Tech Blog
Error creating AIR file: Could not BER decode the CRL.
Today, out of the blue, our Mockups for Desktop build started failing with the cryptic error above.
A Google search didn't turn up much, while a Bing search returned this seemingly abandoned Flex bug (#FB-16236).
Signs pointed to an issue with our code signing certificate. I contacted the TC TrustCenter support (who issued the cert) via phone, which was totally useless. The guy didn't even ask what happened, he just opened a ticket and 6 hours later I haven't heard back.
Until we get this fixed we cannot ship updates to Mockups, so you can imagine how I felt all afternoon.
I posted on the Adobe Air pre-release forums but heard nothing there either.
I did eventually find a solution though: I went here: http://www.chosensecurity.com/adobe-air-certificates and since the links on the page were broken I reluctantly clicked on "Chat Now", at least to tell them about their broken websites.
To my surprise, the person that answered my chat was extremely knowledgeable and was able to tell me exactly what the deal was.
So I'm sharing it now for those of you in the future who hit this rare issue. Do not panic, your pain is temporary.
So here's the deal: when you sign your Air application with a certificate, it turns out that adt goes out to the interwebs and checks a Certificate Revocation List, i.e. a server that keeps a list of expired or blocked certificates.
Makes sense, except that today ChosenSecurity/TC TrustCenter has had an outage of some sorts that took down their CRL server. They're working on it, and it should all go back to normal tomorrow.
In the meantime, a workaround is to DISCONNECT FROM THE INTERNET and sign your application then. In this case adt falls back to a cached version of the CRL, et voila'! I tried it and it works.
Hurray!
This reminds me of something my "Distributed Systems" professor taught us back in college: "a rigorous, well accepted definition of a distributed system is one in which someone, somewhere, does something...which prevents you from getting your work done".
Yup, check! :)
Peldi
People from the future: If this article helped you, put a w00t in the comments! :)
About
The Balsamiq Tech Blog is where our dev team shares our open-source libraries, tips and tricks for programmers and lessons learned while building Mockups on all the different platforms we support.
To follow all blogs subscribe to the Balsamiq Blogs Combined Feed.
Live outside North & South America? Use our Use our European shop.
© 2013 Balsamiq Studios, LLC · Federal EIN 26-2200095 (W9 Form)
Comments (9)
Absolutely useful!
There have been several time when my builds didn’t work because there were no internet connection. But I’m still using a FlexBuilder generated certificate and still building from FlairBuilder and not through a automated build.
The “distributed systems” definition is simply charming! :-)
Feb 09, 2010
To package an AIR file off-line, you also need to turn off the default Timestamping by adding “-tsa none” in the command parameter.
There is no CRL check for self sign certificates (such as those generated by FlexBuilder or ADT).
Feb 11, 2010
Pingback: Balsamiq Company Blog
Thanks for your post it saved me a lot of searching around to resolve this issue.
Nov 03, 2010
w00t! Thank you Peldi, and also Ted Zeng. Disaster averted!
Nov 17, 2010
If you use adt without the Timestamping (adt … -tsa none …) your application will be NOT valid after your certificate has expired.
So you should always include the timestamp into your air application. So your air application IS valid even after your certificate has expired.
Mar 30, 2011
Super post.
Terrifically helped me.
One more thing..
If someone is not using command prompt then this may help him.
(While creating AIR from flex builder)Close internet connection and while publishing AIR file uncheck the Timestamp check box.
That’s it.
Cheers.
Mr. Balsamiq has did a wonderful job here.
Thank you very much.
Apr 05, 2011
w00t!
:)
Nov 19, 2012
In my case the problem was that my serverĀ“s internet connection didn`t work and it showed the error.
Enable de Intenet or the check your firewall conection and it work again.
http://antuansoft.blogspot.com.es/2013/02/error-empaquetando-aplicacion-air-could.html
Feb 12, 2013