When you create a Development Provisioning Profile you can select multiple certificates to include in it. Is there a way to do this for a Distribution Provisioning Profile?
Or do I need to have a separate one per Distribution Certificate?
No you can not select multiple certificate for a provisioning profile when you create of edit from developer portal.
Also have a look over the link detail description there regards certificate I hope you can get the answer as per your requirement
Certificates and profile organization for multiple products
Related
I want to sign my driver, and I've taken a look to MSDN, and seen this: https://learn.microsoft.com/en-us/windows-hardware/drivers/dashboard/get-a-code-signing-certificate
They say:
If you don’t have an approved EV code signing certificate, you can buy one from one of the certificate authorities below.
Does that mean I should only buy EV code signing certificate to sign my driver, or regular one can be enough as well? What are the bad/good sides? Thanks.
Yes you need an EV certificate, as stated in the link you shared:
Microsoft requires an extended validation (EV) code signing certificates from partners enrolled and authorized for Kernel Mode Code Signing as part of the Microsoft Trusted Root Certificate Program.
Tim Roberts answer on social MSDN might clarify the process:
You can get Microsoft's signature in two ways: by running the WHQL tests and submitting the test results, or by submitting your driver package for attestation signing. Both of those things require that you submit your driver through the "developer hardware dashboard". The problem is that creating a "developer hardware dashboard" account requires an EV certificate.
I can`t find valid signing identity in target settings. After i requested signing identity from XCode->Preferences->Accounts menu (see picture), my identity is revoked always. And after i relaunch xcode, i've not any signing identity for my distribution provision profile. I tried to remove ALL stuff from keychain, re-create distribution certificate and provision profiles, but anythings doesnt work. Previously i successful saw iOS Distribution identity with status Valid on my another mac, but i can't upload binary from it. Maybe i should delete something from Mac, where identity is valid?
Click + button to create new iOS Distribution. And if you provide whats the result, would be perfect.
if xcode didnt correct or create new one. Do it on member center developer.apple.com. Then you should be able to see it.
I am using iText to apply digital signatures in PDF. The digitally signed PDF is showing message like "the validity of the document certification is unknown. The author could not be verified.At least one signature has problems." at the top.
When I add the certificate to my trust identities which is used to create signed PDF, then the generated signed PDF shows "Signed and all signatures are valid".
Is it possible to fix this by without adding certificate to trusted identities?
Thanks in advance.
There are two reasons for the message to be displayed.
First, it's that you used self-signed certificate or other certificate, whose certificate chain doesn't end with the root certificate, trusted by validating application.
Second is when the signature parameters are not set right and Reader doesn't know that it needs to look for certificates in Windows certificate store. I don't know how to specify what I mean in iText - in our SecureBlackbox there's a property for this.
Please read https://itextpdf.com/book/digitalsignatures
Section 3.4 is named "How to get a green check mark."
The short version: if you want a PDF that shows a green check mark without having to install a root certificate manually, you need at least a private key that is stored on a physical device such as a Hardware Security Module, a USB token or a smart card.
Do you have such a key? Did you ask your CA for CDS or AATL certificate?
Re: Is it possible to fix this by without adding certificate to trusted identities?
Answer: no, unless you switch to a digital signature cert that was granted by a Certificate Authority trusted by Adobe.
This is an on-going issue with Adobe since Adobe Reader doesn't trust the CA's in the operating system. -- Instead, Adobe has their own list.
So either:
You get a personal cert from one of the companies on the Adobe list.
You publish your organization's root certificate on your website and provide instructions to recipients on how to tell Adobe to trust you. (Your organization can have just one member if you wish.) See below for more on this.
You tell your recipients how to click on the Adobe signature toolbar to inspect the details of the signing cert (and ignore the scary default warnings from Adobe).
In the wet-signature world, there are cases where you simply sign something, and other cases where you need to provide a copy of your government issued identity document. Unfortunately, in the current digital signature world, it's as if every signature needs to be accompanied by a copy of your driver's license. And that is simply not reality.
A common and successful answer is to publish your organization's root cert for all of the organization's signers. See Apple and Wells Fargo examples.
You can publish your root cert on an SSL-protected page with a cert from a trusted CA. That will enable a business partner to feel secure about trusting that your org's root cert is really from your org.
My distribution certificate is going to expire in few days. I have changed my system so I want to know that do I need the old private key to create new certificate signing requrest?
Also I wanted to know that is is necessary to use the same email ID that is used to create the developer account while creating new certificate signing request?
Thanks
If its already expired, don't worry about old certificates.
Else you need to export your private keys on your old system and then install your private key and profiles on your new machine.
I think its not mandatory to use same email ID to create new certificates.
No you do not have to know anything about your previous keys to generate new ones. Just follow the instructions in the portal, and generate new ones.
I am trying to verify the user identity on my application using a certificate / identity that the user has stored by opening a .cer / .p12 attached to an email. The certificate appears on the settings app of the phone under the group "Configuration Profiles".
Is there any way of accessing the certificate using the iphone SDK (I have tried to use the Security Framework, but it seems that it is only possible to access certificates stored in the application keychain or other keychains from its group)?
You talked about the Security framework already, but did you try the following functions in the doc?
I personally never tried/had to do this myself, but anyway it seems that there are some functions like SecCertificateCreateWithData in the framework, so you should be able to build a SecCertificateRef from some NSData/CFDataRef… data which is the content of your mail attachment.
From there you may use it as any other certificate using the other functions (like you would do for a certificate extracted from the Keychain)
Well this is only a guess after simply reading the documentation but let's give it a try as the doc seems to indicate it is the way to go.