You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@flex.apache.org by Subs <su...@leeburrows.com> on 2015/03/24 17:29:48 UTC
security certificates
Hi All,
Wondering what kind of security certificates people are using for
desktop and android?
Are people creating self-signed certificates (eg: in FB) or purchasing
'official' ones?
Google app store allows self-signed apps to be published; can i assume
from that, that self-signed is 'secure' enough?
Thanks,
--
Lee Burrows
ActionScripter
Re: security certificates
Posted by Tom Chiverton <tc...@extravision.com>.
On 25/03/15 13:10, Scott Matheson wrote:
> Hi, what about the iOS platform, commercial signatures are about $500 for 2 years
>
>
It's nowhere near that to develop for iOS (mobile, I've not looked into
desktop) as far as I remember, but I've not done an AIR release to iOS
for about a year.
http://www.adobe.com/devnet/air/articles/packaging-air-apps-ios.html
says you only need a Apple cert and a provisioning profile. Joining the
Apple developer program to be able to create both is under $100 a year.
Tom
Re: security certificates
Posted by Scott Matheson <sm...@intralinks.com>.
Hi, what about the iOS platform, commercial signatures are about $500 for 2 years
Sent from my iPad
> On 25 Mar 2015, at 05:36, Tom Chiverton <tc...@extravision.com> wrote:
>
>
>> On 25/03/15 10:08, Kessler CTR Mark J wrote:
>> Well the problem with self-signed is other people cannot easily validate the signature.
>
> This is a non-issue if you are distributing via a 3rd party store like Google Play of course.
> We use self-signed for our Android apps.
>
> Tom
________________________________
Disclaimer: This electronic mail and any attachments are confidential and may be privileged. If you are not the intended recipient, please notify the sender immediately by replying to this email, and destroy all copies of this email and any attachments. Thank you.
Re: security certificates
Posted by Tom Chiverton <tc...@extravision.com>.
On 25/03/15 10:08, Kessler CTR Mark J wrote:
> Well the problem with self-signed is other people cannot easily validate the signature.
This is a non-issue if you are distributing via a 3rd party store like
Google Play of course.
We use self-signed for our Android apps.
Tom
RE: security certificates
Posted by Kessler CTR Mark J <ma...@usmc.mil>.
Well the problem with self-signed is other people cannot easily validate the signature. You are your own certificate authority(CA) in a simplistic sense. Were as purchasing one from a company that that hosts public CA's can more easily be verified by their root certificates.
Here for the Flex signatures, they sign them locally and host out the key to verify it on the apache servers.
-Mark
-----Original Message-----
From: Subs [mailto:subscriptions@leeburrows.com]
Sent: Tuesday, March 24, 2015 12:30 PM
To: Apache Flex User Mailing List; Apache Flex Dev Mailing List
Subject: security certificates
Hi All,
Wondering what kind of security certificates people are using for
desktop and android?
Are people creating self-signed certificates (eg: in FB) or purchasing
'official' ones?
Google app store allows self-signed apps to be published; can i assume
from that, that self-signed is 'secure' enough?
Thanks,
--
Lee Burrows
ActionScripter
Re: security certificates
Posted by Ronny Shibley <rs...@codefish.com>.
Been using self signed for a while now. Never understood the risks.
Ronny Shibley
> On Mar 24, 2015, at 6:29 PM, Subs <su...@leeburrows.com> wrote:
>
> Hi All,
>
> Wondering what kind of security certificates people are using for desktop and android?
>
> Are people creating self-signed certificates (eg: in FB) or purchasing 'official' ones?
>
> Google app store allows self-signed apps to be published; can i assume from that, that self-signed is 'secure' enough?
>
> Thanks,
>
> --
> Lee Burrows
> ActionScripter
>