3

I've recently purchased a certificate from GoDaddy for coding signing an Adobe Air application.

I generated a CSR (Code Signing Request) file and sent it to them. They have send back a .spc certificate file (PKCS #7 format).

I'm using keytool that comes with Adobe Air. Here are the commands that I have used.

Generate CSR:

"C:\Program Files (x86)\Adobe\Flex Builder 3\jre\bin\keytool.exe" -genkey -alias codesigncert -keypass password123 -keyalg RSA -keysize 2048 -dname "CN=displayname,O=companyname,C=US,ST=state,L=city" -keystore codesignstore

Import certificate into keystore:

"C:\Program Files (x86)\Adobe\Flex Builder 3\jre\bin\keytool.exe" -import -alias codesigncert -file cert.spc -keystore codesignstore

After running this command the error I get is:

keytool error: java.lang.Exception: Certificate reply does not contain public key for <codesigncert>

What could have gone wrong?

The guide that I am following is this one: http://help.godaddy.com/article/4780

andyuk
  • 365

2 Answers2

4

I had a similar problem; a mismatch between the issued certificate and the certificate request file resulted in the error message:

keytool error: java.lang.Exception: Certificate reply does not contain public key for <xyzzy>

In my case, I was using a different certification authority, Thawte. The cause of the problem was that when I went to the Thawte certificate website to pick up my newly-issued certificate, the site said my certificate was ready to be downloaded, but curiously by default they had selected a different, two-year-old certificate, not the one which had just been issued. So, I downloaded the wrong certificate. It wasn't until I did:

keytool -printcert -v -file the-pkcs7-file

and saw the old dates on the certificate that I realized what had happened. I then downloaded the correct PKCS7 certificate file.

Mark R
  • 411
4

The answer was very simple. The certificate file was not generated by the CSR file, it was generated by a different CSR file. I simply got a new certificate and it worked.

Once the certificate as imported into the keystore, I could run the following command to sign the Adobe Air intermediate file.

adt -sign -alias codesigncert -storetype jks -keystore codesignstore -storepass storepass123 -keypass password123 "C:\myapp\widget.airi" "C:\myapp\widget.air"
andyuk
  • 365
  • This didn't work for me. I created/imported my cert using the same CSR/CSR alias, into the same keystore(/hash) from which CSR was gen'd. Still get this error. It's a PKCS#7/cert chain, but should still work. – galaxis Oct 26 '18 at 10:56