How to Fix “Unable to Build a Valid Certificate Chain for the Signer” Error?
Code Signing Error: “Unable to Build a Valid Certificate Chain for the Signer” While Signing Adobe Air Application Using a Third-Party CA Code Signing Certificate
What Is an Intermediate CA Certificate?
For enhancing the root certificate security, Certificate Authorities (CAs) create an intermediate certificate from which certificates are signed and issued. An Intermediate CA certificate, also known as the subordinate certificate, is issued by the trusted third-party certificate authorities for issuing code signing certificates, which are later used by the users like you and me.
These intermediate certificates ensure that the certificate is fully trusted by all the globally known web browsers and computers, which helps in preventing errors.
Here Are the Steps to Solve Code Signing Error: “Unable to Build a Valid Certificate Chain for the Signer”
For building a valid certificate chain for the signer certificate follow the below steps:
Step 1: Building a Certificate Chain for the Signer Certificate
- First, download the code signing intermediate CA Certificate and Cross Root Intermediate CA Certificate.
- Once you download, save both into different Notepad files along with a “.cer” file extension.
- Now, from the same Firefox browser, which you used for installing the certificate, open the certificate store from the Tools menu and click “Options.”
- From the left section, select Privacy & Security and scroll down to the Certificates and click “View Certificates.”
- Once the Certificate Manager opens, select the Authorities tab.
- Click Import button and locate. Now, select the cross root intermediate CA Certificate and click Open.
- Now, follow the same step and Import an Intermediate CA Certificate.
Step 2: Confirming the Certificate Chain for the Signer Is Built
- Through the same Mozilla Firefox browser, open the Certificate Manager as you did in the above step. But this time, select Your Certificates tab instead of Authorities.
- If everything is done correctly, you’ll see the Certificate which you imported in the list: Your Certificate tab.
- Now, select that certificate and click the View button. A pop-up called Certificate Viewer will open. From that, select the Details tab and verify whether the Certificate Hierarchy is showing the proper hierarchy.
Step 3: Exporting Certificate for Signing
- Once you complete the above steps, from that same Mozilla Firefox browser, open the Certificate Manager (certificate store) once again and in that go to Your Certificates tab.
- Select the certificate and click the Backup button, then give a name and save the certificate into your system at the desired location.
- After the backup process is completed, proceed to signing your adobe air application.
Now Let’s See the Same Example Using Internet Options:
- Download the root certificate of the CA from whom you’ve purchased a code signing certificate.
- Once the root certificate is downloaded, find the “.cer” file provided by that CA.
- From Control Panel, go to “Internet Options,” select the Content tab, then click the option Certificate. From that, select an Intermediate Certification Authorities tab.
- Now, click the button named Import and import that downloaded “.cer” file.
- Click Next on Certificate Import Wizard and import your p12 certificate file. (Also, enter your password.)
- Now, check the option: Mark this key as exportable and click Next.
- Once import is completed, go to Internet Options > Content > Certificates.
- Select that certificate and click Export and press the Next button.
- Select the radio button: Yes, export the private key.
- Now, under the Export File Format, select the radio button Cryptographic Message Syntax Standard – PKCS #7 Certificates (.P7B) and choose an option Include all certificates in the certification path if possible and Click Next button and enter the password of that certificate.
Many times, developers think that this error has something to do with the corrupted or incorrectly created certificate. But that’s not the case, and often it happens when an intermediate certificate of the CAs is not part of the CA certificate chain. Note: Be sure to follow the above steps in administrator mode, or else there’s a possibility that it may not work.