Bypass Code Signing for Adobe AIR

This post describes how to overcome the publisher-identity warning you get when you try to install an Adobe AIR app with a free digital certificate, a self-signed digital certificate, or even a “real” digital certificate that is not a trusted authority. In theory, this method probably works for any app you need to bypass code signing.

So you’ve made a killer Adobe AIR app, but your self-signed digital signature is not a trusted certificate authority (CA), and you want to avoid this:

Publisher Unknown
Adobe AIR Install Warning

You could buy a digital certificate from a trusted certificate authority, but for whatever reason you can’t or don’t want to.  In my case, I was going to install my app to about 200 people at my work.  There was no need to fork out the cash for a real certificate in this case, since it was an internal distribution from a trusted authority, me.  But at the same time, I don’t want to cause alarm to my less savvy users.  So how do you get around the warning?  I suppose I could’ve made a self-signed certificate and had one of the IT guys add it to the network as a CA, but you know how it is getting those guys to do anything. So here is what I did…

In a nutshell, you make an installation wrapper which:

  1. Registers you as a trusted certificate authority.
  2. Installs your AIR app which uses a home-made certificate, which is now trusted.
  3. Calls the Adobe AIR installation in silent mode.

Import the certificate and export a REG file

Before you can do anything, you have to make a self-signed certificate or obtain a free certificate. Then do the following:

  1. Start the Windows Registry Editor and navigate to: HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\ROOT\Certificates\
  2. Note the certificates that are already listed.  In a moment, you’ll add your own certificate, and you’ll need to be able to distinguish yours from the others that are already there. If there are a lot of listings, take a screenshot to be sure.
  3. Open Internet Explorer and select Tools >> Internet Options >> Content and click Certificates.
  4. Click the Trusted Root Certification Authorities tab and click the Import button to import your certificate.

Certificate Import
Certificate Import
  1. Go back to the Windows Registry Editor. You should see a new certificate listed in the location specified in step 1.
  2. Right-click your certificate in Windows Registry Editor and select Export. Now you have a .REG file, which you’ll reference in the wrapper installer, to declare yourself as a trusted CA.

Now you’re ready to make your installation wrapper.

Creating the installation wrapper

To complete the rest of this procedure, you should have:

  • Adobe AIR runtime distribution (AdobeAIRInstaller.exe)
  • Your AIR app (.AIR file) which is signed with the same digital certificate that you used
  • You exported registry entry (.REG file)

Basically, all you do is create an installer that opens the .REG file and then calls the Adobe AIR silent install with parameters to install your app.

I made the installation wrapper using NSIS, which is the best free installer. The code below is a sample NSIS installation that shows how it works.

; helper defines
!define PRODUCT_NAME “Your App”
!define PRODUCT_PUBLISHER “You”

; MUI 1.67 compatible ——
!include “MUI.nsh”

; MUI Settings
!define MUI_ABORTWARNING

; Welcome page
!insertmacro MUI_PAGE_WELCOME
; Directory page
;!insertmacro MUI_PAGE_DIRECTORY
; Instfiles page
!insertmacro MUI_PAGE_INSTFILES
; Finish page
!insertmacro MUI_PAGE_FINISH

; Language files
!insertmacro MUI_LANGUAGE “English”

Name “${PRODUCT_NAME}”
OutFile “setup.exe”
ShowInstDetails show
XPStyle on

; MUI end ——
Function .onInit

FunctionEnd

Section “MainSection” SEC01
;SetOutPath “$PROGRAMFILES\YourCompany\temp”
SetOutPath $TEMP
File “AdobeAIRInstaller.exe”
File “Your-App.air”

; Add your self-signed (home-made) certificate to the registry as trusted autority so AIR trusts it, even after updates.
File “55108CBC6D784844E7E662FEE717F469C01C089B.reg”
ExecWait ‘regedit /s “$TEMP\55108CBC6D784844E7E662FEE717F469C01C089B.reg”‘ $0

ClearErrors
ExecWait ‘”$TEMP\AdobeAIRInstaller.exe” -silent -eulaAccepted -location “$PROGRAMFILES\YourCompany” -desktopShortcut -programMenu Your-app.air’ $0
; AIR Error results
; 0 Successful install
; 1 Successful, but restart required for completion
; 2 Usage error (incorrect arguments)
; 3 Runtime not found
; 4 Loading runtime failed
; 5 Unknown error
; 6 Installation canceled
; 7 Installation failed
IFErrors 0 NoError
MessageBox MB_OK “Error: $0 \n 1 Successful, but restart required for completion\n 2 Usage error (incorrect arguments)\n 3 Runtime not found\n 4 Loading runtime failed\n 5 Unknown error\n 6 Installation canceled\n 7 Installation failed”
NoError:

; Cleanup
Delete $TEMP\55108CBC6D784844E7E662FEE717F469C01C089B.reg

; Cleanup
Delete $TEMP\AdobeAIRInstaller.exe
Delete $TEMP\Your-app.air
SectionEnd