for the certificate to be validated back to the certificate host?
A: No, the certificate validates locally without going to the network.
More info on that here
http://livedocs.adobe.com/labs/air/1/devappsflex/help.html?content=distributing_apps_13.html#1037515
So this all makes sense and is good, you sign your app and distribute as much as you like, in the event your cert expires or you want to distribute a totally offline app that will never have internet access, then these answers say your good to go.
2 comments:
Or, alternatively, just use a self signed developer cert.
Sure, it shows green ticks rather than red ones, but *_users_ will install it anyway*.
So I paid for the software to develop my software and adobe wants more money for me to distribute my software?
Post a Comment