开发者

Adobe AIR-Is a self signed app OK?

开发者 https://www.devze.com 2023-01-14 20:40 出处:网络
I want to develop an app using Adobe AIR. But I have to sign it using a code s开发者_开发百科igning certificate. I don\'t wan to buy a code signing certificate. Would it be OK if I distribute my app w

I want to develop an app using Adobe AIR. But I have to sign it using a code s开发者_开发百科igning certificate. I don't wan to buy a code signing certificate. Would it be OK if I distribute my app with a self-signed certificate?


The only difference between using a real certificate and a self-signed certificate is what the user sees in the initial installation dialog. With a real certificated they'll see a yellow "!" and the app will shown to be of "KNOWN" origin, and your company name will be shown. With a self-signed cert, there will be a red "?", and it will say the app's publisher is "UNKNOWN". You can see samples of the two dialogs at the very bottom of this page.

So realistically, it comes down to whether you're okay with people seeing a scary warning at install time. If you're only offering up the apps as a "use at your own risk" thing, or the app will be used mainly by a small group of people who already know who you are (an internal company app, e.g.) that may not be an issue, but if you hope for random internet people to come use your app and trust it, a cert may be a good idea.


That depends on your definition of "OK", but most likely no.

A self-signed certificate will not have been issued by a trusted CA, and your certificate will be considered untrusted by the client. I don't think (but have not tested) that the user is actively prevented from installing an app with an untrusted certificate, but they would at least get a warning, and that doesn't give your user a good first impression of your app.

If it's just for yourself or for a small group of people who know and trust you, then a self-signed certificate is most likely not a problem, but if you're distributing it to the world, you will almost certainly prefer a proper certificate.


I have recently looked into developing an Air App for the company to distribute to customers. On OSX Mavericks - on my mac and my designer's mac a red warning signs pops up stating that we are an unknown publisher - This was using the self signed certificate. The whole process was clunky with the installation, I had to verify that we were legitimate, as this warning sign inferred we were a looking to distribute something underhand.

From a marketing perspective this looked terrible.

In addition to this I managed to find someone to test the whole process of downloading the air app with a self signed cert on windows with an 'average' amount IT skills and this is what they said:

"Nah I didn't download it... it looked like it wanted to put a virus on my computer." And that is where download ended.

Currently we are looking to get some seal of trust on the application for distribution purposes. Verisign, Thawte look interesting, although costly.

http://www.symantec.com/code-signing/adobe-air

https://www.thawte.com/code-signing/

Or read this page for more information

http://help.adobe.com/en_US/air/build/WS5b3ccc516d4fbf351e63e3d118666ade46-7ff0.html

0

精彩评论

暂无评论...
验证码 换一张
取 消