Home » Software Security Blog » How to Fix “Unable to Build a Valid Certificate Chain for the Signer” Error?
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Code Signing Error: “Unable to Build a Valid Certificate Chain for the Signer” While Signing Adobe Air Application Using a Third-Party CA Code Signing Certificate

This error is usually shown when an Intermediate CA Certificate is not the part of a code signing certificate chain for Adobe Air signing certificate.

Error Creating AIR File

What Is an Intermediate CA Certificate?

For enhancing the root certificate security, Certificate Authorities (CAs) create an intermediate certificate from which certificates are signed and issued. An Intermediate CA certificate, also known as the subordinate certificate, is issued by the trusted third-party certificate authorities for issuing code signing certificates, which are later used by the users like you and me.

These intermediate certificates ensure that the certificate is fully trusted by all the globally known web browsers and computers, which helps in preventing errors.

Here Are the Steps to Solve Code Signing Error: “Unable to Build a Valid Certificate Chain for the Signer”

For building a valid certificate chain for the signer certificate follow the below steps:

Step 1: Building a Certificate Chain for the Signer Certificate

  • First, download the code signing intermediate CA Certificate and Cross Root Intermediate CA Certificate.
  • Once you download, save both into different Notepad files along with a “.cer” file extension.
  • Now, from the same Firefox browser, which you used for installing the certificate, open the certificate store from the Tools menu and click “Options.”
  • From the left section, select Privacy & Security and scroll down to the Certificates and click “View Certificates.”
Mozilla Privacy
  • Once the Certificate Manager opens, select the Authorities tab.
  • Click Import button and locate. Now, select the cross root intermediate CA Certificate and click Open.
  • Now, follow the same step and Import an Intermediate CA Certificate.
Certificate Manager

Step 2: Confirming the Certificate Chain for the Signer Is Built

  • Through the same Mozilla Firefox browser, open the Certificate Manager as you did in the above step. But this time, select Your Certificates tab instead of Authorities.
Certificate Manager Admin
  • If everything is done correctly, you’ll see the Certificate which you imported in the list: Your Certificate tab.
  • Now, select that certificate and click the View button. A pop-up called Certificate Viewer will open. From that, select the Details tab and verify whether the Certificate Hierarchy is showing the proper hierarchy.
Certificate Path

Step 3: Exporting Certificate for Signing

  • Once you complete the above steps, from that same Mozilla Firefox browser, open the Certificate Manager (certificate store) once again and in that go to Your Certificates tab.
  • Select the certificate and click the Backup button, then give a name and save the certificate into your system at the desired location.
  • After the backup process is completed, proceed to signing your adobe air application.

Now Let’s See the Same Example Using Internet Options:

  • Download the root certificate of the CA from whom you’ve purchased a code signing certificate.
  • Once the root certificate is downloaded, find the “.cer” file provided by that CA.
  • From Control Panel, go to “Internet Options,” select the Content tab, then click the option Certificate. From that, select an Intermediate Certification Authorities tab.
  • Now, click the button named Import and import that downloaded “.cer” file.
List of Certificates
  • Click Next on Certificate Import Wizard and import your p12 certificate file. (Also, enter your password.)
  • Now, check the option: Mark this key as exportable and click Next.
Certificate Import Wizard
  • Once import is completed, go to Internet Options > Content > Certificates.
  • Select that certificate and click Export and press the Next button.
  • Select the radio button: Yes, export the private key.
  • Now, under the Export File Format, select the radio button Cryptographic Message Syntax Standard – PKCS #7 Certificates (.P7B) and choose an option Include all certificates in the certification path if possible and Click Next button and enter the password of that certificate.
Certificate Export Wizard
  • Enter the filename and export the file and complete the wizard.

Once this process is completed, you can proceed further and sign your adobe air application.

Wrapping Up:

Many times, developers think that this error has something to do with the corrupted or incorrectly created certificate. But that’s not the case, and often it happens when an intermediate certificate of the CAs is not part of the CA certificate chain. Note: Be sure to follow the above steps in administrator mode, or else there’s a possibility that it may not work.